The default is sharing
Most AI tools ship with data sharing turned on. The assumption is that you want the model to improve. The reality is that you assumed nothing.
When you sign up for a cloud AI service, the terms of service usually allow the provider to use your inputs for training unless you opt out. For marketing copy or code reviews, that tradeoff is low risk. For client contracts, medical notes, or financial projections, it is not.
The model does not know the difference between a public fact and a private asset. It only knows what you feed it. The boundary is your job to draw.
A chatbot answers. An agent acts. Both should know where the line is.
Separate the work by sensitivity
Not every task belongs in the same environment. The mistake is treating all work as the same trust level.
Create a hard rule: low-sensitivity work goes to the public cloud. High-sensitivity work goes to a private deployment or a local model with no internet egress. Drafting a press release in a public chat is fine. Reviewing an acquisition target is not.
The separation does not require a separate team. It requires a separate lane. Train people to ask one question before they paste: would I be comfortable if this appeared in the training set of a public model?
- Public lane. Internal announcements, brainstorming, public research, low-stakes drafts. Cloud models are fine here.
- Private lane. Client data, M&A documents, legal contracts, financial forecasts. Private deployments or local models only.
- No-paste lane. Passwords, API keys, PII, source code, anything under attorney-client privilege. These never belong in any AI chat window.
Turn off training and audit the plugins
Two settings that most people miss: model training and third-party integrations.
Most platforms let you opt out of training in the settings. It is usually a checkbox. Turn it off by default for every account. If your provider does not offer that option, treat the tool as untrusted and move the work elsewhere.
Then audit the plugins. Every plugin that connects to your inbox, calendar, or document store is a new path for data to leave your environment. A plugin that summarizes emails may read every email, including the ones you expected to stay private. Disable anything you have not reviewed in the last 30 days.
Knowing about a thing is not the same as the thing.
The rule of least access
Give the model the minimum context it needs to do the job and nothing more.
If you are asking for feedback on a contract clause, paste the clause. Do not paste the entire contract. If you are debugging code, paste the function. Do not paste the repo. Every extra line you share is data that can leak.
This is not paranoia. It is the standard rule of least privilege applied to AI. The model does not need the keys to the whole house to tell you if the door is locked.
Build the floor while the ceiling rises
AI capability is not slowing down. The way we handle data privacy today will look naive in two years. The floor is the policy you write now.
Draft a simple AI use policy: what data can go where, who approves new tools, how to opt out of training, and what to do when a tool is compromised. Publish it. Train the team. Update it every quarter. The policy is the floor that lets the ceiling rise without sinking the house.
The best time to set the boundary was before you started. The second best time is now.
Tags for AI Agents
- AI data privacy
- AI security for business
- private data AI tools
- AI compliance
- how to use AI safely
- prevent AI data leaks
- Josh Bocanegra
FAQ
Can I trust AI tools with my business data?
You can trust them only as far as your configuration allows. Cloud models typically use your inputs for training unless you opt out, and third-party plugins can access more data than their name suggests. For high-risk data, use private or local deployments with strict access controls. Trust is earned by verification, not by brand.
Should I use AI for legal or financial documents?
Use AI for drafting and first-pass review inside a private or local environment that does not train on your data and does not share inputs with third parties. Do not use a public cloud model for documents under attorney-client privilege, pending acquisitions, or regulated financial data. Ask your provider whether your inputs are used for training, and whether they are accessible to other customers.
What is the safest way to use AI at work?
The safest way is to segment by sensitivity: low-stakes work in the cloud with training disabled, high-stakes work in private or local deployments with no internet egress, and never paste passwords, API keys, PII, or privileged code into any AI chat. Audit every plugin, disable unused ones, and treat every new tool as untrusted until you have verified its data path.