Staying safe with AI.
AI tools are the most useful — and most oversharing — software most people have ever used. The convenience has a security cost almost nobody is taught. This is the practical briefing: what's safe to share, the settings to lock down today, and the brand-new threats that appear the moment AI sits in the middle of your work.
Three short teaches, then a 10-question "smart move or risky move?" gym. About 11 minutes.
01 · Your chat is a postcard, not a vault
The habit that prevents most AI security disasters: before you paste, assume it could end up somewhere you didn't intend — a future breach, a log a support engineer reads, or data used to train the next model. Most of the time nothing happens. You only need to be wrong once.
So run a one-second test: "Would I be okay if this showed up in a leak, or in a stranger's chat?" If no, don't paste it into a consumer AI.
Never paste into a personal / consumer AI account
- Passwords, API keys, access tokens, recovery codes
- Card / bank numbers, SSNs, passport or government IDs
- Other people's private data they didn't consent to share
- Confidential work material — customer data, source code, contracts, unreleased plans — in a personal account
Your tier
Free/personal plans may train on your chats unless you opt out. Business/Enterprise contractually won't.
Your settings
Training, history, and feedback toggles change what's kept and seen. Defaults aren't always private.
Deleted ≠ gone
Most tools retain chats a while after deletion. Treat anything you typed as recoverable.
Match the data to the account: personal curiosity → personal login is fine; anything touching your employer or customers → the company's sanctioned, paid AI.
02 · Lock it down in five minutes
Menu names move as these products update, so treat this as "where to look" and confirm the current wording in each app:
- Unique strong passwords in a password manager. Your AI account now holds a history of your thinking — treat it like email.
- Two-factor auth (2FA) everywhere it's offered — this one step blocks most account takeovers.
- Only official apps & extensions. Fake "ChatGPT" apps are a common way data gets stolen.
03 · The AI-era threats
Some risks are specific to AI and didn't exist a few years ago. Knowing the names is half the defense:
04 · Smart move, or risky move?
Ten situations. For each, call it: is this a smart, safe move — or a risky one?
Gym complete
Your five-point sweep — do it once and it stays done:
- 1. Turn off model training / data sharing in every AI tool.
- 2. Enable 2FA on every AI account.
- 3. Disconnect any connected apps or integrations you're not using.
- 4. Keep work data in company-sanctioned tools only.
- 5. Delete old chats that contain sensitive information.
Run the postcard test, lock down settings + 2FA, spot prompt injection / phishing / deepfakes, and verify unusual requests on a second channel.
Lesson 7 · Which AI on your iPhone & Mac