Seeking free money advice from AI? Don’t be so quick to upload any financial statements
By Jeanne Sahadi, CNN
(CNN) — If you’re financially pressed, confused about money, or just want a little free help figuring out how to improve your cash flow, you may be tempted to use AI.
But you should know how to protect yourself before chatting about your finances with any AI tool (eg, ChatGPT, Copilot, Gemini, or Claude) so you don’t allow your sensitive personal information to be inadvertently exposed to others, including some who might use it to harm you. Also, you can’t count on AI to instruct you to protect your privacy – although depending on the wording of your prompt, it might.
For instance, earlier this month the popular podcaster and author Mel Robbins encouraged her followers on Instagram to try AI – and specifically Microsoft Copilot – to help them get control over their money. (In her video caption, she said she’d partnered with Microsoft Copilot.)
In the comments section to her post, Robbins offered a suggested prompt to use, which included the sentence: “I’ll share documents like bank statements, debt statements, bills, and income info when you ask.”
Neither her post nor her prompt included recommendations to redact sensitive information. (More on why you should do that below.)
A spokesperson for Robbins’ office said in an email that Copilot offered privacy warnings once a person put in Robbins’ exact prompt and shared the text of the replies they got when doing so. But when CNN used Robbins’ prompt in the free version of Copilot it got slightly different replies and nothing like the privacy warning the spokesperson had shared. (When asked why, a Microsoft spokesperson said “responses will vary even when the questions are the same or similar. Copilot, like other conversational AI assistants, adapts to the flow of the conversation, tone, and context.”)
In response to many followers’ criticisms of her original prompt, Robbins last Friday acknowledged their concerns and thanked them for the feedback in the comments section. She also amended her suggested prompt by replacing the sentence about uploading financial statements with this one: “Always remind me to remove personal information.”
Better prompt, better replies
That made a huge difference.
When CNN used Robbins’ amended prompt, every Copilot reply during the exchange included privacy warnings, with the first being the most extensive: “First, a quick safety thing: Please don’t share any personal information like your full name, account numbers, addresses, employer details, or anything that could identify you. If you copy numbers from a statement, remove names, account IDs, and exact dates.”
What to know
Indeed, your bank statement, W-2, tax return, credit card statement and other financial documents can reveal those items and more, including your phone number, email, income, debts, bank routing numbers, employee ID number, taxpayer ID number and Social Security number.
Uploading unredacted information like that carries several risks. “There’s a chance it could be hacked, leaked or breached,” said Rachel Tobac, CEO of SocialProof Security, a “friendly” hacker company.
Should that happen, you’re at risk for identity theft, account takeover or someone draining your bank account, according to Tobac, who has lent her expertise to teams working on security, privacy and abuse prevention at most of the major AI providers.
Put differently, “The privacy risk comes from the fact that AI memorizes stuff,” said Gang Wang, an associate computer science professor at the University of Illinois’ Grainger College of Engineering.
For instance, he said, “If your documents are part of AI’s training data – there is a risk that information will be induced by a special prompt that malicious actors might use.”
Or, say an AI tool accidentally leaks your credit card statement, Tobac said. “An attacker could craft a phishing message from any of the hundreds of merchants you’ve made purchases from, and it would be believable because they would know the date of your purchase, the merchant’s name and the amount paid.”
How to protect yourself
Before asking for free money advice from any AI program:
Check the tool’s latest privacy and data retention policies: They can change frequently, so don’t just ask the AI tool what they are, since it may have been trained on outdated versions, Wang said.
If you’re using a paid (or enterprise) version of any AI program, you’ll likely have somewhat greater protections than you do using the free option, but to what degree will depend on the version you’re using, he said.
Copilot users, for instance, may choose “which types of information it remembers about you. Users can also opt out entirely,” a Microsoft spokesperson said in an emailed statement. “Consumers can ask Copilot to remember, update, or delete specific facts at any time.” (More on its privacy controls here, here and here.)
Opt out of letting AI train on your data: You have to explicitly tell the maker of the tool that you don’t want the model training on your information, Wang said. Figuring out where you can formally opt out usually isn’t made obvious, he noted, so you’ll need to do some searching.
Sanitize any information you share: If you upload any financial statements or bills, heavily redact all personal identifying information and the specifics of transactions such as stores, locations and dates. Or, better yet, don’t upload statements and just include in your prompt a list of anonymous, broad categories of expenses and estimates of what you spend monthly (e.g., housing $2,500; credit cards $1,000; transportation, $200; food $750, etc.).
Do a gut check: Wang suggests asking, “Whatever I tell AI, AI may be able to tell other people. Do I care?”
And follow your intuition, Tobac said. If something doesn’t feel right, she cautioned, don’t do it.
“People are trusting AI tools like they’re a trusted fiduciary,” she said. “Your trusted fiduciary is required to work in your best financial interest, whereas a large, cloud-based AI service provider is often creating their policies based on their own best interest (and not yours).”
The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
