Update your privacy tools for the AI era: a practical checklist

Update your privacy tools for the AI era: a practical checklist

AI chatbots and generative tools are now part of everyday work for millions of people. Services like ChatGPT, Google Gemini, and Microsoft Copilot can compose emails, summarise documents, and even help with coding. But as these tools become embedded in our routines, they also create new privacy risks. What you type into a prompt, upload as a file, or allow an extension to see can be stored, used for training, or leaked.

The World Economic Forum published an article in June 2026 emphasising that users need to update their privacy tools to cut cybersecurity risk in the AI era. The piece notes that traditional protections like password managers and VPNs still matter, but they aren’t enough on their own. AI-specific threats—such as prompt injection, model inversion, and data exfiltration through browser extensions—require updated practices.

What happened

The WEF article highlights how the integration of AI tools has widened the attack surface for personal data. It points out that many consumers are still relying on privacy setups designed for a pre-AI web. Meanwhile, real-world incidents demonstrate the damage. In 2023, Samsung employees unknowingly leaked confidential source code and internal meeting notes by pasting them into ChatGPT. The data then became part of the model’s training set, effectively exposing it to anyone who could prompt correctly. Samsung responded by banning the use of generative AI tools on company devices.

That incident is not isolated. Several studies have shown that chatbots often retain user inputs for model improvement unless explicitly told not to. Third-party extensions that integrate with AI tools can also access your prompts and outputs, potentially sending them to their own servers.

Why it matters

The core problem is that AI tools handle a new kind of sensitive data: the prompts and files you voluntarily feed them. A password manager keeps your credentials encrypted; a VPN hides your IP address. But neither prevents an AI company from using your text for training, nor does a traditional ad blocker stop an AI extension from reading everything you type into a chat window.

If you use AI tools without adjusting privacy settings, you could be sharing more than you intend. For example, legal documents, financial details, medical information, or personal conversations can all end up as training material. Even if a company promises not to use your data for training, the risk of a breach or accidental leak remains.

In addition, AI-powered browser extensions (grammar checkers, summarisers, writing assistants) can scan the pages you visit. Some have been found to collect more data than necessary. Without proper scrutiny, you might grant an extension permission to “read and change all your data” on websites—a broad access that includes AI chat pages.

What readers can do

Here is a practical checklist to update your privacy tools and habits for the AI era.

1. Audit your existing toolstack.

   • Password manager: Ensure it uses end-to-end encryption and has a zero-knowledge architecture. Most reputable ones (Bitwarden, 1Password, KeePass) already do, but verify that the browser integration does not expose credentials to AI extensions.
   • VPN: Choose a provider that does not log traffic and supports split tunnelling. This lets you route only AI-related traffic through the VPN if needed.
   • Ad/tracker blocker: Use one that also blocks known AI-specific trackers. uBlock Origin with custom filter lists can block many analytics scripts embedded in AI sites.
   • Browser privacy settings: Disable third-party cookies and enable “Do Not Track” where available. Review permissions for every extension that claims to work with AI.

2. Adjust privacy settings on major AI platforms.

   • ChatGPT (OpenAI): Go to Settings → Data Controls. Turn off “Improve the model for everyone” (this stops your conversations from being used for training). Also disable chat history saving if you handle sensitive topics.
   • Google Gemini (formerly Bard): In Activity controls, turn off “Gemini Apps Activity” and delete past activity. Note that Gemini may still collect some data for safety monitoring.
   • Microsoft Copilot: In the privacy dashboard, disable “Improve Copilot experiences” and opt out of “Performance and diagnostic data”. For enterprise users, check your organisation’s data governance policies.
   • Other AI tools: Look for a “data usage” or “training” toggle. If none exists, assume your inputs are used for model training and avoid sharing personal information.

3. Adopt new tools specifically for AI privacy.

   • Prompt sanitizers: Browser extensions like “AI Privacy Shield” or “PromptCleaner” can strip personally identifiable information from your prompts before sending them to an AI service. They run locally and do not transmit your original text.
   • Temporary email services: Use disposable email addresses (e.g., from DuckDuckGo’s Email Protection, SimpleLogin, or Temporary Mail) when signing up for AI trials. This prevents the AI company from linking your real inbox to your usage.
   • Container tabs: Firefox Container extensions or Chrome profiles allow you to isolate AI sessions from your regular browsing, reducing the risk of cross-site tracking.

4. Develop safer habits.

   • Never paste passwords, API keys, credit card numbers, or personal identification details into an AI prompt, even in a private chat.
   • Use guest or incognito mode when testing unfamiliar AI tools. This limits the amount of data the tool can collect about your browser history.
   • Review permissions of any AI-related extension carefully. If it requests access to “all websites” or “all your data”, consider whether you trust the developer—or whether you need the extension at all.
   • For sensitive work, consider running open-source AI models locally (e.g., Llama, Mistral) using tools like Ollama or LM Studio. Your data never leaves your machine.

Future-proofing

Regulations like the EU AI Act are beginning to require transparency about how AI models use personal data. Keep an eye on those updates and adjust your settings accordingly. Also watch for improvements in browser sandboxing and OS-level privacy features for AI apps. For now, the combination of audited tools, strict platform settings, and cautious habits is your best defence.

Sources

• World Economic Forum, June 2026: “How to update data privacy tools to cut cybersecurity risk in the AI era” (the article that sparked this guide).
• Samsung employee data leak via ChatGPT (2023) – widely reported by Reuters, The Verge, and others.
• OpenAI data controls documentation (help.openai.com).
• Google Gemini Privacy Help (support.google.com).
• Microsoft Copilot Privacy FAQ (privacy.microsoft.com).

No single tool or setting will eliminate all risk, but these steps will bring your privacy posture in line with the current AI landscape.