Why careful people still paste their data into AI
It isn't a lack of information: perfectly aware people still paste sensitive data into AI. Here are the biases at play — and the only defense that holds.
When careful people still paste sensitive data into ChatGPT, it isn't out of ignorance: they know. Three biases do the rest — the brain overvalues the time saved now, undervalues a distant and uncertain risk, and gets used to a shortcut no one ever punished. The result: it isn't a knowledge problem, it's a friction problem. And a friction problem isn't solved with more warnings, but by making the safe option automatic.
The time saved is immediate, the risk is distant
The human brain discounts the future: a reward now weighs more than a bigger but delayed and uncertain loss (that's present bias). Pasting a file into AI saves five minutes, right now. The risk is hypothetical and fuzzy — “maybe, someday, if it leaks.” In that contest, the immediate almost always wins.
“It won't happen to me”
Optimism bias piles on: we judge ourselves less exposed than average. The leak, the audit, the complaint — those happen to other people. And since no one around us ever got caught, it looks like proof that “it's fine.” That's exactly what makes the bias so sticky.
The shortcut that becomes the norm
The first time, you hesitate. Maybe you change a name by hand. Then, pressed for time, you skip the step — and nothing happens. Next time, you do it again. That's normalized deviance: a deviation with no visible consequence turns into a habit, then into the team's unspoken standard. The field puts it bluntly: “some do it at first, then to save time, they stop.”
You don't fix a bias with a reminder
Reminders and policies inform, but they demand willpower at the exact moment the brain is in “quick” mode. What holds is removing the decision: an engine that detects and masks sensitive data automatically before sending, and restores the answer in the browser. The right move stops being an act of discipline and becomes the default behavior.
That's exactly what ONYRI Sanitize does: anonymization is no longer a step you can forget, it's the default path. Sensitive data stays in the browser, whether you're vigilant that day or rushed by a deadline.
Frequently asked questions
- If people know it's risky, why do they do it?
- Because knowing isn't enough. Present bias overvalues the time saved now against a distant risk; optimism bias whispers “not me”; and the lack of any visible consequence turns the shortcut into a habit. It's a friction problem, not an information problem.
- Isn't training or a policy enough?
- They help set the frame, but they rely on each person's willpower, on every message. And that's exactly the willpower that fails when people are rushed. Making anonymization automatic protects even on the days attention drops.
- How do I make the right reflex automatic?
- By tooling up anonymization: an engine detects and masks sensitive data before sending, then restores the answer in the browser. The safe behavior becomes the default path, with no effort or decision to repeat each time.
Sources & references
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt