Evidence for Everyday Users
AI security for everyday ai users.
Practical AI privacy and security checks for people using assistants for writing, planning, research, files, email, and daily decisions.
Everyday use becomes harder to judge when personal chats, uploads, browsing, memory, and connected accounts quietly accumulate in one assistant.
CapitalGuard Security Research · Updated July 14, 2026 · Primary sources only
5
AI surfaces
10
Exposure types
50
Evidence guides
connected assistant
ChatGPT
Ordinary chat does not automatically expose an entire device or account. Scope expands only through what the user submits, enables, connects, or authorizes.
connected assistant
ChatGPT
Ordinary chat does not automatically expose an entire device or account. Scope expands only through what the user submits, enables, connects, or authorizes.
Private file access
ChatGPT Private file access for Everyday Users
Uploads, projects, synced apps, and file-search connections can make selected documents available as context.
Open evidence guideCredential exposure
ChatGPT Credential exposure for Everyday Users
Credentials can arrive through pasted configuration, uploaded source files, screenshots, or connected Drive content.
Open evidence guideClient confidentiality
ChatGPT Client confidentiality for Everyday Users
A personal ChatGPT account can mix client prompts, files, memories, and app context unless the user separates work deliberately.
Open evidence guidePrompt injection
ChatGPT Prompt injection for Everyday Users
Retrieved webpages, uploaded documents, and app results can contain instructions that should be treated as untrusted content.
Open evidence guideConnector permissions
ChatGPT Connector permissions for Everyday Users
ChatGPT apps may search connected sources, sync content, or perform write actions within granted scopes.
Open evidence guideCommand execution
ChatGPT Command execution for Everyday Users
Standard conversation is text-only, but custom apps, workspace agents, or connected action tools can change external systems when enabled.
Open evidence guideUnsafe generated code
ChatGPT Unsafe generated code for Everyday Users
ChatGPT may suggest code, dependencies, shell commands, and configuration that still require independent verification.
Open evidence guideHistory and sharing
ChatGPT History and sharing for Everyday Users
History, memories, projects, Temporary Chats, and shared links follow different controls and should be reviewed separately.
Open evidence guideAccidental oversharing
ChatGPT Accidental oversharing for Everyday Users
Large pastes, screenshots, uploads, and connected-app retrieval can include more information than the visible question requires.
Open evidence guideAutonomous actions
ChatGPT Autonomous actions for Everyday Users
Apps can be configured to read automatically or take actions with different approval levels, including elevated persistent choices where available.
Open evidence guideconnected assistant
Claude
Claude does not receive blanket access by default. The practical boundary is the content submitted plus the connectors, permissions, projects, and account controls the user enables.
connected assistant
Claude
Claude does not receive blanket access by default. The practical boundary is the content submitted plus the connectors, permissions, projects, and account controls the user enables.
Private file access
Claude Private file access for Everyday Users
Files, project knowledge, Google Workspace connections, and other connectors can make selected work retrievable in Claude.
Open evidence guideCredential exposure
Claude Credential exposure for Everyday Users
Secrets can enter through code uploads, pasted logs, project knowledge, Drive documents, or connector results.
Open evidence guideClient confidentiality
Claude Client confidentiality for Everyday Users
Client files can persist in conversations or project knowledge and may be retrievable through connectors inherited from the user account.
Open evidence guidePrompt injection
Claude Prompt injection for Everyday Users
Documents, webpages, connector output, and MCP resources may contain instructions that conflict with the user’s goal.
Open evidence guideConnector permissions
Claude Connector permissions for Everyday Users
Claude connectors can inherit access from services such as Drive, Slack, or Linear and may expose both read and write tools.
Open evidence guideCommand execution
Claude Command execution for Everyday Users
Ordinary Claude chat is not a local shell, but connectors and computer or coding surfaces may expose action tools.
Open evidence guideUnsafe generated code
Claude Unsafe generated code for Everyday Users
Claude can generate code and installation instructions that may be plausible but incomplete, outdated, or unsafe for the user’s environment.
Open evidence guideHistory and sharing
Claude History and sharing for Everyday Users
Claude chats are private by default but can be shared as snapshots; projects and uploaded files have separate visibility rules.
Open evidence guideAccidental oversharing
Claude Accidental oversharing for Everyday Users
Artifacts, screenshots, long documents, and connector retrieval can surface details beyond the line the user intended to discuss.
Open evidence guideAutonomous actions
Claude Autonomous actions for Everyday Users
Connectors may retrieve data or take actions such as creating issues, sending messages, or changing records when the tool is permitted.
Open evidence guideconnected assistant
Gemini
Gemini access is shaped by what the user shares, device permissions, connected apps, Gemini Apps Activity, and other Google settings that may remain active independently.
connected assistant
Gemini
Gemini access is shaped by what the user shares, device permissions, connected apps, Gemini Apps Activity, and other Google settings that may remain active independently.
Private file access
Gemini Private file access for Everyday Users
Gemini can receive files, screens, photos, page context, and information from connected apps when those features are used.
Open evidence guideCredential exposure
Gemini Credential exposure for Everyday Users
Tokens or passwords can appear in uploaded screenshots, browser page context, code files, Drive content, or copied logs.
Open evidence guideClient confidentiality
Gemini Client confidentiality for Everyday Users
Client content may enter through uploads, connected Google services, live screen sharing, or a work account whose policies differ from a personal account.
Open evidence guidePrompt injection
Gemini Prompt injection for Everyday Users
Web content, connected-app results, emails, documents, and shared screens can contain text that should not become trusted instructions.
Open evidence guideConnector permissions
Gemini Connector permissions for Everyday Users
Connected Google and third-party apps can expose account information according to their permissions and retain shared data under their own policies.
