Developers working with Google Search Console discovered text strings in search traffic reports that resembled ChatGPT conversations. Instead of typical short search phrases, the analytics tool captured entire queries from real users, often describing personal or work-related issues.
Developers working with Google Search Console discovered text strings in search traffic reports that resembled ChatGPT conversations. Instead of typical short search phrases, the analytics tool captured entire queries from real users, often describing personal or work-related issues.
The anomaly was first reported by Jason Packer, founder of analytics firm Quantable, who published an investigation on his company's blog. Working with SEO consultant Slobodan Manic, Packer spent weeks reproducing the problem, testing different input data, and examining how ChatGPT's search features interacted with Google's indexing systems. What they discovered led to a conclusion that raised privacy concerns that went far beyond a simple glitch, TechSpot reports .
According to Packer and Manich's testing, user queries were inadvertently redirected to Google's search engine. The researchers traced this behavior to a specific URL pattern — https://openai.com/index/chatgpt/ — that consistently appeared at the beginning of the query leak. When Google tokenized this URL, it split it into individual search terms (“openai,” “index,” “chatgpt”), and sites that ranked highly for those terms saw the resulting data in their Search Console dashboards.
In other words, if ChatGPT sent a prompt that initiated an external search, Google would sometimes interpret parts of that prompt as a search query and log it accordingly. For any affected website administrator, this “merged” prompt would appear in their traffic data.
OpenAI acknowledged the issue but described it as a routing glitch that briefly affected a small number of search queries. The company said it had fixed the problem but declined to comment. However, Packer noted that the company avoided answering the broader question of whether the incident supports the hypothesis that Google Search results are being continuously scraped to train ChatGPT responses.
The problem was likely related to ChatGPT’s “web browsing” behavior, which appeared in newer GPT-5 models. Normally, the chatbot performs a web search when it determines that a query requires fresh or external information. However, Packer and Manich discovered that one version of the chatbot’s interface included a parameter — “hints=search” — that forced it to search almost every time.
The bug in the query window apparently appended a link URL to each query. When ChatGPT performed this search, Google recorded both the appended URL and the user's query. Since Search Console tracks the full search queries that users enter, these text strings became visible to site owners who tracked traffic data for these tokens.
Packer concluded that the system was likely interacting directly with Google’s indexing infrastructure, rather than through a private API. “If this were an API or a private data feed, it wouldn’t show up in Search Console,” he wrote. The random appearance clearly suggested that ChatGPT was performing Google searches in real time, effectively exchanging text submitted by users with both Google and any websites that appeared in those results.
OpenAI claims that the leak affected only a small number of search queries. The company did not provide a specific number, so it is unclear how many users out of the estimated 700 million each week may have been victims of their Search Console text being redirected.
This incident follows previous privacy concerns that surfaced when users discovered public links to their ChatGPT conversations indexed by Google search engines.
“There was no consent mechanism involved,” Packer says. “Nobody was clicking ‘share.’ These requests were simply misdirected.” Unlike public pages, Search Console entries cannot simply be deleted by affected users, leaving the plaintext visible to any site owner whose page ranked for the relevant search terms.
The researchers suspect that this glitch could be related to another phenomenon that search engine analysts call “the crocodile’s mouth”—a widening gap in Search Console graphs where impressions are rising rapidly but clicks are falling. If OpenAI’s systems repeatedly contacted Google with long, synthetic queries, they could have distorted these analytical patterns.
Packer and Manich say they still don’t know whether the fix implemented by OpenAI prevents all types of prompt leaks or just stops specific routing associated with the problematic URL. For now, they’re being cautious. “We don’t know if this was just a single interface or if it affected a broader range of sessions,” Packer said. “In any case, it’s a sign that the systems that power these tools are still handling user data in an unpredictable way.”
