Microsoft Just Proved AI Can Be Manipulated Through Documents. Are You Feeding It Client Files?
Microsoft researchers recently documented a vulnerability where AI systems can be manipulated through embedded instructions in documents. Feed the AI a document with hidden prompts, and it follows those instructions instead of yours.
Now think about your practice. How many client intake forms, session transcripts, and personal assessments are you running through AI tools every week? How confident are you that those tools are handling that data the way you think they are?
There are currently 78 chatbot safety bills active across 27 U.S. states. Washington already passed HB 2225 in 2026, establishing new requirements for AI systems that interact with consumers. For practitioners who handle deeply personal client information, this is not a someday problem. This is a this quarter problem.
The Three Mistakes Service Business Owners Make With Client Data and AI
Mistake 1: Pasting Client Conversations Directly Into Free AI Tools
Free tiers of most AI platforms explicitly state in their terms of service that they may use your inputs to train their models. When you paste a client's personal struggles, financial details, or health information into a free AI tool, you may be contributing that data to a training set. For practitioners bound by professional ethics standards, this is a compliance issue.
Mistake 2: No Data Handling Policy for AI Workflows
Most practitioners who use AI have no written policy for how client data flows through their AI tools. Which tools see which data? Where is it stored? How long is it retained? Can clients opt out?
If you cannot answer those questions right now, you do not have a data handling policy. With 78 bills working through state legislatures, that gap is becoming a legal liability.
Mistake 3: Never Telling Clients That AI Touches Their Information
Disclosure is not optional anymore. Clients have a right to know when AI is involved in their service delivery, whether that is AI summarizing session notes, drafting follow up emails, or analyzing progress data. Transparency builds trust and protects you legally.
Want to learn the most practical AI automation skills for your business and get real feedback from a cohort of experienced service business owners who get it?
Join the Masterminds HQ Mastermind →
A Simple Framework: The Three Walls
Wall 1: Classify Your Data
Split your client data into three categories:
- Green: General business data (scheduling, invoicing, public content). Safe for any AI tool.
- Yellow: Semi personal data (goals, business challenges, general session themes). Use only with paid AI tools that have data privacy agreements and do not train on your inputs.
- Red: Deeply personal data (mental health disclosures, financial details, relationship issues, health information). Never processed by AI without explicit client consent and enterprise grade data handling.
Spend 30 minutes classifying your data and you eliminate 80% of your risk.
Wall 2: Audit Your AI Tools
For every AI tool in your stack, answer these questions:
- Does it train on my inputs? (Check the terms of service, not the marketing page)
- Where is data stored and for how long?
- Can I delete client data on request?
- Is there a data processing agreement available?
If you cannot find clear answers, that tool should not touch Yellow or Red data.
I wrote about the broader risk of AI dependency in Claude Just Went Down. Are You One Outage Away from a Broken Business?. The data privacy angle adds another dimension to why your AI stack needs intentional architecture.
Wall 3: Disclose and Document
Add an AI disclosure to your client agreements. It does not need to be complicated:
Frequently asked questions
If I'm using Claude or ChatGPT Pro, am I safe to paste client data?
Paid tiers don't train on your inputs, which is better than free versions, but data still passes through Anthropic or OpenAI's servers. Check your professional licensing requirements in your state: 27 states now have active AI safety bills that may require data processing agreements or client consent. Have your attorney review your specific situation before making this routine.
What's the fastest way to set up a data handling policy for my practice?
Start with a one-page document covering three things: which tools see what data (example: transcripts go to Claude, client names never do), where it's stored (your device only, or cloud), and how long you keep it (delete after 48 hours). Many practitioners use a version locked in their Standard Operating Procedures within 2-3 hours. This isn't legal advice, but it beats having nothing when a client asks.
Do I have to tell every client that I use AI, even if it's just for admin work?
Yes. Washington's HB 2225 requires disclosure when AI "interacts with consumers." Even if you're only using AI to organize notes, your client agreement should mention it. Most practices add a single sentence: "We use AI tools to improve efficiency in scheduling and administrative tasks. Your personal session data is not shared with these systems." That covers you legally.
I transcribe sessions with Otter.ai. Is that compliant with the new state bills?
Otter's standard plan stores transcripts on their servers for 6 months, which triggers compliance questions in states with active safety legislation. Check if Otter offers HIPAA-BAA agreements (they do for certain pricing tiers) and confirm it matches your state's requirements. Call your state's licensing board if you're unsure whether your specific practice type needs it.
What do I do if a client asks me to stop using AI with their data?
Honor it immediately and document that you did. Offer them a non-AI option for their care, even if it takes you longer. This protects you legally and builds trust. Most practitioners who put this option in their intake form find only 1-2 clients per 100 actually request it, so the operational burden is minimal.