RSS feed

Know the risks of generative AI tools

Be careful what you share, check how AI service providers handle your data

1/22/2026 2:00:00 PM

A person working at a laptop. An illustration indicates he is chatting with an AI bot.

By Blake Russell, Information Security Analyst, MNIT

Artificial Intelligence (AI) services continue to be an integral part of our daily internet use. They work behind the scenes to personalize recommendations on e-commerce platforms, streaming services, and social media.

Generative AI allows users to interact directly with this technology to create art, text, and audio/video content. Examples of generative AI include Bard, ChatGPT, Craiyon, and OpenArt.

The growing popularity of generative AI has raised concerns about privacy and data misuse. Since it works by searching for, collecting, and analyzing data found on the Internet, some personally identifiable information is likely becoming part of its growing data library. Users should be mindful of what kind of information they provide these services.

What to consider

AI-generated content comes from content created by humans; therefore:
  • Content it provides you may be plagiarized or it might violates copyrights. 
  • It could provide information that is inaccurate, biased, or offensive.
  • Bad actors may use sensitive data with generative AI to impersonate or defraud others.
  • If you use generative AI for work, know your organization’s standards and policies.

Be cautious with your data

  • Consider what type of data you provide or enter into the service. Generative AI works can take any personally identifiable information you enter, and share it as a result or output. Avoid sharing sensitive information with these services.
  • Do not share sensitive or personal information with these services that you don't want to make public.
  • Understand what AI service providers are doing to protect your data and whether you can opt out of or limit the use of your data.
  • The service should only keep your personal information for as long as there is a legitimate business use. In certain cases, legal requirements may determine how long service providers can hold your data.

What you can do

You should read and understand the AI service provider’s data privacy policies, terms, and conditions of use. If their data handling procedures are unclear, consider an alternative provider. 

Remain vigilant and be proactive when it comes to safeguarding your personal information.

General

Cybersecurity

Cybersecurity Month

Cybersecurity