Yeah, and the same thing would happen if e.g. PII or HIPAA related would end up in trained model. The fact that some PII or health data ended up being publicly available, doesn’t mean that automatically you can process or store such data, and train on such data.
This has already been proven by google security researchers who got several of the big “AI” bots to spit out copyrighted materials and PII from their training data sets which the “AI” creators claimed was not stored.
It’s not stored as the full material though. If a human that can sing a copyrighted song is not considered to have a recording of the copyrighted song in their brain, so too are LLMs able to spit out their training data without having to store them.
How do you know what it’s storing? I certainly don’t, but I know what the security researchers have found that proved it was storing copyrighted material and real people’s private info or PII.