WEEKLY NEWSLETTER

The AI Privacy Audit You Haven’t Run Yet

© CURRENT YEAR, AI Business Lab. All rights reserved.

Your AI tools are probably leaking data right now. Not because someone hacked you. Because you set them up that way.

I was at the lake when the audit report came in.

Ten days into a five-week sabbatical—no calls, no office, just the water and Gail and the kind of slow mornings I rarely allow myself. My AI systems were running the business without me: the Daily Briefing, email triage, applicant research, newsletter workflow. Eighteen months of building, testing, and trusting.

The finding landed like a wrong diagnosis.

Buried in that list, one line stopped me cold. A file I’d shipped back on June 3 had a password embedded directly in the page. Not behind a login. Not encrypted. Right there in plain text. Anyone who’d accessed that URL in the past month could have found the credential that controlled everything I published publicly.

I’d built that file. I’d tested it. I’d watched it go live and felt good about it.

The password was revoked within the hour. But the question that stayed with me had nothing to do with the fix. It was this: What else is out there that I haven’t looked at?

That question started an audit of my entire AI stack. What I found changed how I think about every tool I use—and it’s why I’m writing this.

If your business uses AI—and by now, most do—you’ve almost certainly handed sensitive information to a model at some point. A client list. An employee record. A contract. A password you copy-pasted into a chat because it was faster than opening a file.

Most of the time, nothing happens. But “most of the time” isn’t a security policy.

Last year, ChatGPT alone generated 410 million data loss prevention violations—a 99.3% jump from the year before.1 Sensitive data now makes up 34.8% of what employees type into AI tools, more than triple the 2023 rate. The exposure isn’t coming from hackers. It’s coming from your own team, doing their jobs, using tools that were never configured to protect them.

You can protect your business data from your own AI tools by putting four straightforward safeguards in place. Here’s exactly where to start.

Safeguard #1: Turn Off Model Training

Every major AI tool trains on your conversations by default—unless you tell it not to.

ChatGPT now runs two different apps with two different privacy surfaces. In the web app, go to Settings → Data Controls → “Improve the model for everyone” and toggle it off. Personal plans default to on; business plans default to off, but verify it anyway.

The desktop app is a different animal. OpenAI merged ChatGPT desktop and Codex desktop earlier this month, and the settings now include two toggles that most users won’t realize are enabled. The first is Full Access, which lets ChatGPT read, edit, and run commands on your computer without asking. Turn it off unless you have a specific reason to leave it on. The second is Approval Policy, buried under Configuration—make sure it’s set to “On request” so ChatGPT asks before executing commands. The defaults on both are more permissive than most business owners would consciously choose.

In Claude, go to Settings → Privacy → “Help improve our AI models” and toggle it off. (Anthropic renamed this setting recently—it used to be called “Help improve Claude.”) Personal plans default to on; paid enterprise plans default to off. One important note from Anthropic’s June 2026 privacy policy update: conversations flagged for safety review can still be used for training regardless of your setting. Keep genuinely sensitive topics out of chat history entirely.

In Gemini, open your Gemini Privacy Hub and turn off “Keep Activity.” Watch this one carefully: Gemini Advanced—the paid individual plan—is still treated as a consumer account and defaults to on. You need a Google Workspace business account to get enterprise-grade protection automatically.

In Grok, there are two separate settings to disable, not one. The first covers your X posts (Settings & Privacy → Privacy and Safety → Grok section). The second covers your conversations (Settings → Data Controls). Disabling only one still leaves the other open.

If you use Runner for AI automations,2 there’s no training toggle to worry about. It’s an agent platform, not a model—it doesn’t build anything from your data.

Safeguard #2: Redact Before You Share

The simplest way to keep private data out of AI is to remove it before it ever reaches the model.

A critical warning before you do this. Drawing a black rectangle over text in Preview, Adobe Reader, or most PDF editors is not real redaction. It’s a visual overlay. The underlying text is still in the file, still selectable, still readable by any machine—including an AI model you upload it to. One academic analysis of nearly 40,000 official PDFs found that 65% of files that claimed to be redacted were still leaking sensitive information.3 The document looked redacted to the human eye. It wasn’t.

