BreachExpress

Cybersecurity, explained for the rest of us.

General

Using AI Assistants at Work: A Step-by-Step Security Guide

Margot 'Magic' Thorne@magicthorneMay 29, 202612 min read
Professional reviewing AI assistant security settings on laptop in office environment

You're drafting a sensitive email and think: what if I just paste this into ChatGPT to polish the language? Or you're analyzing internal data and wonder if Claude could spot patterns faster than you can. The AI assistant sits there, one browser tab away, ready to help.

The question isn't whether AI assistants are useful at work. They are. The question is whether using them with confidential information creates risks your organization can't tolerate. The answer depends on which tool you're using, how it handles data, and what your employer's policies actually say.

This guide walks through the security mechanics of AI assistants in workplace contexts. You'll learn how to assess whether a specific tool is appropriate for your work, how to configure it to minimize data exposure, and what questions to ask before you paste anything sensitive into a prompt box.

What Actually Happens When You Use an AI Assistant

When you submit a prompt to an AI assistant, several things happen behind the scenes. The text you type travels from your device to the service's servers, typically over an encrypted HTTPS connection. The service processes your input, generates a response, and sends it back. But what happens to your prompt after that varies dramatically by provider and product tier.

Consumer AI services like free ChatGPT, Gemini, or Claude store your conversation history by default. This storage serves multiple purposes: it lets you return to previous conversations, enables the service to maintain context across a session, and in many cases, feeds into training data for future model versions. The terms of service usually disclose this, but the disclosure sits buried in legal language most people never read.

Enterprise versions of these same tools operate differently. Business contracts often include data processing agreements that specify how your organization's data gets handled, where it's stored, and whether it can be used for training. Some enterprise AI tools offer data residency controls, letting you choose which geographic region hosts your data. Others provide audit logs that track who accessed which conversations and when.

The distinction matters because confidential work data has different protection requirements than personal information. Your company's financial projections, customer lists, product roadmaps, or legal strategy documents carry obligations that personal correspondence does not. Putting that data into a system that uses it for training or stores it indefinitely creates exposure your organization might not accept.

Assessing Risk for Your Specific Situation

Not all workplace AI use carries the same risk. The appropriate tool and configuration depend on what kind of data you're working with, what your industry's compliance requirements demand, and what your employer's policies allow.

Start by identifying the sensitivity level of the information you want to process. Public information or data already published externally carries minimal risk. Internal business information that's not confidential might be acceptable in some AI tools but not others. Confidential data, regulated data, or anything covered by non-disclosure agreements requires the most restrictive approach.

Your industry's regulatory environment shapes what's permissible. Healthcare organizations working with patient information must comply with HIPAA, which restricts how protected health information can be processed and stored. Financial services firms handling customer data face requirements from regulations like GLBA. Legal practices dealing with client matters operate under attorney-client privilege rules. Government contractors work within frameworks like NIST SP 800-171 for controlled unclassified information. Each of these contexts imposes specific technical and contractual requirements that consumer AI tools rarely meet.

Your employer's acceptable use policy is the next checkpoint. Some organizations prohibit all AI assistant use with company data. Others permit it with approved enterprise tools only. Still others allow consumer AI tools for certain tasks while prohibiting them for others. The policy might not explicitly mention AI assistants, but it probably addresses cloud services, data handling, or acceptable use of company resources in ways that apply.

If your organization lacks a clear AI policy, that absence doesn't mean permission. It means you're operating in a gray area where the rules haven't caught up to the technology. In that situation, the conservative approach is to treat AI assistants like any other third-party service: don't put confidential data into them without explicit approval.

Consumer AI Tools and Data Retention

The major consumer AI assistants handle data differently, and those differences matter when you're deciding whether to use them for work.

ChatGPT stores conversation history by default and uses it to improve the model unless you opt out. You can disable chat history in settings, which prevents OpenAI from using your conversations for training, but it also disables the ability to return to previous conversations. The free tier offers no data processing agreement and no contractual guarantees about how your inputs get used. ChatGPT Plus (the paid consumer tier) operates under the same terms as the free version in this regard.

Claude stores conversations in your account history. Anthropic's terms state they don't train on conversations from paid users, but the free tier operates under different terms. Like ChatGPT, Claude offers no business associate agreement or data processing agreement at the consumer level.

Google's Gemini integrates with your Google account and stores conversations. Google's privacy policy for consumer products permits the company to use your inputs to improve services, though you can pause activity tracking in your account settings. Gemini's integration with other Google services means your AI conversations might surface in search history or feed into cross-product recommendations.

