Evidence for Everyday Users

AI security for everyday ai users.

Practical AI privacy and security checks for people using assistants for writing, planning, research, files, email, and daily decisions.

Everyday use becomes harder to judge when personal chats, uploads, browsing, memory, and connected accounts quietly accumulate in one assistant.

CapitalGuard Security Research · Updated July 14, 2026 · Primary sources only

5

AI surfaces

10

Exposure types

50

Evidence guides

connected assistant

ChatGPT

Ordinary chat does not automatically expose an entire device or account. Scope expands only through what the user submits, enables, connects, or authorizes.

Private file access

ChatGPT Private file access for Everyday Users

Uploads, projects, synced apps, and file-search connections can make selected documents available as context.

Open evidence guide

Credential exposure

ChatGPT Credential exposure for Everyday Users

Credentials can arrive through pasted configuration, uploaded source files, screenshots, or connected Drive content.

Open evidence guide

Client confidentiality

ChatGPT Client confidentiality for Everyday Users

A personal ChatGPT account can mix client prompts, files, memories, and app context unless the user separates work deliberately.

Open evidence guide

Prompt injection

ChatGPT Prompt injection for Everyday Users

Retrieved webpages, uploaded documents, and app results can contain instructions that should be treated as untrusted content.

Open evidence guide

Connector permissions

ChatGPT Connector permissions for Everyday Users

ChatGPT apps may search connected sources, sync content, or perform write actions within granted scopes.

Open evidence guide

Command execution

ChatGPT Command execution for Everyday Users

Standard conversation is text-only, but custom apps, workspace agents, or connected action tools can change external systems when enabled.

Open evidence guide

Unsafe generated code

ChatGPT Unsafe generated code for Everyday Users

ChatGPT may suggest code, dependencies, shell commands, and configuration that still require independent verification.

Open evidence guide

History and sharing

ChatGPT History and sharing for Everyday Users

History, memories, projects, Temporary Chats, and shared links follow different controls and should be reviewed separately.

Open evidence guide

Accidental oversharing

ChatGPT Accidental oversharing for Everyday Users

Large pastes, screenshots, uploads, and connected-app retrieval can include more information than the visible question requires.

Open evidence guide

Autonomous actions

ChatGPT Autonomous actions for Everyday Users

Apps can be configured to read automatically or take actions with different approval levels, including elevated persistent choices where available.

Open evidence guide

connected assistant

Claude

Claude does not receive blanket access by default. The practical boundary is the content submitted plus the connectors, permissions, projects, and account controls the user enables.

Private file access

Claude Private file access for Everyday Users

Files, project knowledge, Google Workspace connections, and other connectors can make selected work retrievable in Claude.

Open evidence guide

Credential exposure

Claude Credential exposure for Everyday Users

Secrets can enter through code uploads, pasted logs, project knowledge, Drive documents, or connector results.

Open evidence guide

Client confidentiality

Claude Client confidentiality for Everyday Users

Client files can persist in conversations or project knowledge and may be retrievable through connectors inherited from the user account.

Open evidence guide

Prompt injection

Claude Prompt injection for Everyday Users

Documents, webpages, connector output, and MCP resources may contain instructions that conflict with the user’s goal.

Open evidence guide

Connector permissions

Claude Connector permissions for Everyday Users

Claude connectors can inherit access from services such as Drive, Slack, or Linear and may expose both read and write tools.

Open evidence guide

Command execution

Claude Command execution for Everyday Users

Ordinary Claude chat is not a local shell, but connectors and computer or coding surfaces may expose action tools.

Open evidence guide

Unsafe generated code

Claude Unsafe generated code for Everyday Users

Claude can generate code and installation instructions that may be plausible but incomplete, outdated, or unsafe for the user’s environment.

Open evidence guide

History and sharing

Claude History and sharing for Everyday Users

Claude chats are private by default but can be shared as snapshots; projects and uploaded files have separate visibility rules.

Open evidence guide

Accidental oversharing

Claude Accidental oversharing for Everyday Users

Artifacts, screenshots, long documents, and connector retrieval can surface details beyond the line the user intended to discuss.

Open evidence guide

Autonomous actions

Claude Autonomous actions for Everyday Users

Connectors may retrieve data or take actions such as creating issues, sending messages, or changing records when the tool is permitted.

Open evidence guide

connected assistant

Gemini

Gemini access is shaped by what the user shares, device permissions, connected apps, Gemini Apps Activity, and other Google settings that may remain active independently.

Private file access

Gemini Private file access for Everyday Users

Gemini can receive files, screens, photos, page context, and information from connected apps when those features are used.

Open evidence guide

Credential exposure

Gemini Credential exposure for Everyday Users

Tokens or passwords can appear in uploaded screenshots, browser page context, code files, Drive content, or copied logs.

Open evidence guide

Client confidentiality

Gemini Client confidentiality for Everyday Users

Client content may enter through uploads, connected Google services, live screen sharing, or a work account whose policies differ from a personal account.

Open evidence guide

Prompt injection

Gemini Prompt injection for Everyday Users

Web content, connected-app results, emails, documents, and shared screens can contain text that should not become trusted instructions.

Open evidence guide

Connector permissions

Gemini Connector permissions for Everyday Users

Connected Google and third-party apps can expose account information according to their permissions and retain shared data under their own policies.

