AI Safety Cheat Sheet — Practical Safe Use Rules
Status: 🟩 COMPLETE 🟦 LIVING Section: cheat-sheets Tags: safety, cheat-sheet, security, privacy, ethics
How to read this
Quick rules for safe and ethical AI use. Most are common sense once you see them; collectively they cover the recurring issues that get people in trouble.
Never share with AI
Account credentials:
- Passwords
- API keys (your own or others’)
- Session tokens
- 2FA codes
- Banking PINs
Personal identifiers:
- Tax File Numbers (TFN)
- Medicare numbers
- Driver’s licence numbers
- Passport numbers
- Full credit card numbers (including CVV)
Others’ personal info (without permission):
- Client personal data
- Customer details
- Employee information
- Patient health information
- Children’s photos or full names
Confidential business info:
- Trade secrets
- Customer lists
- Unreleased product details
- Confidential strategies
- Salary information
Sensitive personal content:
- Medical conditions you don’t want associated
- Mental health crises (use proper services)
- Legal matters you wouldn’t share publicly
- Anything you wouldn’t want in a data breach
Always verify
For factual claims:
- Specific dates (“happened in 1947” — check)
- Statistics (“87% of Australians…” — check)
- Citations (author, title, year, publisher — check)
- Quotes attributed to people (verify)
- Recent events (knowledge cutoffs)
- Pricing and product details
- Legal/regulatory specifics
For Australian-specific context:
- Local laws and regulations
- Government services and procedures
- Current Australian prices
- Australian organisation details
- Indigenous content
Always disclose AI use when
- Submitting work that will be graded (assessments, exams)
- Required by your employer or client
- Required by the platform (YouTube AI disclosure, etc.)
- In journalism contexts
- In academic publishing
- When the audience would expect to know
Privacy mode quick reference
| Tool | Privacy mode | Where |
|---|---|---|
| ChatGPT | Temporary Chat | Top of new chat → toggle |
| Claude | (No specific mode; opt out of training in settings) | Settings → Privacy |
| Gemini | Pause Gemini Apps Activity | Settings → Privacy |
| Cursor | Privacy Mode | Settings → enable |
| Perplexity | Doesn’t have specific mode; account-linked | — |
For maximum privacy use: local AI (Ollama, LM Studio) — nothing leaves your computer.
API key safety
Do:
- Store in environment variables (.env file)
- Use password managers
- Rotate periodically
- Set spending limits
- Use separate keys for separate projects
Don’t:
- Commit keys to git (especially public repos)
- Share in emails or chat
- Hard-code in source files
- Paste in screenshots
- Use the same key everywhere
If exposed:
- Revoke immediately
- Generate new key
- Update applications
- Check for unauthorized usage
Australian Privacy Act quick rules
For organisations subject to the Privacy Act:
Before using AI on data:
- Is personal information involved?
- If yes — what’s your legal basis to collect/use?
- Is the AI provider’s terms compatible with APP 8 (cross-border disclosure)?
- Do you have a DPA with the provider?
- Is your privacy policy current with AI use disclosure?
For sensitive information (health, race, religion, sexuality, criminal record):
- Stricter requirements
- Generally need explicit consent
- Heightened security obligations
Audio recording rules (Australia)
Australian law on recording:
| Activity | Generally requires |
|---|---|
| Recording phone calls | All-party consent (most states) |
| Recording video meetings | Consent typically required |
| Recording in-person conversations | State-specific (most: all-party) |
| Recording in private | All-party consent |
| Recording in public spaces | Vary; usually permissible |
For AI meeting transcription tools (Otter, Fireflies):
- Bot joining is consent signal — but announce verbally too
- Get explicit consent for sensitive contexts
- Comply with state Listening Devices Acts
Content you shouldn’t generate
Don’t use AI to generate:
- Deepfakes of real people without explicit consent
- Sexual content involving anyone non-consenting or minors
- Voice clones of real people without explicit consent
- Content for harassment or bullying
- Misinformation designed to deceive
- Content impersonating real people or organisations
- Election manipulation content
- Scam-supporting materials
These violate AI providers’ terms; many also violate Australian law (defamation, fraud, image-based abuse, online safety).
Hallucination defence
Quick checks for AI output:
✅ Trust more:
- General concepts and explanations
- Code (which you can test)
- Reasoning and analysis
- Creative writing (truth doesn’t apply)
- Summaries of provided text
⚠️ Trust less / verify:
- Specific dates and numbers
- Citations
- Recent events
- Detailed product/service information
- Legal/medical specifics
- Statistical claims
For anything important: independently verify.
Common AI scams to know about
Voice cloning scams (rising in Australia)
- Cloned family member voice claiming emergency
- Demands urgent money transfer
- Defence: family safe word + always call back on known number
Deepfake business scams
- Fake CEO video/audio authorising transfers
- Defence: verification protocols for financial requests
AI phishing
- More personalised phishing using AI
- Defence: verify all unusual requests through other channels
Fake AI tools
- Apps pretending to be ChatGPT/Claude that steal credentials
- Defence: only use official apps from reputable sources
AI in romance scams
- AI-generated profiles, conversations, photos
- Defence: video call, meet in person before financial involvement
For all: ACCC Scamwatch (scamwatch.gov.au)
Children and AI
- Adult-supervised use for under 13
- Family AI accounts under adult emails
- Privacy: don’t share children’s info
- Educational AI (Khanmigo) preferred for kids’ learning
- Discuss AI use openly with children
- School policies vary — know yours
Quick ethical decision rules
Before using AI for something, ask:
- “Would I be comfortable if everyone knew I used AI for this?”
- If no: probably don’t, or disclose
- “Am I claiming as mine what an AI created?”
- If yes: ethical concern
- “Could this AI output harm someone?”
- If yes: extra care needed
- “Am I verifying the important facts?”
- If no: do it
- “Am I respecting privacy?”
- If unclear: assume more privacy
Free vs paid privacy implications
| Tier | Common privacy properties |
|---|---|
| Free consumer | May use data for training; check settings |
| Paid consumer | Usually NOT used for training; better protections |
| API | Generally not used for training |
| Enterprise | Strongest protections; DPAs available |
For sensitive content: paid or enterprise tiers, or local AI.
When AI is the wrong tool
Don’t use AI as substitute for:
- Mental health crises → Lifeline (13 11 14), Beyond Blue (1300 22 4636), Kids Helpline (1800 55 1800)
- Medical emergencies → 000 or hospital
- Legal emergencies → lawyer or Legal Aid
- Financial advice → licensed financial adviser
- Real human connection → other humans
- Important decisions → your judgment + qualified humans
Red flags in AI usage
Be alert if:
- You’re using AI to bypass policies (school, work)
- You’re using AI for content that could harm others
- You’re becoming dependent in concerning ways
- You’re sharing more personal info than you would publicly
- You’re trusting AI outputs without verification
- You’re using AI to deceive (academic, professional, personal)
These suggest reconsidering use.
See also
- australian-privacy-considerations — Privacy Act details
- hallucinations — why fact-checking matters
- prompt-injection — security concern
- ai-safety-primer — broader safety overview
- vendors-chinese-avoid — why some AI is flagged
- ai-prompting-cheat-sheet — better results
- ai-vendor-cheat-sheet — tool reference
Sources
- Australian Privacy Act 1988 and Australian Privacy Principles
- ACCC Scamwatch advisories
- Australian eSafety Commissioner resources
- OAIC AI guidance (2023-2026)
- Lifeline, Beyond Blue, Kids Helpline contact information
- State Listening Devices Acts