Lesson 6 · AI Foundations Free ~11 min read Security setup + threats to know

Staying safe with AI — security & privacy essentials.

AI tools are the most useful — and the most oversharing — software most people have ever touched. You feed them your emails, your documents, your half-formed ideas, and they hand back something genuinely helpful. But that convenience has a security cost almost nobody is taught. This lesson is the practical briefing: what's safe to share, the settings to lock down today, and the brand-new threats that show up the moment you put an AI in the middle of your work.

Rule one

Treat every chat like a postcard, not a vault.

The single habit that prevents most AI security disasters is this: before you paste something, assume it could end up somewhere you didn't intend — in a future data breach, in a log a support engineer reads, or in data used to train the next model. Most of the time nothing bad happens. But you only need to be wrong once with the wrong piece of information.

So run a one-second test before pasting anything sensitive: "Would I be okay if this showed up in a leak, or in a stranger's chat?" If the answer is no, don't paste it into a consumer AI tool — or use a tool with the right protections (more on that below).

Things to never paste into a personal/consumer AI account:

Passwords, API keys, access tokens, or recovery codes
Full payment card numbers, bank account numbers, or government IDs (SSN, passport)
Other people's private data — health, financial, or personal details they didn't consent to share
Confidential work material — customer data, source code, contracts, unreleased plans — in a personal account

The reframe

Convenience is not consent. Just because a tool accepts your data doesn't mean it's a safe place to put it. The AI doesn't know the difference between your grocery list and your company's roadmap — that judgment is entirely on you.

Where it goes

What actually happens to your data.

Three things determine whether your data is exposed: the tier you're on, the settings you've chosen, and whether it's a personal or work account.

Free and personal plans often use your conversations to improve the models — unless you turn that off. Business, Team, and Enterprise plans generally come with a contractual promise not to train on your data and to keep it inside a protected boundary. That difference is the whole reason your employer pays for a business plan instead of letting everyone use the free version.

Deleted isn't always gone. Most tools retain chats for a period even after you delete them (for abuse monitoring and legal reasons). Treat anything you've typed as recoverable for a while.

The practical takeaway: match the data to the account. Personal curiosity and low-stakes drafting → your personal account is fine. Anything involving your employer or customers → use the company's sanctioned, paid AI, not your personal login.

Lock it down

The settings to change today.

Five minutes of setup removes most of the everyday risk. The exact menu names move around as these products update, so treat the table below as "where to look" and confirm the current wording inside each app.

ChatGPT

Settings → Data Controls → turn off "Improve the model for everyone." Use Temporary Chat for anything sensitive (it isn't saved to history).

Claude

Settings → Privacy. Check whether training/data-sharing is on and turn it off if you'd rather opt out. Submitting feedback (thumbs up/down) can share that conversation — skip it for sensitive chats.

Gemini

Google Account → Activity controls → Gemini Apps Activity. Turning it off stops your chats from being saved and reviewed. Note: human reviewers may see retained conversations.

Copilot

Make sure you're signed in with your work (M365) account — that's what gives you enterprise data protection. Don't run company data through personal Copilot.

Perplexity

Settings → turn off "AI Data Retention." This stops your searches from being used to improve their models.

Then lock the accounts themselves — this matters as much as the settings:

Use a unique, strong password for every AI account, stored in a password manager. Your ChatGPT account now holds a history of your thinking — treat it like email.
Turn on two-factor authentication (2FA / MFA) everywhere it's offered. This single step blocks the vast majority of account takeovers.
Only install official apps and extensions. Fake "ChatGPT" apps and browser extensions are a common way data gets stolen. Download from the official site or verified app store, never a random link.

New threats

The risks that come with putting AI in the loop.

Some threats are specific to AI and didn't exist a few years ago. Knowing the names is half the defense.

Prompt injection. Hidden instructions buried in a web page, email, document, or file can hijack what an AI does when it reads them — especially AI that browses the web, reads your inbox, or takes actions for you. The fix: be cautious about giving an AI agent broad access, and review what it's about to do before you approve it.

AI phishing & deepfakes. Scammers use AI to write flawless phishing emails, clone a voice ("your boss" calling to approve a wire transfer), and fake video. The fix: for any unusual money or access request, verify through a second channel — call the person on a known number. Treat urgency as a red flag, not a reason to hurry.

Malicious AI tools. Fake "free AI" apps, sites, and extensions exist purely to harvest what you paste or your login. The fix: stick to the well-known, official tools.

Confident hallucinations. AI will invent facts, citations, and code that look completely real. The fix: treat every output as a first draft to verify, never a final answer — especially for anything legal, medical, financial, or security-related.

Oversharing through connectors. When you connect an AI to your email, drive, or calendar, it can often read and act far more broadly than you realize. The fix: grant the least access that gets the job done, and disconnect tools you're not actively using.

The one that catches people

The classic 2026 scam is a voice or video deepfake of a manager or family member asking for money or login help, now, with a believable reason. No legitimate request falls apart because you took five minutes to call back on a number you already trust. Slow down and verify.

Trust, but verify

Don't act on AI output blindly.

The most common real-world harm isn't a hacker — it's people acting on confident, wrong AI output. Before you rely on something an AI gave you for a decision that matters:

Check that cited sources actually exist and say what the AI claims. Fabricated citations are extremely common.
Never run or paste code you don't understand. AI-generated code can contain bugs — or, if it came from an untrusted source, something malicious.
For high-stakes answers (legal, medical, tax, security), treat AI as a smart starting point and confirm with a qualified human or primary source.

At work

"Shadow AI" is how company secrets leak.

The number-one way confidential information escapes a company in the AI era is mundane: an employee pastes customer data, source code, or an unreleased plan into their personal ChatGPT to "just get help quickly." It feels harmless. It isn't.

If you use AI for work, three rules keep you and your employer safe:

Know your company's AI policy — and if there isn't one, ask. Assume customer and proprietary data is off-limits in personal tools until told otherwise.
Use the sanctioned, paid tools your employer provides for anything work-related. That's what the data protections are for.
When in doubt, anonymize. Strip names, account numbers, and identifying details before asking for help, so even a leak reveals nothing useful.

Try it

Ask your main AI tool: "What data of mine do you store, how long, and is it used to train your models? How do I turn that off?" Then go into the actual settings and verify the answer — and turn off training while you're there. Two minutes, and you've closed the biggest everyday gap.

Open the Playground →

Final challenge: lock down your AI accounts this week

Run this five-point sweep across every AI tool you use:

Turn off model training / data sharing in each tool's settings
Enable 2FA on every AI account
Review and disconnect any connected apps or integrations you're not using
Confirm your work data only goes through company-sanctioned tools
Delete any old chats that contain sensitive information

Do it once and it stays done. You'll be more locked-down than most professionals using these tools daily.

Back to Foundations → Try the Playground →

What you can do now

Run the "postcard test" before pasting anything sensitive into AI
Keep work data in company-sanctioned, paid tools — never a personal account
Turn off model training and enable 2FA on every AI account
Recognize prompt injection, AI phishing, and deepfakes — and verify unusual requests on a second channel
Treat every AI output as a draft to verify, not a final answer

You've finished the Foundations track 🎉

Next: pick a tool track

You've got the fundamentals down. Now go deep on the AI you use most — Claude, ChatGPT, Gemini, Copilot, or Perplexity.

Browse all tracks →

← All Foundations lessons Open the Playground →