AI Safety Cheat Sheet — Practical Safe Use Rules

Status: 🟩 COMPLETE 🟦 LIVING Section: cheat-sheets Tags: safety, cheat-sheet, security, privacy, ethics


How to read this

Quick rules for safe and ethical AI use. Most are common sense once you see them; collectively they cover the recurring issues that get people in trouble.


Never share with AI

Account credentials:

  • Passwords
  • API keys (your own or others’)
  • Session tokens
  • 2FA codes
  • Banking PINs

Personal identifiers:

  • Tax File Numbers (TFN)
  • Medicare numbers
  • Driver’s licence numbers
  • Passport numbers
  • Full credit card numbers (including CVV)

Others’ personal info (without permission):

  • Client personal data
  • Customer details
  • Employee information
  • Patient health information
  • Children’s photos or full names

Confidential business info:

  • Trade secrets
  • Customer lists
  • Unreleased product details
  • Confidential strategies
  • Salary information

Sensitive personal content:

  • Medical conditions you don’t want associated
  • Mental health crises (use proper services)
  • Legal matters you wouldn’t share publicly
  • Anything you wouldn’t want in a data breach

Always verify

For factual claims:

  • Specific dates (“happened in 1947” — check)
  • Statistics (“87% of Australians…” — check)
  • Citations (author, title, year, publisher — check)
  • Quotes attributed to people (verify)
  • Recent events (knowledge cutoffs)
  • Pricing and product details
  • Legal/regulatory specifics

For Australian-specific context:

  • Local laws and regulations
  • Government services and procedures
  • Current Australian prices
  • Australian organisation details
  • Indigenous content

Always disclose AI use when

  • Submitting work that will be graded (assessments, exams)
  • Required by your employer or client
  • Required by the platform (YouTube AI disclosure, etc.)
  • In journalism contexts
  • In academic publishing
  • When the audience would expect to know

Privacy mode quick reference

ToolPrivacy modeWhere
ChatGPTTemporary ChatTop of new chat → toggle
Claude(No specific mode; opt out of training in settings)Settings → Privacy
GeminiPause Gemini Apps ActivitySettings → Privacy
CursorPrivacy ModeSettings → enable
PerplexityDoesn’t have specific mode; account-linked

For maximum privacy use: local AI (Ollama, LM Studio) — nothing leaves your computer.


API key safety

Do:

  • Store in environment variables (.env file)
  • Use password managers
  • Rotate periodically
  • Set spending limits
  • Use separate keys for separate projects

Don’t:

  • Commit keys to git (especially public repos)
  • Share in emails or chat
  • Hard-code in source files
  • Paste in screenshots
  • Use the same key everywhere

If exposed:

  • Revoke immediately
  • Generate new key
  • Update applications
  • Check for unauthorized usage

Australian Privacy Act quick rules

For organisations subject to the Privacy Act:

Before using AI on data:

  1. Is personal information involved?
  2. If yes — what’s your legal basis to collect/use?
  3. Is the AI provider’s terms compatible with APP 8 (cross-border disclosure)?
  4. Do you have a DPA with the provider?
  5. Is your privacy policy current with AI use disclosure?

For sensitive information (health, race, religion, sexuality, criminal record):

  • Stricter requirements
  • Generally need explicit consent
  • Heightened security obligations

Audio recording rules (Australia)

Australian law on recording:

ActivityGenerally requires
Recording phone callsAll-party consent (most states)
Recording video meetingsConsent typically required
Recording in-person conversationsState-specific (most: all-party)
Recording in privateAll-party consent
Recording in public spacesVary; usually permissible

For AI meeting transcription tools (Otter, Fireflies):

  • Bot joining is consent signal — but announce verbally too
  • Get explicit consent for sensitive contexts
  • Comply with state Listening Devices Acts

Content you shouldn’t generate

Don’t use AI to generate:

  • Deepfakes of real people without explicit consent
  • Sexual content involving anyone non-consenting or minors
  • Voice clones of real people without explicit consent
  • Content for harassment or bullying
  • Misinformation designed to deceive
  • Content impersonating real people or organisations
  • Election manipulation content
  • Scam-supporting materials

These violate AI providers’ terms; many also violate Australian law (defamation, fraud, image-based abuse, online safety).


Hallucination defence

Quick checks for AI output:

Trust more:

  • General concepts and explanations
  • Code (which you can test)
  • Reasoning and analysis
  • Creative writing (truth doesn’t apply)
  • Summaries of provided text

⚠️ Trust less / verify:

  • Specific dates and numbers
  • Citations
  • Recent events
  • Detailed product/service information
  • Legal/medical specifics
  • Statistical claims

For anything important: independently verify.


Common AI scams to know about

Voice cloning scams (rising in Australia)

  • Cloned family member voice claiming emergency
  • Demands urgent money transfer
  • Defence: family safe word + always call back on known number

Deepfake business scams

  • Fake CEO video/audio authorising transfers
  • Defence: verification protocols for financial requests

AI phishing

  • More personalised phishing using AI
  • Defence: verify all unusual requests through other channels

Fake AI tools

  • Apps pretending to be ChatGPT/Claude that steal credentials
  • Defence: only use official apps from reputable sources

AI in romance scams

  • AI-generated profiles, conversations, photos
  • Defence: video call, meet in person before financial involvement

For all: ACCC Scamwatch (scamwatch.gov.au)


Children and AI

  • Adult-supervised use for under 13
  • Family AI accounts under adult emails
  • Privacy: don’t share children’s info
  • Educational AI (Khanmigo) preferred for kids’ learning
  • Discuss AI use openly with children
  • School policies vary — know yours

Quick ethical decision rules

Before using AI for something, ask:

  1. “Would I be comfortable if everyone knew I used AI for this?”
    • If no: probably don’t, or disclose
  2. “Am I claiming as mine what an AI created?”
    • If yes: ethical concern
  3. “Could this AI output harm someone?”
    • If yes: extra care needed
  4. “Am I verifying the important facts?”
    • If no: do it
  5. “Am I respecting privacy?”
    • If unclear: assume more privacy

Free vs paid privacy implications

TierCommon privacy properties
Free consumerMay use data for training; check settings
Paid consumerUsually NOT used for training; better protections
APIGenerally not used for training
EnterpriseStrongest protections; DPAs available

For sensitive content: paid or enterprise tiers, or local AI.


When AI is the wrong tool

Don’t use AI as substitute for:

  • Mental health crises → Lifeline (13 11 14), Beyond Blue (1300 22 4636), Kids Helpline (1800 55 1800)
  • Medical emergencies → 000 or hospital
  • Legal emergencies → lawyer or Legal Aid
  • Financial advice → licensed financial adviser
  • Real human connection → other humans
  • Important decisions → your judgment + qualified humans

Red flags in AI usage

Be alert if:

  • You’re using AI to bypass policies (school, work)
  • You’re using AI for content that could harm others
  • You’re becoming dependent in concerning ways
  • You’re sharing more personal info than you would publicly
  • You’re trusting AI outputs without verification
  • You’re using AI to deceive (academic, professional, personal)

These suggest reconsidering use.


See also


Sources

  • Australian Privacy Act 1988 and Australian Privacy Principles
  • ACCC Scamwatch advisories
  • Australian eSafety Commissioner resources
  • OAIC AI guidance (2023-2026)
  • Lifeline, Beyond Blue, Kids Helpline contact information
  • State Listening Devices Acts