Home/Blog/The Borrowed Data Behind "Real" AI Prompt Volumes

The Borrowed Data Behind "Real" AI Prompt Volumes

Razvan Iordache
7 min read

A growing number of AI-visibility tools promise measurement built on real user prompts. Far fewer explain where that data comes from, who else it is sold to, or how little of the population it actually represents.

If you have shopped for an AI-search visibility tool lately, you have heard the pitch. Forget keyword volume - now you can see the real prompts people type into AI assistants, how often they ask them, and whether your brand shows up in the answer. It sounds like a finally-honest version of search data. The promise rests on one quiet assumption: that the prompts in these datasets are a faithful picture of what real people are really asking. They are not. And the way that data is collected raises questions that any serious buyer should ask out loud before signing.

A pipeline most buyers never see

The "real prompts" in these products are rarely collected by the company selling them. The common pattern looks like this. A free browser extension captures what a user types into an AI assistant. The user agrees to this somewhere in a privacy policy, frequently without understanding that their conversations are being recorded and forwarded. That stream of activity is gathered by a data aggregator, anonymized and packaged, and then resold - to business-intelligence teams, to financial firms looking for an edge, and, more recently, to AI-visibility platforms. The visibility platform then applies modeling to stretch a relatively small pool of captured activity into population-level numbers.

So the headline figure - millions of "real" prompts - is really a small, consented panel, collected by one party, brokered by another, and extrapolated by a third. Each handoff adds distance between the number on your dashboard and an actual person asking an actual question.

A narrow slice, scaled up

Set the ethics aside for a moment and the data still has a measurement problem. The panels behind it are not a cross-section of the population. They lean heavily toward one kind of person and one kind of device:

  • Desktop and mostly one browser. The capture happens through browser extensions, which means mobile and in-app usage - where a great deal of real AI activity now lives - is largely invisible.
  • Self-selected, often incentivized users. People who install tracking extensions or join paid panels skew toward the tech-forward and the financially motivated. That is not the general public, and it is not your whole market.
  • Small panels, large claims. When a modest pool is extrapolated into national figures, every quirk of the panel is multiplied. Small distortions become big, confident-looking numbers.
  • Coverage gaps by geography and setting. Whole regions, languages, and contexts can be thinly covered or absent, while the output still presents itself as a complete view.

There is a deeper, more conceptual issue underneath the sampling one. Much of this data is built by anchoring on keywords and counting which captured prompts contain certain terms. But a keyword and a prompt are not the same thing. A keyword like "cloud security for fintech" is a fragment. The prompt a person actually asks is a sentence: "Which cloud security vendors are best for a fintech company in Southeast Asia?" Counting term matches across captured text imports twenty years of search-engine logic into a system that does not work like search. It treats semantic, contextual questions as if they were tidy query strings.

And even a perfectly captured prompt is not what the engine searches on. AI assistants rewrite and expand what a user types before they go looking for sources, often producing queries that share almost none of the original wording. So the prompt in the dataset and the query that actually shaped the answer can be two different things. Measured against all of this, prompt-volume numbers are, at best, directional. Presented as precise demand, they mislead.

Here is the part that should make the whole "real prompts" promise wobble: the providers do not really keep individual prompts either. To make the data usable, captured activity is clustered into broad topic buckets, stripped of identifying detail, and matched to themes. The thing sold as raw and real has, in other words, already been aggregated and synthesized on its way to your dashboard. Pressed on it, people inside the business will concede that inspecting any one specific prompt is pointless, because everyone phrases the same question differently. They are right about that - which is also a quiet admission that the granular, individual prompt you were promised does not really exist on their side any more than it does anywhere else.

The number on the dashboard is not a population. It is a narrow panel wearing a population's clothes.

The consent and compliance exposure

The representativeness problem is a quality issue. The collection method is a legal one, and it is the part that should give a compliance team pause.

Start with consent. When data is gathered through an extension's buried privacy terms, it is fair to ask whether the consent is genuinely informed and specific - the standard that modern privacy regimes expect. People who installed a tool to help them write emails did not meaningfully agree to have their AI conversations sold into a data market. That gap between "technically agreed" and "actually understood" is exactly where regulators have been focusing.

Then there is the nature of the content. AI conversations are unusually revealing. People disclose health worries, financial details, legal questions, and proprietary work to a chatbot in ways they never would in a search box. Labeling this data "anonymized" does not fully resolve the risk: free-text conversations are notoriously hard to strip of identifying detail, and re-identification is a known hazard. Reselling that material - frequently to buyers far removed from the original context - sits uneasily against the purpose-limitation and data-minimization principles at the heart of GDPR, CCPA, and Singapore's PDPA.

For a brand, the exposure does not stop at the vendor. If your visibility reporting is built on data of questionable provenance, that dependency becomes part of your compliance story. You may be asked where the underlying data came from, whether the consent chain holds, and why the same stream of personal conversations is also being sold to unrelated buyers. "We bought it from a tool" is not a comfortable answer in front of a regulator, a procurement team, or a board.

The question worth asking your vendor

Not "how many real prompts do you have," but "where did they come from, who collected them, who else are they sold to, and can you stand behind the consent." If the answer is vague, you have found the risk.

Generated prompts, honest provenance

There is another way to do this that does not depend on buying anyone's chat history. The prompts start as synthetic generations, built per onboarded vertical by turning the keywords and topics that define a category into the full, natural-language questions a buyer would actually ask. From there the set is refined rather than handed off to a black box. A human reviews and validates the output, correcting what a model on its own gets wrong, and prompts contributed by our own customers are folded in alongside the generated ones. Each pass feeds the next, so the system is self-reinforcing: every round of validation and every new contribution sharpens the prompts the platform produces for that vertical. The refined set is then run against the live answer engines, and brand presence is measured from the answers the engines actually return.

The trade is worth naming plainly. The real comparison is not authentic prompts versus generated ones, because the data sold as the real thing has already been clustered and synthesized long before it reaches a dashboard. Both sides are built; only one is honest about it. What it offers instead is a representative view of a vertical with a provenance you can explain end to end: no brokered clickstream, no resold personal conversations, no panel bias quietly baked into the totals. The keyword-to-prompt translation is explicit and visible rather than hidden inside a black box. And because the model improves with every validation and every contributed prompt, the picture sharpens over time instead of drifting.

The industry will keep advertising "real" prompts. It is a good headline. Just remember to ask what is underneath it - because the answer is usually a narrow panel, a chain of brokers, and a consent story that does not bear much weight.

A note on this piece. This is a general discussion of common practices in the AI-visibility category, not a description of any specific company, and it is not legal advice. If you are evaluating a data vendor, ask for written detail on collection method, consent basis, and downstream use, and have your own privacy counsel review it.