← ExitSensitive Data + AI-Safe Behaviors
0 / 0 lessons0 XP
Pathway · Getting Ready to Work with AI·3 of 6

Sensitive Data + AI-Safe Behaviors

Classify it, protect it, and stop leaking it the moment you open an AI tool or connect it to your accounts.

Time
~2.5 hr
Lessons
0
Exercises
0
Level
Basic

What you'll learn

  • Classify your own data into the standard tiers (public, internal, confidential, PII, regulated) used by legal + security professions.
  • Spot the five markers of a phishing, social-engineering, or AI-enabled deepfake attempt in under 60 seconds.
  • Apply the prompt-as-egress mindset: name what you're sending, to whom, under which contract, every time you open an AI tool.
  • Tell the difference between Consumer, Workspace, and API tiers of major AI vendors, and find the training opt-out, retention, and deletion settings in each.
  • Manage API keys and secrets like a working professional: where to store them, how to rotate them, what to do if you've already pasted one into a chat.
  • Grant least-privilege OAuth scopes when connecting AI tools to your email, calendar, Slack, or Drive, and understand what an agent tool is allowed to do on your behalf.
  • Recognize the OWASP LLM Top 10 threat categories (prompt injection, output handling, training-data poisoning, sensitive-information disclosure) in plain language.
  • Find, read, and apply your employer's AI acceptable-use policy, and know the EU AI Act Article 4 literacy obligation that backs it.
  • Map your sensitive data exposure across every AI tool, API integration, and agent connection you have today.

Description

Most professionals discover the security implications of AI only after they've already pasted something they shouldn't have, or after they've granted a tool more access than it needed. This module teaches you to see both leaks before they happen.

We start with the data side: classify what you have, sharpen the 60-second scam scan, and adopt the framing that anchors the rest of the pathway: every prompt is a data egress event. Then we move to vendor data behavior: how Consumer / Workspace / API tiers differ on training, retention, and deletion (with the actual toggles per vendor).

Then the operational hygiene most courses skip: API keys + secrets management (treating an API key like a credential, where to store it, how to rotate it), and OAuth scopes + agent permissions (when you connect an AI tool to your email or Slack, you're granting it a permission tier, and most courses don't say which tier to pick).

We close with the threat model (OWASP LLM Top 10 translated for non-developers) and the legal reality: EU AI Act Article 4 made AI literacy a workplace obligation in Feb 2025. You'll know how to find and read your employer's acceptable-use policy.

Lessons

0 lessons in this micro-course