-
Summary of Joerg Storm’s Digital Storm Weekly #169 – “Before You Ask Claude”
This edition focuses on one critical message:
The biggest AI security risk is no longer what you type into Claude—it’s how your account is configured and what permissions you’ve granted it.
Executive Summary
As AI assistants become deeply integrated into daily work, privacy and security risks have shifted dramatically. The newsletter argues that many professionals unknowingly expose sensitive business information through personal AI accounts—not because of hacking, but because of default settings, connected apps, and poor governance.
The central recommendation is simple:
-
Turn off AI model training if you’re using a personal account.
-
Separate work AI from personal AI.
-
Regularly audit AI connectors and permissions.
-
Never allow one AI assistant unrestricted access to all your business systems.
Key Takeaways
1. Your AI Plan Determines Your Privacy
The biggest misconception today is that privacy depends only on what you paste into Claude.
According to the newsletter:
Consumer Claude plans (Free, Pro, Max):
-
Conversations may be used for model training unless you explicitly opt out.
-
Data retention can extend for years if training remains enabled.
Business plans (Team, Enterprise, API, Amazon Bedrock, Google Vertex):
-
Data is not used for model training by default.
-
Stronger commercial privacy protections apply.
Lesson:
Organizations should avoid using personal AI accounts for confidential work.2. The “Lethal Trifecta”
The newsletter introduces what security researchers call the Lethal Trifecta.
An AI assistant becomes dangerous when it simultaneously has:
-
Access to your private files
-
Ability to read external content
-
Ability to communicate externally (email, messaging, APIs)
If malicious instructions are hidden inside external documents, the AI could unintentionally expose confidential information without traditional hacking.
3. AI Governance Has Become a Business Issue
Several industry developments reinforce this trend:
-
Consumer AI privacy defaults have changed.
-
Prompt injection attacks are becoming a recognized security risk.
-
Enterprises are adopting the “Rule of Two” for AI permissions.
-
Employees increasingly use personal AI tools without IT oversight (“Shadow AI”).
4. Pasting vs Connecting
The newsletter highlights an important distinction:
Pasting text
-
May contribute to AI model training (depending on settings).
Connecting apps
-
Usually doesn’t train the model directly.
-
However, it expands the assistant’s access, increasing security risk if permissions aren’t managed carefully.
5. Useful Claude Features
Several built-in features can reduce risk:
-
Incognito Chats for temporary, non-training conversations.
-
Projects to isolate work by client or topic.
-
Business/API access for stronger data protections.
-
Connector management to regularly review and remove unused integrations.
6. Five-Step Security Checklist
The newsletter recommends:
-
Disable model training.
-
Review every connected service.
-
Remove unnecessary permissions.
-
Separate personal and work AI accounts.
-
Audit connectors monthly.
7. Before Sharing Sensitive Information
Ask yourself:
“Would I be comfortable if this exact text appeared in my company’s public communication channel with my name attached?”
If the answer is no, either:
-
anonymize the content, or
-
use a business AI environment instead.
AI Leadership Insight
The accompanying podcast emphasizes that AI is no longer just a productivity tool—it is reshaping how organizations operate.
Key points include:
-
AI is transforming workforce structures.
-
Leaders will increasingly manage both people and AI agents.
-
Human judgment becomes more valuable as automation grows.
-
Competitive advantage comes from redesigning workflows, not merely deploying AI tools.
Trending AI Tools Mentioned
The newsletter highlights several emerging tools:
-
Bluerails Discovery
-
Tencent EdgeOne Makers
-
AgentX
-
Skybridge
-
BrowserAct
-
Propane
-
Oxlo.ai
-
OpenArt Director
Other Notable Highlights
The issue also features:
-
AI governance discussions following Anthropic’s advanced model restrictions.
-
Research on AI-designed sustainable food.
-
AI-assisted radiology receiving regulatory recognition.
-
Google’s latest generative AI search controls.
-
Clinical trials validating AI support tools in healthcare.
Overall Message
The newsletter argues that AI security is now primarily a governance challenge rather than a technical one. Organizations should focus on configuring AI tools responsibly, limiting unnecessary permissions, separating personal and business use, and establishing clear policies for AI adoption.
The core takeaway is that businesses will gain the greatest value from AI not by giving employees more AI tools, but by redesigning workflows, strengthening governance, and ensuring humans and AI systems work together securely.
drstorm.substack.com
Make sure your private work is not sitting in the wrong account.
-

