Lesson 3 of 8
Don't paste secrets
5 min read
Pasting a password, an API key, or a client's private file into a chat feels harmless — the reply comes back and it's gone, right? Not quite. What you paste can outlive the conversation.
Where it can travel
Your message may be stored, sampled for human review, or used to train future models — depending on the product and its settings. This is data leakage: sensitive text leaving your control the moment you send it.
Sending is copying. Assume anything you paste could be seen by someone else later.
The safe move
Redact before you paste: swap real secrets for placeholders, or describe the problem without the sensitive bits. If a tool offers a "don't train on my chats" or temporary-chat option, that helps too — but the surest protection is simply not sending the secret.
The cheapest fix is the strongest: if it's a secret, don't put it in the box.
Never paste passwords, API keys, card numbers, or someone else's private data into an AI chat — the same rule you'd use for a public forum.
Before you send
- —What you paste can be logged, reviewed, or trained on.
- —Redact secrets or describe the problem without them.
- —When in doubt, leave the secret out.
You want help debugging code that contains a live API key. Safest approach?
Continue in the app
Take the whole AI Security for Everyone course — tracked
Get your personalized path, progress and streaks in the app — this lesson and every next one, in order.