Real redaction operates at the bit level—it strips the underlying text out of the file entirely, not just covers it up. Redactable is built for exactly this. It removes PII from documents automatically in seconds and gives you a clean file that’s actually clean, not just cosmetically covered.

The rule I use: if I wouldn’t post this document publicly, I redact it with a bit-level tool before it touches an AI.

Safeguard #3: Limit What Your Connectors Can Touch

Connectors—the integrations that let AI tools reach into your email, calendar, files, and CRM—are extraordinarily useful. They’re also the widest opening in your stack.

Every connector you authorize grants a scope of access. Most ask for more than they need, and most people click “Allow” without reading the permissions list. The smarter move is to start with read-only and add write access only when you have a tested, specific reason to.

Claude’s connectors default to read-only—keep it there. In Claude’s settings, you can set each connector action to “Always allow,” “Needs approval,” or “Blocked.” Set anything that can send, delete, or modify records to “Needs approval” until you’ve verified the behavior across several sessions.

For ChatGPT and Gemini, open your account settings and review the OAuth permissions you’ve already granted. Most users have never done this. What you find there may surprise you.

Safeguard #4: Keep Secrets Out of Your Prompts

This is the safeguard I violated.

When you store a password, an API key, or any credential inside a prompt template, a skill file, or a document your AI tools can read, you’re one accidental publish away from handing those credentials to anyone on the internet. That’s what happened to me. The password wasn’t where I thought it was—it was where the file system said it was.

The fix is unglamorous but non-negotiable: store credentials outside your AI tools entirely. On a Mac, your Keychain is the right place. It’s encrypted, it doesn’t sync to any public file, and you can retrieve values from it without hard-coding anything. On Windows, the Credential Manager does the same job. Cross-platform teams can use a password manager with a command-line interface—1Password and Bitwarden both have them.

ChatGPT, Gemini, and Grok have no native secrets vault. There’s nowhere inside those tools to safely store credentials. The answer is the same across all three: use the AI for the task, retrieve credentials through a separate, secure channel.

If you’ve already built prompt files, skills, or automation templates that might contain credentials, search them now. A simple text search for common patterns—“password,” “api_key,” “token”—will tell you quickly whether you have a problem.

Takes Less Than an Hour

Run through these four safeguards on every AI tool your team uses. Check your training toggles. Redact documents at the bit level before they enter a model. Review what your connectors can access. Search your files for exposed credentials.

AI security for small businesses doesn’t require a dedicated IT team or a six-figure consultant. It requires an hour and the willingness to look. The AI systems you’ve built are a genuine competitive advantage. Protect them, and they’ll keep running the business—even when you’re at the lake.

What’s one place in your AI setup where you haven’t looked yet?

Comments

If you have a question about doing an AI Privgacy Audit, click here to send me an email. I read every one. Seriously. Your experiences help me write better content, and sometimes the best insights come from readers like you. 

Transforming AI from noise to know-how,

Michael’s Signature

P.S. Consider the AI Business Lab Mastermind: Running a $3M+ business? You’re past the startup chaos but not quite at autopilot. That’s exactly where AI changes everything. The AI Business Lab Mastermind isn’t another networking group—it’s a brain trust of leaders who are already implementing, not just ideating. We’re talking real numbers, real strategies, real results. If you’re tired of being the smartest person in the room, this is your new room. 👉🏼Learn more and apply here.


REFERENCE

  1. ”Employee AI Usage Is Leaking Company Data—Here’s the Risk”, LangProtect, 2026. Statistics sourced from the ThreatLabz 2026 AI Security Report. ↩︎
  2. Runner is the AI agent platform I use daily to automate my briefings, carousels, email triage, and more. I wrote about how I use it to run the business during a five-week sabbatical in last week’s issue. Download it free here. When you buy a paid plan, you get a free month of standard tier usage—and so do I. It costs you nothing extra and helps support AI Business Lab. ↩︎
  3. ”Deep Research on PDF Redaction Failures and Security: Risks, Exploits, and Best Practices”, Argelius Labs, 2026. ↩︎