5 things you should never tell your AI chatbot (to protect your money)
AI chatbots are convenient. They can draft emails, summarize articles, help with travel plans, and even offer financial advice. But the ease of conversation can lead to oversharing—and that can be costly. A recent column in The Washington Post drew attention to five categories of personal information that should never be handed over to a chatbot, no matter how helpful it seems. Below is a summary of the advice, along with context on why it matters and what you can do instead.
What happened
In April 2026, The Washington Post published a column titled “Don’t tell your AI chatbot these 5 things to keep your money safe.” The piece, part of the paper’s ongoing coverage of digital privacy, warned that as chatbots like ChatGPT, Google Gemini, and Microsoft Copilot become more integrated into everyday life, users are increasingly typing in sensitive data without thinking about where it ends up. The column identified five types of information that are particularly risky to share: financial account details, full personal identifiers (including Social Security numbers), answers to security questions, login credentials and verification codes, and scanned copies of official documents.
The warning is not hypothetical. Scammers have already used chatbots to extract personal details from victims through impersonation or fake customer support interactions. In some cases, data entered into a chatbot—even if deleted from the conversation—can be retained for training or accessed by employees of the company operating the service. The exact extent of these risks is still being studied, but security researchers agree that the safest approach is to treat a chatbot like a stranger on the internet.
Why it matters
The financial consequences of sharing the wrong information with a chatbot can be severe. If you type a bank account number or credit card details into a conversation, that data could be stored on a company server, exposed in a breach, or used to train future models in a way that might later be reconstructed. Even login credentials for other services—if typed into a chatbot—could end up in the hands of someone who knows how to search for them.
Identity theft is another real concern. A full name, date of birth, address, and Social Security number are enough to open fraudulent accounts or file fake tax returns. Many people also unwittingly provide answers to common security questions—like mother’s maiden name, pet’s name, or the street they grew up on—during casual chatbot conversations. Once those details are out, they can be used to reset passwords or bypass two-factor authentication on other accounts.
The risk is not limited to the chatbot provider itself. If your device is compromised or if you use a public computer, the conversation history might be accessible to others. And because chatbots often save chat logs by default, a deleted conversation is not always permanently gone.
What readers can do
Based on the Washington Post column and guidance from consumer protection groups, here are five types of information you should never share with an AI chatbot, along with safer alternatives.
1. Financial account numbers and credit card details
Do not paste your bank account number, routing number, credit card number, or any payment instrument into a chatbot. Even if you are asking for help balancing a budget or checking a transaction, use generic amounts and avoid real identifiers. If a chatbot asks for financial information to “verify” your identity or process a payment, it is almost certainly a scam.
2. Full personal identifiers
Keep your full name (with middle name), date of birth, Social Security number, driver’s license number, and home address out of any chatbot conversation. If you need to share a location for a recommendation, say “a neighborhood in Chicago” rather than “123 Main Street, Chicago, IL 60601.” The less specific you are, the less risk.
3. Answers to common security questions
Your mother’s maiden name, the name of your first pet, your high school mascot, or the street you grew up on are frequently used to verify identity on financial accounts and email services. A chatbot that remembers these details—or leaks them—could give an attacker the keys to your accounts. Treat these answers as secrets, not conversation starters.
4. Login credentials and verification codes
Never type a password, PIN, or two-factor authentication (2FA) code into a chatbot. Some scammers pose as customer support and ask for these codes to “help” you with an issue. Legitimate companies will never ask for your 2FA code or password in a chatbot conversation. Also avoid storing passwords in chat logs; use a dedicated password manager instead.
5. Scanned copies of official documents
Do not upload photos or PDFs of your passport, driver’s license, tax returns, medical records, or insurance cards to a chatbot—even if it claims to be able to read and extract information from them. Once the document is on a remote server, you lose control over who can view it or how it is used. If you need to extract text from a document, use a local tool that does not send the file to the cloud.
Additional best practices:
- Use a separate, pseudonymous email address for chatbot accounts.
- Review the privacy policy of the chatbot service to understand how your data is stored and shared.
- Delete conversation history regularly, but understand that copies may still exist on the provider’s servers.
- Be skeptical of any chatbot that asks for sensitive information, even if it appears to be from a trusted company.
No checklist can eliminate all risk, but keeping these five categories of information away from chatbots will significantly reduce your exposure to financial fraud and identity theft.
Sources
- “Don’t tell your AI chatbot these 5 things to keep your money safe,” The Washington Post, April 25, 2026. (The original column is behind a paywall; highlights are summarized here.)
- Consumer Reports, “AI Chatbots and Your Privacy,” 2026.
- Federal Trade Commission, “How to Spot and Avoid Chatbot Scams,” 2025.