Microsoft Copilot comes in multiple versions with different data handling. The consumer version operates under Microsoft's standard services agreement. The enterprise version, integrated with Microsoft 365, includes business-grade data protections and doesn't use customer data for training the underlying models.

These distinctions create a practical rule: if you're using the free or consumer-paid version of an AI assistant, assume your prompts become part of the service's data ecosystem. That might be acceptable for personal use or non-confidential work tasks, but it's incompatible with most definitions of confidential business information.

Enterprise AI Tools and Contractual Protections

Enterprise AI offerings exist specifically to address the data handling concerns that consumer versions create. The technical capabilities might look similar, but the contractual and architectural differences matter.

ChatGPT Enterprise and ChatGPT Team offer business contracts that exclude your data from training, provide administrative controls over user access, and include data processing agreements that define how OpenAI handles your information. These versions support single sign-on integration with your organization's identity provider, audit logging, and in some cases, data residency options.

Claude for Work provides similar contractual protections. Anthropic commits not to train on customer data and offers administrative visibility into usage patterns. The service operates under a business associate agreement for healthcare customers and includes compliance documentation for regulated industries.

Microsoft Copilot for Microsoft 365 integrates with your organization's existing Microsoft environment and inherits the data protections already in place for your email, documents, and collaboration tools. Your prompts and the AI's responses stay within your tenant, subject to the same data governance policies as other Microsoft 365 content. Microsoft doesn't use customer data from Copilot for Microsoft 365 to train foundation models.

Google Workspace includes Gemini integration for business customers, with data handling governed by Google's Workspace agreements. Like Microsoft's approach, this version keeps your data within your organization's environment and excludes it from training.

The enterprise versions cost more, sometimes significantly more, but the cost reflects the contractual guarantees and technical controls they provide. For organizations handling confidential information, these protections aren't optional extras. They're the baseline for acceptable use.

Configuring AI Assistants for Safer Use

If your organization permits AI assistant use, configuration matters. The default settings optimize for convenience, not privacy. Adjusting them reduces exposure.

Disable chat history if the tool allows it. This prevents the service from storing your conversations long-term and typically opts you out of training data use. The tradeoff is losing access to previous conversations, but that's often acceptable for work use where you're solving immediate problems rather than maintaining ongoing threads.

Use separate accounts for work and personal AI assistant use. Don't log into ChatGPT with your work Google account and then use it for personal questions. The mixing of contexts creates data spillover where work information might inform personal responses or vice versa. If you're using an enterprise AI tool provided by your employer, use it exclusively for work and maintain a separate personal account for everything else.

Review and delete conversation history periodically. Most AI assistants let you delete individual conversations or clear your entire history. For work use, develop a habit of deleting sensitive conversations immediately after the task completes. Don't let months of work prompts accumulate in your account.

Check your organization's SSO integration if you're using an enterprise tool. Single sign-on means your AI assistant access ties to your work identity, which provides better audit trails and lets your IT team revoke access if you leave the organization. It also means your usage might be visible to administrators, which is appropriate for work tools.

Verify encryption settings if the tool provides them. Most modern AI assistants encrypt data in transit by default, but some enterprise versions offer additional controls like encryption at rest with customer-managed keys. If your organization has specific encryption requirements, confirm the AI tool meets them before use.

What to Put In and What to Keep Out

The practical question isn't "Is this AI tool secure?" but "Is this specific task appropriate for this specific tool?" The answer requires judgment about the data involved.

Safe for most AI assistants: publicly available information, general knowledge questions, writing assistance for non-confidential content, coding help with generic examples, brainstorming ideas that don't reference specific business plans.

Questionable for consumer AI assistants, potentially acceptable for enterprise versions: internal process questions that don't reveal confidential details, analysis of anonymized data, drafting assistance for internal communications that don't contain sensitive information.

Inappropriate for consumer AI assistants, requiring enterprise tools with proper contracts: customer data, financial information, product roadmaps, strategic plans, legal documents, anything covered by NDA, regulated data of any kind.

Never appropriate for any AI assistant without explicit legal and compliance review: classified information, data subject to attorney-client privilege, protected health information outside of BAA-covered tools, payment card data, social security numbers, authentication credentials.

The boundary between these categories isn't always clear. When in doubt, ask yourself: if this conversation became public, what would the consequences be? If the answer involves regulatory penalties, customer trust damage, or competitive disadvantage, don't put it in an AI assistant without confirming the tool meets your organization's requirements.

When Your Employer Monitors AI Use

Many organizations now monitor AI assistant usage as part of their security posture. This monitoring takes several forms, and understanding it helps you make informed decisions about workplace AI use.

Network-level monitoring tracks traffic patterns to known AI service domains. Your IT team can see that someone accessed ChatGPT or Claude, but they typically can't see the content of your encrypted conversations. This visibility is enough to identify policy violations if your organization prohibits consumer AI tools.

