[danShumway]

> that the user is not supposed to have access to

The question is, are you ever going to run an LLM on data that only the user should have access to? People are missing the point, this is not about your confidential internal company information (although it does affect how you use LLMs in those situations) it's about releasing a product that allows attackers to go after your users.

The problem isn't that Bard is going to leak Google's secrets (although again, people are underestimating the ways in which malicious input can be used to control LLMs), the bigger problem is that Bard allows for data exfiltration of the user's secrets.