Would Your Boss Read Your Prompts? Private AI, Explained cover art

Would Your Boss Read Your Prompts? Private AI, Explained

Would Your Boss Read Your Prompts? Private AI, Explained

Listen for free

View show details

Would you still use ChatGPT if your boss, or the AI provider, could read every single prompt you typed in? Most of us type something we would never share publicly into an AI tool every day.

In this Threat Talks Deep Dive, Field CTO Rob Maas sits down with ON2IT senior developer Derk Bell to unpack the privacy problem hiding inside everyday AI use, and a genuinely clever way to solve it.

The problem is bigger than a single prompt. An AI request carries far more context than a Google search: your conversation history, your files, and (with agents and MCP) automatic, autonomous access to your CRM, your email, your calendar and your codebase. A lot of that data is shipped off to a remote provider, often without you realizing it. Today we just trust those providers not to misuse it. As Derk points out, “trust us” is the exact opposite of Zero Trust: never trust, always verify.

So how do you verify? Derk walks through Confer, the privacy-first AI service from Signal Protocol co-creator Moxie Marlinspike. Using the analogy of a tamper-proof, locked calculator box for an “anonymous” employee survey, he explains how Confer lets you actually check the wiring: a hardware Trusted Execution Environment that isolates and encrypts the running program, remote attestation that lets you verify the exact open-source code handling your prompt, a Signal-style encrypted channel to talk to it, and hardware-bound keys that are thrown away the moment your session ends, so even the operator can never read your data.

We close on who needs this most (developers protecting trade secrets, executives working on M&A or strategy, and anyone bound by GDPR) and whether the big AI labs will adopt this the way the whole industry adopted Signal.

The takeaway: privacy and powerful AI do not have to be a trade-off. “Trust us” was never a security strategy.

🔗 Episode resources, transcript and show notes: https://threat-talks.com
📊 Grab the infographic referenced in the episode in the show notes to follow the technical steps.
🎙️ Subscribe to the podcast on Spotify, Apple Podcasts, or your podcast app of choice.

Threat Talks is a podcast by ON2IT cybersecurity and AMS-IX. We delve deep into the dynamic world of cybersecurity, one episode at a time. New episode every Tuesday.


Chapters:
00:00 Would you still use ChatGPT if your boss read every prompt?
01:00 Why AI is different from a Google search: context
02:08 "Trust us" and why that is the opposite of Zero Trust
03:22 It gets worse: AI agents, MCP and autonomous access
05:52 Enter Moxie Marlinspike, Signal, and Confer
06:30 The analogy: an "anonymous" employee survey in a locked box
10:16 Inside Confer: the TEE, attestation and the encrypted channel
14:21 End the session, throw away the keys
16:08 Who needs this? Developers, executives, GDPR-bound teams
18:29 Wrap-up: privacy and powerful AI can coexist

adbl_web_anon_alc_button_suppression_t1
No reviews yet