Chapter BYour weekly AI habitPage 5 of 8

Your weekly AI habit

Protect privacy and reduce risk

A safe workflow defines data, permission, consequence, and escalation before tool use.

~12 minPrivacy and risk

Before you start

Why this matters

Without opening an AI tool, write the acceptance test for this job: run a thirty-minute weekly practice loop that improves one real workflow. Name one fact that must be exact, one judgment a person must make, and one condition that should stop the workflow. Compare your answer with the professional standard below; the gap is what you should practice.

1Learn the idea

Read

Draw the boundary

Map four things: what enters the system, what the provider may retain, who can access output, and what action follows. For this topic the operative rule is: practice with synthetic or redacted material; keep a standing list of data that must never enter consumer tools and review vendor settings. “No secrets” is too vague; name prohibited fields and approved substitutes.

Classify the work by consequence. Low-risk ideation with synthetic data may need ordinary review. Internal drafts based on approved material need access and retention controls. Public claims, student decisions, deployments, impersonation, sensitive targeting, or automated external actions require a stricter gate and sometimes should not use the tool at all.

Read

Threat and rights review

The scenario is run a thirty-minute weekly practice loop that improves one real workflow. Ask:

  • Do we have permission to process every input and license every asset?
  • Could the output mislead someone about authorship, evidence, identity, or reality?
  • Can untrusted text or media alter tool instructions?
  • Is there a reversible draft stage before publication, sending, grading, or deployment?
  • Can a person contest, correct, remove, or revoke the result?
This week I want to improve meeting-note follow-up. Baseline: 25 minutes and occasional missed owners. Design one 30-minute practice: a sanitized sample, one constrained prompt, a checklist for owner/date/source accuracy, and a five-minute retrospective. Keep the tool fixed and change only one prompting variable.

The prompt can state boundaries, but prompts are not access control, consent records, or legal clearance. Configure minimum permissions, retention, sharing, and deletion in the surrounding system. Keep an incident route for accidental exposure and a kill switch for repeated workflows.

Read

Apply proportional controls

For the expected result—A bounded weekly experiment with a baseline, one controlled change, an output check, and a decision to keep, revise, or discard the technique—review privacy, security, bias, rights, and deception separately. Use provenance notes and disclosures where audiences could mistake synthetic media or generated claims for direct evidence. Preserve human ownership of consequential decisions.

Likely failures include collecting prompts without testing; changing tool and task simultaneously; counting speed while quality falls; skipping reflection; automating before understanding. Consistency beats novelty. One checked experiment each week produces transferable judgment; browsing new tools without measuring work does not. When local law, organizational policy, a contract, or platform rule is stricter than this lesson, the stricter rule wins.

Read

Red-team exercise

Try one hostile or ambiguous input without using real sensitive information. Observe whether the model invents, follows embedded instructions, exceeds the schema, or proposes an irreversible action. A safe run should fail closed: return “unknown,” route to review, or stop.

Checking tutor…

Continue learning · glossary & guides