Is This AI Tool Safe?

Start with access

The risk is not only what you type into a chat box. AI tools can ask for browser history, email, files, meeting recordings, calendars, screenshots, cloud drives, social accounts, payment data, or company systems. A useful tool can still be the wrong tool if it needs more access than the task requires.

Sort the tool by risk level

A low-risk AI tool helps with public or disposable material. A higher-risk tool touches private files, account data, financial details, health information, school records, work documents, messages, photos, voice, video, or anything that would hurt if it leaked or was reused. The more personal the data, the more proof you need before trusting the tool.

Checklist before you connect it

• Identify who operates the tool, where the company is based, and how it makes money.
• Review permissions before connecting Gmail, Google Drive, Microsoft, Slack, browser, calendar, camera, microphone, or file access.
• Look for a privacy policy that clearly explains storage, sharing, training use, retention, deletion, and support.
• Check whether your data can be deleted, exported, or excluded from model training.
• Look for recent product updates, security documentation, account controls, and a real support channel.
• Search the tool name with words like scam, breach, privacy, lawsuit, complaint, and data leak.

What not to put into an AI tool

Do not paste passwords, one-time codes, private keys, seed phrases, tax documents, medical records, legal files, school records, confidential work material, customer data, or another person’s private information unless you have a clear reason, permission, and a privacy setup you actually understand.

Browser extensions and meeting bots need extra caution

A browser extension can sometimes see pages you visit, text you type, or data inside web apps. A meeting bot may capture voices, names, faces, chat messages, confidential plans, and decisions. Before installing either one, check whether it can be limited to specific sites, meetings, folders, or accounts.

When to say no

• The tool needs broad permissions for a narrow job.
• The operator is hard to identify or the privacy terms are vague.
• There is no clear deletion path or account removal process.
• The tool asks for passwords, seed phrases, one-time codes, remote access, or direct account control.
• The tool promises certainty in medical, legal, financial, hiring, school discipline, or safety decisions.
• The tool pressures you to connect accounts before showing what it actually does.

Lower-risk ways to test

• Try the tool with a throwaway task before connecting important accounts.
• Upload a sample file instead of private documents.
• Use limited permissions when the app offers them.
• Use a separate account for testing when possible.
• Remove the app or extension when you are done testing.
• Check connected-app settings later to make sure access was actually revoked.