Guide7 min read

Is It Safe to Use AI for Real Estate? (Buyer/Seller Data, Wire Fraud)

Yes to draft, no with client data: never expose buyer pre-approvals, IDs or wire details to a consumer AI. Anonymise them first, then restore locally.

By Pierre de ONYRI

The short answer: yes to draft, no with client data. AI can write a listing, an email or a contract draft with no personal data at all. But a real-estate file holds the most coveted data around. Loan pre-approvals. Income. Bank details. Identity documents. Home addresses and move dates. And above all, the closing wire details. Pasted into a consumer AI, these can be retained or reused for training. Worse: they are the exact data that real-estate wire fraud exploits. There is a clean method: anonymise the identifiers before you send, then restore them locally.

What a real-estate file lays bare

A single transaction file holds a rare density of sensitive data. An agent touches all of it, in one place. That is what makes it such a valuable target. Look at what sits inside.

  • Buyer financials: pre-approval letter, income, bank and mortgage details, sometimes a Social Security Number (SSN in the US).
  • Identity: driver's licences and IDs, collected for verification (KYC) or the purchase offer.
  • Home address and move date: information that is sensitive for people's physical safety.
  • Transaction and wire details: the account, the bank and the payment instructions for closing.

The Information Commissioner's Office (ICO), the UK's data protection regulator, confirms the point. Financial data — bank account, card, economic information — is personal data. Identification data is too. These are the exact categories a real-estate file piles up, from a pre-approval letter to a copy of an ID.

The real danger: wire fraud (BEC)

Real estate is a prime target for one specific scam. It is called Business Email Compromise, or BEC. The FBI, through its complaint centre IC3 (Internet Crime Complaint Center), ranks it among the costliest cybercrime categories it records. Reported losses run into billions of dollars each year. It is not the most frequent fraud, but it is one of the heaviest.

The FBI IC3 has specifically flagged a real-estate 'nexus' within BEC. The playbook is well worn. The criminal targets every party to a deal: buyer, seller, agent, title or escrow company, attorney. They compromise an email account, then quietly monitor the deal. At the last minute, they send a request to change the account or the wiring instructions. The closing funds then go to them. Across a window of roughly 2020 to 2022, the FBI IC3 documented a sharp multi-year rise in real-estate-linked reports and losses.

The link to AI is direct. Every transaction detail you expose becomes a lever for the impostor. The more they know, the more convincing their fake wire request looks.

The law: confidentiality duties are real

The data in a real-estate file carries more than reputational risk. It carries duties. In the US, an agent owes the client confidentiality under their state's real-estate licence law. The rules vary from state to state, but the principle holds everywhere.

The financial side adds a framework. The FTC enforces the Gramm-Leach-Bliley Act (GLBA), a federal financial-privacy law. Businesses that handle consumers' financial information must explain their sharing practices and safeguard sensitive data. An agent alone is usually not a 'financial institution' under the GLBA. But the lender, the broker and the settlement firm often are. So these duties apply to the mortgage and closing side of a deal.

You assumeThe reality
“Pasting a pre-approval into AI is harmless”It's personal financial data the tool can retain and reuse
“Wire details carry no risk”They are the exact data that wire fraud (BEC) exploits
“Email is enough to confirm an account”The FTC says verify by calling a known, trusted number
“An agent owes no duty on this data”They owe confidentiality under their state's licence law
The risk isn't talking real estate with an AI — it's the client data you leave behind in the prompt.

The fix: anonymise before you send

Good news: AI stays a great tool for real estate. It writes listings that convert. It shapes a clear client email. It structures a contract draft or a comparative market analysis (CMA). For all of that, it needs no real name, amount or number. It works on the structure, not on your secrets.

Two-part diagram: at top, a property listing card with buyer rows in the clear (pre-approval, ID, bank, in amber) travels toward a high-risk AI card, marked with an amber alert hinting at wire-transfer diversion; at bottom, the same card anonymized shows only cobalt tokens, and the AI receives only tokens with a validation checkmark.
After FBI IC3 warnings on real-estate wire fraud (BEC), FTC consumer advice, and the ICO's guidance on personal data.

When you must include a concrete case, anonymise it first. Each identifier becomes a token. The AI reasons about the shape of the situation, without ever seeing the real values. You restore the real data afterwards, locally. Nothing sensitive leaves your control.

  1. 1Spot the data to protect: names, pre-approvals, amounts, bank details, wire instructions, addresses.
  2. 2Replace them with reversible tokens, in the browser.
  3. 3Send only the anonymized text to the AI for the listing, email or contract.
  4. 4Restore the real values in the reply, locally.

That's what ONYRI Sanitize is for. The engine detects the sensitive data in a file — names, pre-approvals, amounts, bank details, wire instructions, addresses — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. The AI finds only tokens, never your buyers' and sellers' real data. You keep the speed of AI, without handing fraudsters the details they hunt for. It is risk reduction, not a compliance guarantee.

Frequently asked questions

Is it safe to use AI for real estate?
Yes to draft, no with client data. AI can write a listing, an email or a contract draft with no personal data at all. But never paste pre-approvals, IDs, bank details or wire instructions into a consumer AI. That data can be retained, and it is exactly what wire fraud exploits. Anonymise it before you send.
Why is wire fraud such a risk in real estate?
Because a transaction moves large sums and a lot of email. The FBI IC3 ranks Business Email Compromise (BEC) among the costliest frauds, with a marked real-estate nexus. A scammer compromises an email account, monitors the deal, then changes the wiring instructions at the last minute. Every exposed transaction detail makes their fake request more convincing.
Can AI write a listing without my clients' data?
Yes. A good listing describes the property and its strengths, not the buyer's finances. You can have the listing, email or contract structure drafted on anonymous tokens. The AI works on the form, and you restore the real values locally afterwards.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next