Can somebody explain, if the encrypted data can be processed against an encrypted query, what prevents someone from writing an attack query to reveal the actual data either by comparison with other known encrypted queries or by regurgitating if it is an LLM like AI?
