Easy-to-use artificial intelligence tools are changing our work and school lives. However, they come with a host of new privacy threats. Here are some ways to help protect yourself.

Generative AI tools and apps are becoming integral to our daily routines, offering creative solutions, entertainment and significant productivity gains. While these tools are rapidly evolving and improving, their use also raises critical questions: What are these tools learning about us and is it too much?

The generative AI tools now available to the public are likely to be transformative in ways we cannot yet fully comprehend. Generating letters, business plans, images and videos can be greatly accelerated if you know how to use these tools effectively, but we are just in the early stages of how these tools may be woven into our daily lives. These AI tools, such as chatbots, use sophisticated algorithms and vast amounts of data points from across the internet to generate text, videos and images. User interactions are via often easy-to-use chat functions, which may already have been integrated into our browsers and social media.

But as you engage with these tools, it’s crucial to understand that these AI tools are not just helping you, they are “learning” from every interaction with you. Unlike traditional search engines, chatbots capture and store every query or prompt you enter, along with information from your profile and the data gleaned from your computer equipment, such as your IP address. This data is used to train and improve the AI, making it smarter, but also potentially exposing you, your family or your business to cybercrime. Thus, it’s critical for you to be aware of what it’s collecting, and that you conscientiously limit the information you put into the system, starting with how you set up your account and your interactions.

How to protect yourself

Understand how generative AI tools work

The excitement around the future of AI tools has prompted global investment and adoption. Companies are leveraging these tools to enhance efficiencies and develop new products and services. You or your children may already be using generative AI to draft letters, essays, resumes, check homework or plan trips. 

Know that these tools are smarter and collect more information than traditional search engines. Every interaction is recorded and saved, even if a chat or query is deleted.

• Your user profile information is also captured – IP address, location, phone number, logon data, device information (make, model), browser cookies, network activity, etc.¹
• Information about you is also extracted and aggregated from social media pages, for example, and from other online services.

Publicly available tools capture, share and build on information, making it potentially accessible by those with malintent. Many of these generative AI tools, apps and chatbots are currently not subject to any government regulations, ethics rules and governance structures, no matter how sophisticated these tools might seem. This makes it possible for those trying to compromise you to use this information to target you or your family members.

Take care setting up an account

The conversational nature of generative AI tools often leads people to enter more information than they typically put into a search engine.

Before jumping in, follow these simple precautions: 

Anonymize your profile

• Create a new, dedicated email address when you sign up for a chatbot. Avoid using the email account you use for banking, work, social media or other personal services.
• Be similarly cautious with the phone number you enter and the other identifiers you provide.
• Use a VPN to further anonymize your profile and connection with the chatbot so that your interactions are encrypted. This will also prevent the system from collecting your device’s IP address and location.

Choose a service with care

• Use a reputable generative AI service, which can be found in the Apple App and Google stores. Be cautious about using experimental new AI tools, and disable “model learning/” You do not need to be part of the data collection process.
• Create a strong program password to stop others from gaining access to your chat history
• Use two-factor authentication, if offered.

Be discreet – and diligent

• Do not disclose sensitive and personal information into the chatbot such as people’s names, birthdays, tax information, geographical addresses, etc. (If you wouldn’t want to see that information in a newspaper, don’t put it in a chatbot).
• Provide parameters, not specifics. For example, when writing a resume, avoid putting in your personal information. Find a way to ask what you need without the tool identifying you.
• Opt out of data collection and model learning in the tool’s settings. Your chats, images and conversations should remain yours – the appropriate settings boxes to maintain more privacy
• Log off after each chat session to prevent the system from continuing to learn about you and what you are doing.
• Regularly delete your account’s cookies and history to limit data collection.

Protect yourself from cybercriminals

Public AI tools give hackers and cybercriminals new ways to profile and target you and your family. For example, they can use AI to:

• Write sophisticated malware to break into systems you regularly use.
• Generate convincing phishing emails in various languages without telltale signs of forgery,  bad grammar or misspellings.
• Create disinformation or “data-poison” existing tools.

To counter these threats, always verify the sources of emails, phone calls, texts and even video calls via a separate channel. Be  especially cautious with requests to that attempts to change payment information, provide sensitive information or other critical information.

In the face of AI tools increasingly being integrated into our daily lives, make sure you have basic but important cybersecurity protections.

Basic cybersecurity protections

• Use multi-factor authentication wherever offered for online banking, email, social media, shopping, airline miles and other accounts by making it significantly harder for someone to access your information and assets.
• Use strong and unique passwords, and consider using a reputable password manager.
• Run anti-virus software continuously on all devises.
• Keep device operating systems up-to-date to close security loopholes.

An emerging threat: Voice deepfakes

The generative AI tools can easily capture and replicate voices from social media, webinars, and calls. Cybercriminals combine so-called voice deepfakes with a target’s own profile and/or bank information in an ever-growing array of schemes.

The generative AI tools can easily capture and replicate voices from social media, webinars and calls. Cybercriminals can create these voice “deepfakes” combined with personal information for potential scams. With fraud attempts and scams on the rise, it’s important to validate the person and conduct “human authentication.” Is it really your business partner asking you to transfer money? Or your grandchild asking for a loan? Always verify the identity of the person making the request, especially if it involves financial transaction. For families, establishing a family safe word to confirm an urgent request is a way to eliminate doubt.

We can help

Your J.P. Morgan advisor can provide practice guidance and resources on how to you, your family and your information cyber secure.