Security Awareness
The Hidden Dangers of Free AI
Free-tier artificial intelligence tools are in use across businesses of every size — often without any policy, oversight, or awareness of what happens to the data entered into them. Here is what your team needs to know.
April 2026 Computer Services Ltd 8 min read
Artificial intelligence tools like Microsoft Copilot, ChatGPT, and Claude have become a routine part of the working day for millions of people. They summarise documents, draft emails, write code, and answer complex questions in seconds. The free versions of these tools are readily accessible — no purchase order, no approval process, no IT department involvement required.
That ease of access is precisely the problem.
When employees use free-tier artificial intelligence tools for work tasks, they frequently enter sensitive business data into systems governed by privacy policies their employer has never read, running on infrastructure their IT team has never assessed. In many cases, the data entered is used to improve the underlying model. In all cases, it leaves the organisation's control the moment it is submitted.
Risk Advisory
Free-tier artificial intelligence platforms are not designed for business use. They typically lack data residency controls, audit logging, organisational access management, and the contractual protections required under New Zealand's Privacy Act 2020. Using them with client data, financial information, or internal strategy documents creates real legal and reputational exposure.
Real-World Incidents
These are not theoretical scenarios. The following incidents are documented examples of free and consumer artificial intelligence tools causing measurable harm to organisations.
Data Leakage — April 2023
Samsung Engineers Leak Proprietary Source Code
Engineers at Samsung Semiconductor pasted confidential source code and internal meeting notes into ChatGPT to help debug and summarise content. Samsung confirmed the data was transmitted to OpenAI's servers and could not be retrieved. Three separate incidents occurred within a single month.
Model Training Exposure — 2023
Professionals Submit Privileged Documents to Free AI
Widely reported across legal, financial, and healthcare sectors, staff were found using free ChatGPT accounts to summarise privileged documents and client records. The submissions fell under OpenAI's then-default data retention and training policies, raising concerns about confidentiality obligations.
Privacy Incident — 20 March 2023
ChatGPT Bug Exposes Conversation Data Between Users
OpenAI temporarily took ChatGPT offline after a Redis caching bug caused some users to see conversation titles and partial content belonging to other users. The incident raised immediate concerns about the security of data stored in consumer accounts.
Regulatory Action — March–April 2023
Italy Temporarily Bans ChatGPT Over Privacy Violations
Italy's data protection authority (Garante) issued an emergency ban on ChatGPT, citing a lack of legal basis for processing personal data and the absence of age verification controls. OpenAI implemented changes to comply and access was restored in late April 2023.
Misinformation / Hallucination — 2023
Lawyers Submit AI-Fabricated Case Citations in Court
New York attorneys submitted a court brief containing six fictitious case citations generated by ChatGPT. None of the cases existed. Judge Castel sanctioned the attorneys involved — Mata v. Avianca Inc., SDNY.
Credential Risk — June 2023
101,134 ChatGPT Account Credentials Found on Dark Web
Cybersecurity firm Group-IB reported that credentials for over 101,000 ChatGPT accounts had been compromised by information-stealing malware and were circulating on dark web marketplaces. Conversation histories containing sensitive business data were accessible to whoever purchased those credentials.
Prompt Injection — 2024
Copilot Manipulated via Malicious Content in Documents
Security researchers demonstrated prompt injection attacks in which instructions hidden inside documents caused Copilot to act on those instructions rather than the user's request — in some scenarios surfacing sensitive data or generating misleading responses.
Insider Exposure — 2023–2024
Healthcare Staff Submit Patient Records to Free AI Tools
Multiple healthcare providers in the United States and United Kingdom confirmed clinical staff had submitted patient notes and clinical histories to free artificial intelligence tools for summarisation. Regulators in both countries raised concerns about compliance with applicable health privacy law.
National Security Risk — January 2025
DeepSeek Found Transmitting Data to Chinese Servers
Security researchers confirmed that DeepSeek R1 transmitted user data and device information to servers linked to ByteDance infrastructure in China. Italy, Australia, South Korea, and multiple United States government agencies banned its use within weeks of its release.
Persistent Surveillance Risk — 2025
Windows Recall Stores Sensitive Screen Data Unencrypted
Microsoft's AI-powered Recall feature was found to store continuously captured screen data in an unencrypted local database. Security researchers demonstrated that malware on the device could trivially extract the full history, including passwords, banking details, and private communications.
AI Safety Regression — May 2025
OpenAI Rolls Back Update After Model Validates Harmful Decisions
OpenAI was forced to roll back a GPT-4o update after widespread reports that the model had become excessively agreeable — validating harmful decisions and withholding appropriate caution. The incident demonstrated that AI safety regressions can be introduced through routine updates with no visibility to end users.
Note: The above incidents span 2023 to mid-2025. The threat landscape has continued to evolve into 2026. This article will be updated as further verified incidents are documented.
"The most common artificial intelligence security incident is not a sophisticated attack. It is a staff member doing something entirely reasonable with a tool that was never intended for that purpose."
