Part 1: What Never Goes Into AI Tools
This is a member-only chapter. Log in with your Signal Over Noise membership email to continue.
Log in to readModule 4 · Section 2 of 6
Part 1: What Never Goes Into AI Tools
The simplest framework: if you would be uncomfortable seeing this information appear in a data breach report — or if a regulator, client, or employer would be uncomfortable seeing it there — it does not go into a public AI tool.
Never enter:
- Client names, contact details, or anything that identifies a specific client or engagement
- Source code from proprietary systems, especially authentication code or anything involving credentials
- Employee information — salaries, performance reviews, personal details, HR matters
- Financial data that is not public — internal forecasts, unreported results, acquisition discussions
- Health information about any individual
- Legal communications protected by privilege
- API keys, passwords, access tokens, or any credential
- The contents of contracts before they are signed and public
- Competitive intelligence and internal strategy documents
What is generally fine:
- Public information — anything already on your website, in press releases, in published filings
- Generic tasks using fictional or anonymised examples — “write an email about a delayed project” with no real names
- Your own writing and work that does not contain the above categories
- Questions about concepts, techniques, or general knowledge
The sanitisation test: Before pasting anything into an AI tool, ask whether you could read it aloud in a public place without concern. If the answer is no, either anonymise it — replace real names with placeholders, remove identifying details — or use a local model.