Endpoint monitoring software on company devices can capture more detail, potentially including screenshots or keystroke logging that reveals what you typed into an AI assistant. The extent of this monitoring varies by organization and by the specific software deployed.

Enterprise AI tools with administrative dashboards give your IT team visibility into usage patterns, conversation counts, and in some cases, the ability to review conversation content. This visibility is a feature, not a bug. It lets organizations ensure AI use complies with policies and doesn't expose confidential information.

Browser extensions and data loss prevention tools can flag or block attempts to paste certain types of content into web forms, including AI assistant prompt boxes. If you try to paste a document containing social security numbers or credit card patterns into ChatGPT, your organization's DLP tool might intercept it.

This monitoring isn't surveillance for its own sake. It's risk management. Organizations have legal obligations to protect certain types of data, and they need visibility into how that data moves through their environment. AI assistants represent a new channel for data exfiltration, whether intentional or accidental, and monitoring helps organizations catch problems before they become breaches.

The Mechanism Behind AI Training Data Use

Understanding how AI services use your prompts for training clarifies why data handling policies matter. The mechanism isn't mysterious, but it's often misunderstood.

When you submit a prompt to an AI assistant, the service logs it along with the generated response and associated metadata like timestamp and user identifier. This log serves multiple purposes: debugging, performance monitoring, abuse detection, and potentially training data collection.

For services that train on user inputs, your conversations join a massive dataset of human-AI interactions. Engineers review samples to identify failure modes, annotation teams label conversations to teach the model desired behaviors, and the entire corpus feeds into training runs for future model versions. Your specific prompt might not directly influence the model, but it contributes to the statistical patterns the model learns.

The privacy concern isn't that someone at OpenAI or Anthropic will read your specific conversation about quarterly earnings. The concern is that patterns from your data might leak into the model's outputs for other users. If you put proprietary terminology or unique business concepts into prompts, and the model trains on those prompts, it might later suggest similar terminology to someone else working in your industry. The leakage is statistical, not direct, but it's real.

Enterprise contracts that exclude customer data from training prevent this mechanism from operating on your prompts. Your conversations still get logged for operational purposes, but they don't join the training dataset. The contractual commitment creates a legal obligation that consumer terms of service don't provide.

Alternative Approaches for High-Sensitivity Work

If your work involves data too sensitive for any cloud-based AI assistant, alternatives exist that keep processing local or within controlled environments.

Locally-run language models let you process text on your own hardware without sending it to external services. Tools like Ollama or LM Studio let you download and run models on your laptop. The models are smaller and less capable than GPT-4 or Claude, but for many tasks, they're sufficient. The tradeoff is hardware requirements, slower performance, and the need to manage the software yourself.

Private cloud deployments of AI models let organizations run their own instances within their controlled environment. Cloud providers offer services that let you deploy models within your virtual private cloud, keeping data within your network boundary. This approach requires technical expertise and infrastructure investment, but it provides the strongest data controls.

Air-gapped systems for classified or highly regulated work keep AI processing entirely offline. Some organizations dealing with classified information or extreme sensitivity requirements run AI models on networks with no internet connectivity. Data moves in and out through controlled, audited processes. This approach is expensive and operationally complex, but it's sometimes the only acceptable option.

Human alternatives remain viable for many tasks. Sometimes the right answer is to skip the AI assistant and do the work yourself or delegate it to a colleague with appropriate clearance. AI tools offer speed and convenience, but they're not mandatory. If using them creates unacceptable risk, don't use them.

Building an AI Use Policy for Your Team

If your organization lacks clear guidance on AI assistants, you might be in a position to influence policy development. Here's what an effective policy addresses.

Define permitted and prohibited use cases explicitly. Don't rely on general principles like "use good judgment." Specify which types of data can go into which tools. List approved enterprise AI services if any exist. State clearly what's forbidden.

Establish a process for requesting exceptions. Sometimes a specific project needs AI capabilities that standard policy doesn't allow. Create a path for teams to request approval for new tools or use cases, with security and legal review.

Require training for users of enterprise AI tools. Even with proper contracts and configurations, users need to understand what's appropriate. Training should cover data classification, how to recognize sensitive information, and what to do when they're unsure.

Implement technical controls where possible. Data loss prevention tools, network filtering, and endpoint monitoring can enforce policy automatically. Technical controls don't replace policy, but they reduce the burden of perfect compliance.

Plan for incident response. What happens when someone accidentally pastes customer data into ChatGPT? The policy should define reporting requirements, investigation procedures, and remediation steps. Treating AI misuse as a reportable security incident encourages disclosure and helps the organization learn from mistakes.