Open evidence guideCommand execution
Gemini Command execution for Everyday Users
Consumer Gemini chat is not automatically a shell, but device actions, extensions, or connected services may perform operations.
Open evidence guideUnsafe generated code
Gemini Unsafe generated code for Everyday Users
Gemini-generated code or commands may omit environment-specific constraints or suggest dependencies that need verification.
Open evidence guideHistory and sharing
Gemini History and sharing for Everyday Users
Gemini Apps Activity, public links, saved information, connected-service data, and reviewed content follow different retention rules.
Open evidence guideAccidental oversharing
Gemini Accidental oversharing for Everyday Users
Live screen, camera, audio, uploaded files, and browser page context can capture background information outside the intended question.
Open evidence guideAutonomous actions
Gemini Autonomous actions for Everyday Users
Gemini may use connected apps or device-assistant capabilities to take actions based on available permissions.
Open evidence guideconnected assistant
Microsoft Copilot
The correct risk assessment starts by naming the exact Copilot product, account, app, and connected service; consumer and managed-work settings are not interchangeable.
connected assistant
Microsoft Copilot
The correct risk assessment starts by naming the exact Copilot product, account, app, and connected service; consumer and managed-work settings are not interchangeable.
Private file access
Microsoft Copilot Private file access for Everyday Users
Copilot may use uploaded files, the active Microsoft 365 document, recent files, or connected-service content depending on the surface.
Open evidence guideCredential exposure
Microsoft Copilot Credential exposure for Everyday Users
Credentials may appear in uploaded files, screenshots, recent documents, synced browser data, code, or copied support logs.
Open evidence guideClient confidentiality
Microsoft Copilot Client confidentiality for Everyday Users
Client data can enter a consumer Copilot chat or a managed Microsoft 365 context with different controls and retention.
Open evidence guidePrompt injection
Microsoft Copilot Prompt injection for Everyday Users
Connected service results, documents, email, webpages, and shared files may contain untrusted instructions.
Open evidence guideConnector permissions
Microsoft Copilot Connector permissions for Everyday Users
Connections can make files, email, contacts, calendar events, and other service data retrievable through Copilot.
Open evidence guideCommand execution
Microsoft Copilot Command execution for Everyday Users
Most consumer interactions are not a general shell, but connected services and Microsoft 365 features can create or modify external content.
Open evidence guideUnsafe generated code
Microsoft Copilot Unsafe generated code for Everyday Users
Copilot can generate code, formulas, scripts, and commands whose safety depends on the user’s environment and review.
Open evidence guideHistory and sharing
Microsoft Copilot History and sharing for Everyday Users
Consumer history, Microsoft 365 activity, uploaded files, and organizational records may be controlled in different locations.
Open evidence guideAccidental oversharing
Microsoft Copilot Accidental oversharing for Everyday Users
Recent files, full documents, screenshots, and connected services can surface more context than a short prompt suggests.
Open evidence guideAutonomous actions
Microsoft Copilot Autonomous actions for Everyday Users
Connected Copilot experiences may draft, create, change, or communicate within Microsoft services when the feature permits.
Open evidence guideconnected assistant
Perplexity
The risk depends on what is searched, uploaded, retained, shared, or connected. Consumer and Enterprise data controls are materially different and should not be assumed equivalent.
connected assistant
Perplexity
The risk depends on what is searched, uploaded, retained, shared, or connected. Consumer and Enterprise data controls are materially different and should not be assumed equivalent.
Private file access
Perplexity Private file access for Everyday Users
Perplexity can work with session uploads, project files, personal repositories, organizational files, and connected storage depending on plan.
Open evidence guideCredential exposure
Perplexity Credential exposure for Everyday Users
Secrets can enter through uploaded code, configuration, screenshots, search queries, or files synchronized from storage.
Open evidence guideClient confidentiality
Perplexity Client confidentiality for Everyday Users
Client files may persist in projects or repositories, and sharing can expose responses that reference connected material.
Open evidence guidePrompt injection
Perplexity Prompt injection for Everyday Users
Search results, webpages, uploaded documents, and connected files can carry instructions that should not control the assistant.
Open evidence guideConnector permissions
Perplexity Connector permissions for Everyday Users
Enterprise connectors can include cloud storage and knowledge sources whose permissions determine what files can be searched.
Open evidence guideCommand execution
Perplexity Command execution for Everyday Users
Perplexity search and chat are not a general local shell, although generated commands or connected capabilities can still influence external actions.
Open evidence guideUnsafe generated code
Perplexity Unsafe generated code for Everyday Users
Generated code and cited technical answers can still contain vulnerable patterns, obsolete APIs, or unsafe commands.
Open evidence guideHistory and sharing
Perplexity History and sharing for Everyday Users
Sessions, projects, uploaded files, Pages, and Enterprise repositories have different retention and visibility rules.
Open evidence guideAccidental oversharing
Perplexity Accidental oversharing for Everyday Users
Search queries and uploads can include confidential terms, full documents, account details, or source material beyond the research need.
Open evidence guideAutonomous actions
Perplexity Autonomous actions for Everyday Users
Search and answer generation are usually advisory, but enterprise connectors and future action surfaces should be reviewed for actual write authority.
Open evidence guideThe useful outcome
Make access explainable.
You can name what the assistant can reach, remove access you no longer need, and keep sensitive material outside ordinary AI tasks.
Review CapitalGuard LicensesHow this collection is built
Every page combines one documented AI surface, one concrete exposure type, and one visible working context. A page is published only when it has a unique access scenario, a safe check, practical controls, and at least three primary references.
Read the publication method