Open evidence guide

Command execution

Gemini Command execution for Everyday Users

Consumer Gemini chat is not automatically a shell, but device actions, extensions, or connected services may perform operations.

Open evidence guide

Unsafe generated code

Gemini Unsafe generated code for Everyday Users

Gemini-generated code or commands may omit environment-specific constraints or suggest dependencies that need verification.

Open evidence guide

History and sharing

Gemini History and sharing for Everyday Users

Gemini Apps Activity, public links, saved information, connected-service data, and reviewed content follow different retention rules.

Open evidence guide

Accidental oversharing

Gemini Accidental oversharing for Everyday Users

Live screen, camera, audio, uploaded files, and browser page context can capture background information outside the intended question.

Open evidence guide

Autonomous actions

Gemini Autonomous actions for Everyday Users

Gemini may use connected apps or device-assistant capabilities to take actions based on available permissions.

Open evidence guide

connected assistant

Microsoft Copilot

The correct risk assessment starts by naming the exact Copilot product, account, app, and connected service; consumer and managed-work settings are not interchangeable.

Private file access

Microsoft Copilot Private file access for Everyday Users

Copilot may use uploaded files, the active Microsoft 365 document, recent files, or connected-service content depending on the surface.

Open evidence guide

Credential exposure

Microsoft Copilot Credential exposure for Everyday Users

Credentials may appear in uploaded files, screenshots, recent documents, synced browser data, code, or copied support logs.

Open evidence guide

Client confidentiality

Microsoft Copilot Client confidentiality for Everyday Users

Client data can enter a consumer Copilot chat or a managed Microsoft 365 context with different controls and retention.

Open evidence guide

Prompt injection

Microsoft Copilot Prompt injection for Everyday Users

Connected service results, documents, email, webpages, and shared files may contain untrusted instructions.

Open evidence guide

Connector permissions

Microsoft Copilot Connector permissions for Everyday Users

Connections can make files, email, contacts, calendar events, and other service data retrievable through Copilot.

Open evidence guide

Command execution

Microsoft Copilot Command execution for Everyday Users

Most consumer interactions are not a general shell, but connected services and Microsoft 365 features can create or modify external content.

Open evidence guide

Unsafe generated code

Microsoft Copilot Unsafe generated code for Everyday Users

Copilot can generate code, formulas, scripts, and commands whose safety depends on the user’s environment and review.

Open evidence guide

History and sharing

Microsoft Copilot History and sharing for Everyday Users

Consumer history, Microsoft 365 activity, uploaded files, and organizational records may be controlled in different locations.

Open evidence guide

Accidental oversharing

Microsoft Copilot Accidental oversharing for Everyday Users

Recent files, full documents, screenshots, and connected services can surface more context than a short prompt suggests.

Open evidence guide

Autonomous actions

Microsoft Copilot Autonomous actions for Everyday Users

Connected Copilot experiences may draft, create, change, or communicate within Microsoft services when the feature permits.

Open evidence guide

connected assistant

Perplexity

The risk depends on what is searched, uploaded, retained, shared, or connected. Consumer and Enterprise data controls are materially different and should not be assumed equivalent.

Private file access

Perplexity Private file access for Everyday Users

Perplexity can work with session uploads, project files, personal repositories, organizational files, and connected storage depending on plan.

Open evidence guide

Credential exposure

Perplexity Credential exposure for Everyday Users

Secrets can enter through uploaded code, configuration, screenshots, search queries, or files synchronized from storage.

Open evidence guide

Client confidentiality

Perplexity Client confidentiality for Everyday Users

Client files may persist in projects or repositories, and sharing can expose responses that reference connected material.

Open evidence guide

Prompt injection

Perplexity Prompt injection for Everyday Users

Search results, webpages, uploaded documents, and connected files can carry instructions that should not control the assistant.

Open evidence guide

Connector permissions

Perplexity Connector permissions for Everyday Users

Enterprise connectors can include cloud storage and knowledge sources whose permissions determine what files can be searched.

Open evidence guide

Command execution

Perplexity Command execution for Everyday Users

Perplexity search and chat are not a general local shell, although generated commands or connected capabilities can still influence external actions.

Open evidence guide

Unsafe generated code

Perplexity Unsafe generated code for Everyday Users

Generated code and cited technical answers can still contain vulnerable patterns, obsolete APIs, or unsafe commands.

Open evidence guide

History and sharing

Perplexity History and sharing for Everyday Users

Sessions, projects, uploaded files, Pages, and Enterprise repositories have different retention and visibility rules.

Open evidence guide

Accidental oversharing

Perplexity Accidental oversharing for Everyday Users

Search queries and uploads can include confidential terms, full documents, account details, or source material beyond the research need.

Open evidence guide

Autonomous actions

Perplexity Autonomous actions for Everyday Users

Search and answer generation are usually advisory, but enterprise connectors and future action surfaces should be reviewed for actual write authority.

Open evidence guide

The useful outcome

Make access explainable.

You can name what the assistant can reach, remove access you no longer need, and keep sensitive material outside ordinary AI tasks.

Review CapitalGuard Licenses

How this collection is built

Every page combines one documented AI surface, one concrete exposure type, and one visible working context. A page is published only when it has a unique access scenario, a safe check, practical controls, and at least three primary references.

Read the publication method