Review and update the policy regularly. AI tools evolve rapidly. A policy written in 2024 might not address capabilities or risks that emerge in 2026. Schedule periodic reviews and update the policy as the technology and threat landscape change.

The Reference Implementation Analogy

In How I Met Your Mother, Ted keeps a box of relationship mementos that surfaces repeatedly as he tries to move forward while holding onto the past. The box isn't the problem. The problem is that he never decides what to do with it. It just accumulates, creating weight he carries without examining.

AI conversation history works the same way. Every prompt you submit joins a growing archive of your thinking, your questions, your work patterns. Consumer AI services keep that box for you, indefinitely, using it for purposes you might not fully understand. Enterprise tools give you more control over what goes in the box and who can look inside, but the box still exists.

The question isn't whether to use AI assistants. The question is whether you're making conscious decisions about what goes into that box and what happens to it afterward. Default settings optimize for the service provider's interests, not yours. Taking control means understanding the mechanism, adjusting the settings, and sometimes choosing not to put certain things in the box at all.

Questions to Ask Before You Paste

Before you submit a prompt containing work information to any AI assistant, run through this checklist:

What type of data am I about to share? Can I classify it according to my organization's data handling policy?

Which AI tool am I using, and what tier? Is this the consumer version or an enterprise version with contractual protections?

Does my organization have a policy on AI use? Have I read it recently enough to remember what it says?

Could this prompt contain information covered by regulation, NDA, or privilege? If I'm uncertain, who can I ask?

Does this task require an AI assistant, or am I using it out of habit? What's the alternative if I don't use AI for this?

If this conversation became public or leaked to competitors, what would the consequences be? Can I live with that risk?

Have I configured this tool to minimize data retention? Is chat history disabled? Will this conversation be deleted after I'm done?

These questions don't take long to answer, but they create a deliberate pause between impulse and action. That pause is where good security decisions happen.

What Actually Protects Confidential Data

AI assistants are tools. Like email, cloud storage, or collaboration platforms, they create data handling questions that require conscious answers. The technology itself is neither safe nor unsafe. The safety comes from matching the tool to the task, understanding what happens to your data, and making choices that align with your organization's risk tolerance.

Consumer AI assistants offer convenience and capability at the cost of data control. Enterprise versions offer contractual protections and technical controls at the cost of money and administrative overhead. Local or private deployments offer maximum control at the cost of complexity and reduced capability. The right choice depends on what you're trying to do and what you're trying to protect.

The practical guide is this: know your organization's policy, understand your tool's data handling, classify your data before you share it, and when in doubt, ask someone with authority to answer. AI assistants will keep getting better, more integrated, and more tempting to use for everything. The security challenge isn't keeping up with the technology. It's maintaining the discipline to use it appropriately.

Secure workspace with AI assistant configured for confidential work
→ Filed under
AI securityworkplace privacydata protectionconfidential informationAI assistantswork security
ShareXLinkedInFacebook

Frequently asked questions

If you're on a company network or device, your employer can see traffic patterns and potentially monitor usage. Some organizations deploy specific monitoring for AI tool access.
Most consumer AI assistants store your prompts and may use them for training unless you explicitly opt out. Enterprise versions often include contractual data protections.
Check your organization's acceptable use policy first. Many companies now have specific AI usage guidelines that define what's allowed and what's prohibited.
Enterprise versions typically include data residency controls, audit logs, and contractual guarantees about training exclusion. Free versions rarely offer these protections.
Review the tool's data retention policy, check if it uses your inputs for training, verify encryption in transit, and confirm whether it meets your industry's compliance requirements.

You might also like

Browser window showing Just Delete Me directory with color-coded difficulty ratings for deleting accounts across popular services
General

Just Delete Me: the directory that makes account closure possible

Step-by-step guide to deleting accounts from any service using Just Delete Me, manual deletion processes, and what happens to your data after closure.

12 min · Margot 'Magic' Thorne · May 31

Smartphone screen showing app icons with some highlighted for deletion
General

Apps you should delete from your phone: the practical guide to cleaning up

Step-by-step walkthrough to identify and remove apps that drain battery, harvest data, or sit unused. Here's what to delete, what to keep, and why it matters.

12 min · Margot 'Magic' Thorne · May 30

Split screen showing a Google search bar on one side and targeted ads appearing on websites on the other side, connected by glowing data streams
General

Why your Google searches follow you around: the ad tracking mechanism explained

Google tracks your searches to show you ads. Here's the technical mechanism behind ad targeting, what data gets collected, and what you can actually control.

11 min · Margot 'Magic' Thorne · May 30