Why Free Tiers Are Fundamentally Different
Paid and enterprise versions of artificial intelligence tools are not simply the same product with extra features bolted on. The underlying data handling, privacy commitments, and security controls are structurally different.
On a free plan, your data typically funds the service. Conversation content may be reviewed by human trainers, used to fine-tune future models, stored indefinitely, or processed in data centres outside New Zealand. You have limited visibility into any of this, and no contractual recourse if something goes wrong.
On an enterprise or business plan, the provider contractually commits to not training on your data, offers data residency options, provides audit logging, and accepts obligations under applicable privacy law. These distinctions are not marketing — they are material legal and operational differences.
How to Secure Each Platform
If your organisation allows the use of any of the following tools, these are the minimum controls you should have in place.
Microsoft Copilot — Free / Consumer Tier
→ Block copilot.microsoft.com via your web filtering solution. Staff should only access Copilot through your Microsoft 365 tenant if licensed.
→ Enforce Conditional Access policies in Microsoft Entra to prevent sign-in to personal Microsoft accounts from corporate devices.
→ Enable Microsoft Purview data loss prevention policies to detect and alert when sensitive labels are referenced in Copilot prompts.
→ Audit SharePoint permissions before enabling Copilot at scale — Copilot surfaces content the user has access to, including content they may have forgotten exists.
→ Disable the consumer Copilot experience in the Microsoft 365 admin centre under Settings — Org settings — Copilot.
→ Log Copilot interactions using Microsoft Purview audit logs for post-incident review capability.
ChatGPT — Free / Plus Tier
→ Block chatgpt.com at the web filter or firewall level if the organisation has not sanctioned its use.
→ If ChatGPT use is permitted, require staff to use the ChatGPT Team or Enterprise plan — these disable training on your data by default.
→ On free accounts, navigate to Settings — Data controls and disable "Improve the model for everyone".
→ Establish an acceptable use policy — at minimum prohibiting: client information, financial records, staff personal data, strategic plans, and credentials.
→ Enable multi-factor authentication on all OpenAI accounts used within the organisation.
→ Treat ChatGPT output as unverified. Review before publishing or using in client communications.
Claude — Free / Pro Tier
→ Free and Pro Claude accounts are personal accounts. Claude Team and Enterprise plans are required for organisational use with zero data retention by default.
→ Block claude.ai at the web filter level if only enterprise-plan access has been sanctioned.
→ Configure Single Sign-On through your identity provider for Claude Team or Enterprise to enforce corporate authentication.
→ Review the Projects feature — ensure project membership is controlled and reviewed periodically.
→ Claude's free tier does not offer audit logging or organisational visibility. Work tasks should be on a paid plan with appropriate governance.
Organisational Controls That Apply to All Platforms
✓ Publish a written artificial intelligence acceptable use policy defining approved tools, prohibited tools, and data categories that may never be submitted.
✓ Deliver security awareness training that specifically covers artificial intelligence risks — staff need to understand what a prompt is and what happens to it.
✓ Implement web filtering to enforce your approved tool list. Unmanaged browser access is a policy gap waiting to become an incident.
✓ Require multi-factor authentication on all sanctioned artificial intelligence accounts. Compromised credentials expose every conversation that account has ever had.
✓ Audit your Microsoft 365 environment for overly permissive SharePoint access before enabling Copilot.
✓ Treat artificial intelligence-generated output as a draft. Establish a review process before any content is sent externally or relied upon for decisions.
✓ Include artificial intelligence tool use in onboarding. The same data handling obligations that apply to email apply equally to artificial intelligence prompts.
A Note on New Zealand Law
The Privacy Act 2020 requires New Zealand organisations to take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification, or disclosure. Submitting personal information about clients, employees, or members of the public to a free-tier artificial intelligence tool is difficult to reconcile with this obligation.
If you are in a regulated sector such as health, finance, or legal services, the obligations are more specific and the consequences of a breach more significant.
⚠ Privacy Act 2020 — New Zealand
Entering client or staff personal data into a consumer artificial intelligence platform likely constitutes a transfer of that data to a third party without appropriate safeguards, and may constitute a notifiable privacy breach if the data is subsequently disclosed or misused.
The Right Way to Use Artificial Intelligence at Work
The answer is not to avoid artificial intelligence entirely — it is to use it in a governed, intentional way. These tools offer genuine productivity benefits. The goal is to capture those benefits without creating the exposure that comes from unmanaged, consumer-grade access.
For most organisations, that means selecting a small number of approved tools on business-grade plans, publishing a clear policy, training staff, and reviewing usage periodically. It does not require a large investment — it requires intention.
If you are not sure where to start, we can help you assess your current exposure, identify which tools your staff are using, and put a practical governance framework in place.
TALK TO COMPUTER SERVICES LTD
We help New Zealand and Australian businesses navigate artificial intelligence security with practical, vendor-neutral advice.
[email protected] | 0800 002 367 | computerservices.co.nz
Share this Blog
