Outdated privacy settings? Here’s how to lock down your data against AI threats

AI‑powered cyberattacks are no longer a future risk — they are happening now. Phishing emails generated by large language models are harder to spot. Automated scraping tools harvest personal data from public profiles at scale. And password‑cracking algorithms can test billions of combinations in minutes. For most people, the privacy settings they set a year or two ago were designed for a world without these capabilities. It is time to update them.

What happened

In 2025 and 2026, cybersecurity researchers and organisations such as the World Economic Forum have documented a sharp rise in attacks that use AI to increase speed and precision. According to reporting from the Forum, AI now enables attackers to find software vulnerabilities faster, craft convincing deepfake audio and video for impersonation, and personalise phishing messages using data scraped from social media. The same AI tools that help businesses automate tasks are being repurposed by criminals to automate exploitation.

For the average user, this means that a relatively generic phishing attempt that might have been caught by a spam filter or a careful eye can now be tailored — using a real‑sounding voice or referencing a recent purchase — and delivered through multiple channels. The attack surface has expanded.

Why it matters

Most consumer privacy tools were built to defend against basic threats: tracking cookies, data brokers, and simple password theft. Those threats remain, but AI changes the game in three specific ways:

  1. Speed of exploitation – AI can scan for weak passwords, outdated software, or exposed personal information much faster than a human attacker.
  2. Personalisation – By combining data from multiple breaches and public profiles, AI can create convincing messages that appear to come from a trusted contact.
  3. Scale – A single attacker can launch thousands of unique, context‑aware attacks simultaneously.

If your privacy settings are still set to default or haven’t been reviewed in the past year, you are likely exposing more data than necessary. And that data can feed the AI models used against you.

What readers can do

Below are four practical steps to reduce your exposure. None require advanced technical skills, but each will make a measurable difference.

1. Tighten browser privacy

Browsers store a growing number of identifiers — cookies, browser fingerprinting elements, canvas fingerprints — that AI scrapers can stitch together to build a detailed profile of you.

  • Enable “Do Not Track” or “Global Privacy Control” if your browser supports it. This signals to websites that you do not want your data sold.
  • Use a content blocker (like uBlock Origin or Privacy Badger) to stop tracking scripts that are often used for AI‑driven ad profiling.
  • Review third‑party cookie settings. In Chrome, set to “Block third‑party cookies in Incognito” or use a browser that restricts them by default (Firefox, Brave).
  • Disable fingerprinting protection where possible. Firefox’s “Strict” tracking protection helps here.

2. Audit app permissions and limit AI assistant data

Many smartphone apps now include AI features that process data on the device — or send it to the cloud. Siri, Google Assistant, and ChatGPT’s mobile app are common examples.

  • Check microphone and camera permissions for each app. Most apps do not need constant access.
  • Turn off “App Clips” or background app refresh for apps that you rarely use.
  • For AI assistants, prefer on‑device processing when available. For example, iOS can process certain Siri requests locally; Android’s “Hey Google” can be set to work without sending audio to servers (in some regions).
  • Delete chat histories in AI tools that store conversations. If the tool allows, disable saving of prompts altogether.

3. Use a password manager and multi‑factor authentication

AI‑powered password cracking works fast against weak or reused passwords. A password manager generates and stores strong, unique passwords for each site.

  • Choose a reputable password manager (Bitwarden, 1Password, Apple Passwords) that encrypts your vault locally.
  • Enable multi‑factor authentication on every account that supports it — especially email, banking, and social media. Use an authenticator app (like Authy or Google Authenticator) rather than SMS, because SMS can be intercepted.
  • Consider a hardware security key (YubiKey, Titan) for the most critical accounts.

4. Audit your digital footprint periodically

AI scrapers feed on publicly available data. Reducing your digital footprint makes it harder for attackers to assemble a personalised phishing target.

  • Run a search for your own name and email to see what is publicly listed. Use tools like DeleteMe or just manually check privacy settings on LinkedIn, Facebook, and other public profiles.
  • Remove old accounts you no longer use. Many sites leak data eventually.
  • Set social media profiles to private where possible, and disable discoverability by email address.

Sources

  • The World Economic Forum: “How to update data privacy tools to cut cybersecurity risk in the AI era” (June 2026)
  • The World Economic Forum: “AI speeds cybercrime by exposing flaws, and other cybersecurity news” (June 2026)
  • The World Economic Forum: “3 trends redefining cyber risk in 2026” (January 2026)
  • General cybersecurity guidance from OWASP and the Electronic Frontier Foundation on AI‑specific threats.

A final note: No single setting will protect you completely. The goal is to reduce the amount of low‑effort data available to AI‑powered attackers. Review your settings every six months, and stay informed about new features that your apps and devices enable by default. The threat landscape is evolving fast, but your defences can evolve with it.