A real-world audit case for systems thinkers who ship fast—but expect privacy.
OpenAI's ChatGPT let users create public URLs of conversations. A bunch got indexed. Cue: awkward AI confessionals popping up in Google. The real MVP in this story was a missing noindex.
What Happened
OpenAI added a Share Chat feature. It generated live, public URLs. Users assumed it was private-ish. It wasn't. Google crawled them, indexed them. No explicit "Make this Public" toggle. No robots.txt blocking crawlers. Just public links + user trust + SEO = accidental oversharing gone viral.
The Real Lesson: Defaults Are Decisions
This didn't need malware or hackers. When the default sharing behavior equals indexable, the system does all the leaking for you. If it's "public" but the UI whispers that instead of shouting it… someone's gonna get surprised.