The same word will be encrypted the same way each time, and that’s actually the basis of one of the known attacks on LLMs like ChatGPT. They send responses back one “word” at a time, so someone who’s snooping can easily figure out what it’s saying from the encrypted messages. The exploit doesn’t affect Bard because it sends larger chunks of text at a time.