AI safety in personal use
PII, NDAs, financial data, and other people's secrets · know the rules of what you do not paste.
::TL;DR · the whole lesson in three lines
- MOVEPII, NDAs, financial data, and other people's secrets · know the rules of what you do not paste.
- DRILLYou will build a personal redaction checklist tailored to your own life and stick it where you can see it before every paste.
- WINYou have a written checklist specific to your life, not generic.
::concept · what's actually happening
The first rule that protects you is the rule the model cannot enforce · do not paste in things that have privacy obligations attached to them. Your therapist's notes, your employer's source code under NDA, your kid's medical records, your tax return · the model does not know these have rules. You do.
read full concept · 4 more paragraphs →collapse concept ↑
Hosted AI services have privacy policies that range from 'we will not train on your data' (most enterprise tiers) to 'everything you type is fair game' (some free consumer tiers). Read the policy of the specific tier you use, not the marketing page · the two often disagree by 30%.
Third-party data has a separate problem · even if your privacy policy allows training on your inputs, you do not own your friend's medical complaint or your client's revenue numbers. Pasting them in is consent you cannot give. The legal blast radius lands on you, not the platform.
The 'verify rule' expands at this level · do not just verify the model's output, verify your own input before you send it. Two seconds of 'wait, is there anything in this paste I would not want logged' has saved more operators than any privacy policy.
Local models (covered separately in the Ollama lesson) are the structural answer to PII-sensitive work · if the audio, the text, or the image never leaves your machine, the privacy policy of the cloud provider becomes irrelevant. Use the right tool for the sensitivity level.
::drill · do the thing
You will build a personal redaction checklist tailored to your own life and stick it where you can see it before every paste.
::L39 drill · copy-paste into any AI chat
I am building a personal AI-paste safety checklist tailored to my actual life. Help me list, specifically and honestly: 1) what categories of information I handle that I should never paste into a hosted AI (think: medical, financial, NDA-covered, third-party secrets, others' PII), 2) for each category, what the realistic blast radius is if it leaked (regulatory? professional? relational? legal?), 3) the safer alternative for each category (local model? redact-then-paste? do-not-use-AI-here?), 4) a one-line gut-check question I can ask before every paste · short enough to actually use. My context: [BRIEF DESCRIPTION OF YOUR WORK · e.g. 'solo founder building a fintech app,' 'therapist with private practice,' 'engineer at a company with strict IP policy']. No abstract advice · I want my checklist.
::steps
- 01Run the prompt with your real work context filled in.
- 02Review the categories list · add any the model missed for your situation.
- 03Save the checklist somewhere visible (sticky note, top of CLAUDE.md, etc.).
- 04Pick one task you currently do in the cloud that should move local.
- 05Test your one-line gut-check on a paste you were about to send today.
- 06Update the checklist as you learn what almost-slipped through.
::outcome · what should be true
- You have a written checklist specific to your life, not generic.
- You moved at least one privacy-sensitive workflow to safer ground.
- You can recite your one-line gut-check from memory.
- You read the privacy policy of the AI tier you actually use.
::trap · the most common failure
Operators read generic privacy advice, nod, and keep doing exactly what they were doing. The checklist only works if it is specific to your actual categories of data · 'don't paste sensitive stuff' is not a checklist, it's a wish.
::end of the curriculum
You're at Pilot level. There's no Level 6.
The next move is doing the work, not another lesson. If you want operator-grade infrastructure, that's /orangebox. If you want the lab's working journal, /founders-view. If you want to collaborate on the curriculum itself, the source is public on GitHub.
::other lessons at Operator level
Local AI · Ollama — privacy, offline, and the limit of free
At Operator level you need an honest opinion about local-only AI. Even if you don't use it daily, you should have run it once.
Model routing — switching between Claude, GPT, Gemini mid-task
Operators don't pick one AI. They route each task to the model that does it best. Knowing the strengths is the skill.
MCP servers — the plug socket that turned AI into a real tool
Model Context Protocol is the standard plug. Knowing what plugs in changes what your AI can actually touch — your files, your inbox, your calendar, your repos.
Agent mode — when AI takes action, not just answers
The frontier of useful AI is agents that DO things — browse, click, file, send. The actual skill is the safety pattern, not the magic.
Computer use — when AI takes the mouse and keyboard
Claude in Chrome, ChatGPT Atlas, computer-use beta — the frontier is AI that drives your browser like a human. Knowing the safety pattern is the actual skill.
What AI cannot replace — taste, judgment, relationships
The operators winning in 2026 are the ones who learned what AI is for and what is theirs. Knowing the line is more valuable than any prompt.
Agents 101: model plus tools plus loop
An agent is a model with tools running in a loop until done · know when you need one and when you don't.
MCP: structured tools for AI
Model Context Protocol is the USB-C of AI tooling · learn the shape before you wire anything.
Skill primers: teach a session your context in 30 seconds
A skill is a reusable file that primes a fresh AI session with your project, voice, and rules · stop re-explaining yourself.
Local models with Ollama
Run Llama, Qwen, or Mistral on your own laptop · no API, no logs, no monthly bill for the work that should stay home.
Vision models: when to use them
Vision lets the model see images · powerful for screenshots and diagrams · weak for precise spatial work · know the line.
Audio and Whisper transcription
Whisper turns audio into text · meetings, voice memos, interviews · the AI-era replacement for note-taking.
RAG vs long context: when to retrieve, when to dump
RAG fetches the right slice of your data at query time · long context stuffs everything in · know which problem you actually have.
Embeddings: meaning as numbers
An embedding is a list of numbers that captures the meaning of text · learn the shape and you unlock semantic search, deduplication, and clustering.
Fine-tuning vs prompt engineering
For individuals, fine-tuning is almost never worth it · know exactly when it actually is.
Multimodal prompting: combining text, image, audio
The strongest prompts use the medium that fits the question · sometimes you describe, sometimes you show, sometimes you do both.
Chain-of-thought: making the model show its work
Asking the model to reason step-by-step before answering raises accuracy on hard problems · know when it earns its cost.
Tool use and structured output
Function calling makes the model return JSON your code can use · know the contract before you build on it.
Cost optimization: tokens, caching, model selection
AI is metered · the operators who stay profitable measure what they spend and choose the model that fits the task.
::part of the AtomEons /learn curriculum · 45 lessons · 5 levels · cc-by 4.0