AI Safety for Everyone Else: The Practical Version, Not the Existential One

When researchers talk about "AI safety," they usually mean preventing future systems from doing catastrophic things at large scale. Important work. Not the conversation most people need to have this year.

The version of AI safety that actually matters in 2026 — for users, for employees, for anyone who has a ChatGPT or Claude or Gemini tab open on their browser — is much more boring. It is: how do I avoid being the person who quietly pastes client information into a public chatbot, or who confidently cites a court case that does not exist, or who treats a model's confident answer about a medication as a fact.

I have been working with these tools daily as a developer. Below is the practical version: the categories of mistakes I see people actually make, drawn from real incidents and from watching colleagues, and the habits that prevent them.

The mistake categories that matter

1. Confident hallucination. Large language models do not know what they do not know. They will produce a fact-shaped sentence about anything you ask, including things they have no information about, in the same confident tone as everything else. The most public example: in 2023, a New York lawyer used ChatGPT to draft a legal brief and submitted six citations to court cases that did not exist. The judge, in <a href="https://www.courtlistener.com/docket/63107798/mata-v-avianca-inc/" rel="nofollow noreferrer" target="_blank">Mata v. Avianca</a>, sanctioned him. The cases were not "kind of wrong" — they were entirely invented, complete with fake judges and fake quotations. The lawyer had asked the model whether the cases were real; it confidently said yes.

This is the single most consequential failure mode for non-technical users. The model is not lying intentionally; it is autocompleting text, and "a plausible-sounding citation" is good autocomplete. The user has to verify.

2. Data leakage. A pattern that has shown up at multiple companies: an employee, trying to be efficient, pastes a proprietary block of code, an internal document, or customer information into a public AI tool. <a href="https://www.bloomberg.com/news/articles/2023-05-02/samsung-bans-chatgpt-and-other-generative-ai-use-by-staff-after-leak" rel="nofollow noreferrer" target="_blank">Samsung famously banned ChatGPT internally in 2023</a> after exactly this happened — employees had pasted confidential source code and meeting notes to get summaries. Most major AI providers' default behavior is to retain prompts for some period, and some use them to improve future models unless you opt out.

This is not paranoid. It is just the default to know.

3. Outsourcing judgment. The mistake I worry about most for long-term users. The more you let a model decide for you — what to email, what to recommend at work, what to think about a topic you don't know well — the more you train yourself out of the underlying skill. This is not "AI bad." It is "tools that do parts of your thinking for you have a long history of atrophy effects." Pocket calculators reduced mental arithmetic. GPS reduced map skills. LLMs are doing something similar to writing and analysis.

4. Treating tone as truth. LLMs sound calm, balanced, and informed. That tone is a feature of the training data, not a feature of the answer. Wrong answers are delivered in the same confident voice as right ones. People rely on tone as a signal of credibility — that signal is broken with these systems.

The habits that actually help

Verify any fact you would feel bad citing wrong. This is the rule. If the AI tells you something that you might quote at work, in writing, in a conversation that matters — search for the specific claim. Names, dates, statistics, court cases, drug interactions, study citations. Fifteen seconds with a search engine catches most hallucinations. The Mata lawyer didn't do this.

Treat the model's output as a confident draft from a fast intern. Useful starting point. Always reviewed. Never trusted on details you cannot independently check.

Don't paste sensitive material into general-purpose tools. Sensitive means: financial details, medical information about you or others, work documents under confidentiality, anything covered by a privacy law your country has. For each major provider, there is a setting somewhere in privacy or data controls labeled something like "improve the model for everyone" or "use chats to train our models." Find it, read it, decide. The setting defaults are usually generous to the provider, not to you. <a href="https://help.openai.com/en/articles/7730893-data-controls-faq" rel="nofollow noreferrer" target="_blank">OpenAI's data controls FAQ</a> and the equivalent pages for Anthropic and Google are worth ten minutes of your time.

Use the right tool for the risk level. For work that has to stay private, use an enterprise version (most major AI tools now have one that explicitly does not train on your data), or a model running locally on your own machine. For genuine medical, legal, or financial questions, use the AI to prepare a question for a professional, not to answer the question itself.

Don't auto-act on AI-generated email and replies. The smart-reply suggestions in Gmail, the AI-drafted replies in support tools, the auto-summaries before a meeting — they're often fine and sometimes badly wrong. The cost of glancing at them once before they go out is roughly zero. Do it.

Watch your own skills. If you notice you cannot write a brief email without AI help anymore, that is a signal worth taking seriously. Skill drift is real, and not a moral failing — but worth catching early. I keep one type of work explicitly AI-free as a baseline, the same way some people deliberately keep a hobby that requires their hands.

What this looks like in real life

A few concrete examples of the habits in practice.

Researching a medical question. Acceptable: ask the model to summarize what is generally known about a condition, list the common questions to bring to a doctor, and explain unfamiliar terms in a treatment summary. Not acceptable: ask it whether to take a specific medication, especially for someone else, especially mixing drugs. The first is a research aid. The second is asking a confidently autocomplete-shaped tool to make a real decision.

Writing a work email. Acceptable: paste a rough draft, ask for tone or clarity feedback. Not acceptable on a confidential matter: paste the full thread including private business details into a public tool. Use a private-mode setting, an enterprise version, or accept slightly worse drafting help in exchange for not leaking the thread.

Coding. Acceptable: AI autocomplete suggestions you read before accepting, asking for explanations of unfamiliar code, brainstorming approaches to a problem. Not acceptable: copying generated code into production without understanding it, or pasting proprietary code into a public tool without confirming the data policy.

The mental model that works

Most "AI safety for users" advice is too vague to act on. The mental model I actually use is simpler:

Treat any AI tool the way you would treat a confident, well-read stranger who occasionally makes things up and forgets nothing you tell them.

That covers most of the rules. You would not trust their stock tip without checking. You would not give them your bank statements. You would not let them write your wedding speech unsupervised. You also would not refuse to talk to them — they are useful, when used with judgment. The tools deserve the same treatment.

The honest summary

AI tools — from recommendation feeds to generative models — have gotten good enough, fast enough, that the bar for using them well has shifted from technical knowledge to ordinary good judgment. The mistakes that are getting people fired, sanctioned, or quietly embarrassed are not technical mistakes. They are the same mistakes you would make trusting any new, confident, fast information source without keeping your own skepticism intact.

A small number of habits prevents almost all of the real-world failures: verify the facts that matter, don't paste private things into public tools, keep your own judgment in the loop, watch for skill drift. None of these require an engineering degree. All of them require remembering that the tone of the response is not a guarantee of the contents.

If you have run into an AI mistake — your own or one you watched at work — and want it covered or anonymized in a follow-up piece, email <a href="mailto:hello@curiospark.org">hello@curiospark.org</a>.