The One AI Privacy Risk That Worries Proton’s CEO — and How to Avoid It

The One AI Privacy Risk That Worries Proton’s CEO — and How to Avoid It

The moment you type a question into ChatGPT, Copilot, or any cloud-based AI assistant, your words, ideas, and sometimes sensitive data leave your device and travel to a company’s server. Most users assume that data vanishes after the conversation ends. That assumption is the main thing keeping Proton’s CEO up at night.

Proton, the Swiss company behind encrypted email, VPN, and cloud storage, has long argued that privacy is possible in the AI era. But there is a growing mismatch between how users treat AI tools and how those tools actually handle inputs. Andy Yen, Proton’s CEO, recently told Spiceworks that the single biggest privacy risk in AI is not a sophisticated cyberattack or a new surveillance law – it’s the quiet use of user prompts for model training, often without explicit, informed consent.

What happened

In a June 2026 interview, Yen pointed out that many AI services, especially the free tiers, rely on user conversations to improve their models. This practice is rarely spelled out in plain language. When you paste a draft email, a spreadsheet of customer names, or a list of medical symptoms into a chatbot, you may be feeding that data into a system that retains, analyzes, and possibly shares it with third-party trainers or outsourced human reviewers.

“The model remembers what you told it, not just to answer your question, but to learn for everyone else’s future questions,” Yen explained. He noted that even deleting a conversation afterward does not guarantee the data was removed from the training set. The process is often opaque by design.

Why it matters

This matters because the convenience of AI tools has outpaced users’ understanding of how their data is used. A 2025 survey by the Pew Research Center found that 67% of Americans who use AI assistants believed their conversations were private. The reality is more complicated. Most major AI providers publish privacy policies that allow them to use user input for service improvement, model training, or safety research – language that is often buried in legalese.

For a privacy-conscious professional, the risk is concrete. A lawyer running a contract analysis through a free chatbot may inadvertently expose client confidences. A marketer asking an AI to rephrase a product description might reveal upcoming releases. Once data enters the training pipeline, it can be difficult to unwind. “The prompt becomes part of the product,” Yen said, “and you don’t know where that product ends up.”

What readers can do

The good news is that you do not have to stop using AI to protect your privacy. You just need to be deliberate about how you use it. Here are actionable steps, none of which require abandoning AI tools entirely.

Assume everything you type could be stored and used for training. Before you paste any text into an AI assistant, ask yourself: would I be comfortable putting this on a public noticeboard? If the answer is no, do not paste it.

Use dedicated, privacy-first AI services. Proton itself offers an encrypted AI writing assistant built into its cloud storage. Other options include local models that run entirely on your device (like Llama or Mistral via tools such as Ollama) or enterprise-grade services that sign data processing agreements. These may cost a monthly fee, but that fee funds a promise not to train on your inputs.

Anonymize your prompts. When you do use cloud-based AI, strip out identifying information. Replace real names, account numbers, or proprietary details with placeholders. The AI can still answer a general question without knowing that “John” is your VP of Sales.

Turn off chat history and model training where possible. Many AI platforms, including ChatGPT and Copilot, offer a setting to disable training on your conversations. This is not always foolproof, but it reduces the risk. Check these settings regularly, as updates sometimes reset preferences.

Prefer local models for sensitive work. Running a model on your own machine means your data never leaves your hard drive. For most personal tasks (drafting emails, summarizing documents, brainstorming), smaller local models are surprisingly capable. Free tools like GPT4All or LM Studio make installation straightforward.

Use a VPN with a proven no-logs policy when accessing AI services through a browser. This hides your IP address from the AI provider, adding a layer of anonymity. Proton VPN is one example, but any independently audited VPN is acceptable.

Sources

The content of this article draws primarily from the Spiceworks interview with Andy Yen, published on June 4, 2026. The interview is titled “Privacy in the AI era is possible, says Proton’s CEO, but one thing keeps him up at night.” Additional context on user beliefs about AI privacy comes from Pew Research Center’s 2025 survey on AI literacy.