BlackCloak Knowledge Base
Protect Your Digital Life ™
Home
Client Guides

AI Security & Privacy Guide

Edited

AI has become part of daily life, delivering real productivity gains while quietly introducing risks.

Here is how these risks work and how to stay protected:

THE THREAT:

  • Data Leakage: Pasting text into a consumer AI chatbot often means permanently sharing it with the provider. They may surface to other users or be reviewed by third-party contractors.

  • Voice Cloning & Vishing: Modern AI can clone a voice from as little as three seconds of audio. For executives with public appearances, the risk of voice-based phishing is extreme.

  • AI-Powered Phishing: AI has erased the old red flags like typos. Scams are now perfectly written and personalized using data scraped from LinkedIn and the news, often referencing real meetings or events.

STAY PROTECTED:

  • Disable Training: Manually turn off "training" in the privacy settings of every personal AI account before any sensitive session. 

  • Use a Safe Word: Establish a unique verbal safe word for family and inner-circle staff to verify identity during any emergency or urgent request.

  • Apply the Callback Rule: If a voice request involves moving funds or granting access, hang up and call back on a known, trusted number. Require two-person approval for wire transfers over a set threshold.

  • Never Share Sensitive Data: Keep credentials, financial information, medical or legal records, corporate secrets, and other people's PII out of consumer AI tools entirely.

  • STOP, THINK, VERIFY, ACT: Pause when pressure is applied. Verify on a trusted line or with your safe word. Then act, including reporting anything suspicious to your security team or BlackCloak.

STRICT "DO NOT SHARE" CATEGORIES:

  • Credentials & Access Tokens: Never input passwords, API keys, SSH keys, 2FA codes, OAuth tokens, or session cookies.

  • Financial Information: Never input full credit card numbers, bank account info, or SSNs.

  • Medical/Legal Records: Avoid sharing unpublished medical records or legal case details.

  • Corporate Secrets: Trade secrets, unreleased product plans, and M&A info must be kept out of consumer AI.

  • PII of Others: Do not share client data, customer information, or employee records.

MANAGING PRIVACY SETTINGS ACROSS TOP AI TOOLS:

  • ChatGPT (OpenAI): Training is enabled by default for consumer accounts. To disable, click your profile icon (top right) > Settings > Data Controls > toggle OFF "Improve the model for everyone". You can also use "Temporary Chat," which does not appear in your history, is not used for training, and is deleted within 30 days.

  • Claude (Anthropic): Training is enabled by default. To disable, click your profile/initials icon > Settings > Privacy tab > toggle OFF "Help improve Claude".

  • Google Gemini: Training is enabled by default and managed via Gemini Apps Activity. To disable, tap your profile picture > "Gemini Apps Activity" > "Turn off". Google retains data for 72 hours for service operations even when activity is off.

  • Microsoft Copilot: For consumer Copilot, access Settings > Privacy and toggle off "Help improve Copilot". Microsoft 365 Copilot (Enterprise) generally does not train on enterprise data, keeping it within your tenant.

  • Perplexity AI: Training is enabled by default to improve search relevance. To disable, go to Settings > Privacy > disable "Help improve Perplexity".

Note: AI provider policies and settings locations change frequently. Please review your profile settings directly within each app to confirm your current data privacy preferences.

SPECIAL CONSIDERATIONS:

  • Executives: Business strategy should never be discussed in consumer-grade AI. Assume a state of semi-publicity, as human moderators may review flagged content.

  • Family: Teens are high-volume users; ensure they understand safe usage rules.

  • Smart Speakers: Remind all household members that voice assistants use different logging triggers.

HOW BLACKCLOAK IS PROTECTING YOU

Minimizing Your Data Footprint: Proactive data broker removal and dark web monitoring reduce access to information attackers use to personalize AI-powered scams.

Impersonation Protection: In-App feature that securely validates sensitive communications between members. (Plan-specific feature) 

Concierge Support: Our team is always here to help you evaluate a suspicious call, text, or email and confirm whether it's authentic.



AI
AI Safety
AI Privacy
BlogContact UsGo to BlackCloak.io