# Private search needs a smaller promise

Search makes AI more useful, but it can also become a second place where sensitive intent leaks.

- Canonical: https://garlic.ai/blog/private-search-needs-a-smaller-promise
- Markdown: https://garlic.ai/blog/private-search-needs-a-smaller-promise.md
- Published: 2026-07-03
- Updated: 2026-07-03
- Author: Michael Ryaboy
- Category: Search
- Reading time: 1 min read
- Keywords: private AI search, encrypted web search, AI chat sources, privacy metadata

Web search is one of the most useful tools an AI chat can have. It is also where privacy copy often gets too broad. A search query is intent. If the prompt is sensitive, the query derived from it can be sensitive too.

garlic.ai treats search as an explicit per-message tool. It is on by default because current information matters, but it is visible and can be turned off before sending. The goal is not to pretend search has no metadata. The goal is to avoid making it invisible.

## Useful privacy copy should be narrow

When a product says private search, I want to know what part is private. Is the AI prompt encrypted before the app server sees it? Is the web query proxied? Are search results stored? Are source URLs shown to the user? Each answer matters more than the adjective.

Show when search is active instead of hiding it behind the model response.
Show sources so users can inspect what outside context influenced the answer.
Keep the privacy claim scoped to the implemented transport and storage boundary.

The better promise is smaller: garlic.ai keeps chat plaintext out of the normal Sealie server path, keeps saved history on this device, and names the parts that are still metadata. Smaller promises are easier to test. They are also harder to abuse.