In April 2023, Samsung engineers used ChatGPT to debug proprietary semiconductor source code. Within days, three separate internal incidents had exposed confidential chip designs, internal meeting notes, and hardware test data to OpenAI's training pipeline. Samsung had no policy prohibiting this use. The engineers weren't being careless — they were being productive. The audit gap wasn't a technical one. It was a visibility gap: no one had mapped what data was flowing where.
Most guidance on AI safety focuses on what organizations should do. But the Samsung incident shows that individual decisions — made daily, at every seniority level — are where risk actually materializes. A safety lens means developing the habit of asking, before each AI interaction: What am I feeding this system, and what could happen if that data left this conversation?
An audit of your own AI use is not a one-time compliance exercise. It is an ongoing practice of mapping the data flows, tool capabilities, and decision points embedded in your daily work. The goal is to surface risks you have already accepted without realizing it.
Researchers and practitioners who analyzed post-incident reviews at companies including Samsung, Chegg, and Rite Aid proposed four dimensions along which individual AI use can be audited. These dimensions form a practical self-assessment framework.
When Chegg, the education technology company, disclosed in May 2023 that ChatGPT was affecting its core business, executives identified that students had begun using AI not just to check work, but to replace the entire learning workflow Chegg's products were designed to support. The same pattern appears at the individual level: a tool adopted for one narrow purpose gradually absorbs more and more of the original workflow, each step feeling incremental and reasonable.
The risk in scope creep is not any single expansion — it is the cumulative effect. After many small steps, the human who was originally in the loop may find themselves reviewing AI output only nominally, if at all. An audit must track not just current use but the trajectory of use: how has your reliance on this tool changed over the past three months?
If you feel uncomfortable imagining your AI use described in an internal audit report — the tools you use, the data you input, the outputs you act on without checking — that discomfort is diagnostic. It points exactly to where your audit should start.
A useful personal audit takes less than 30 minutes and requires only honest recall. List every AI tool you have used in the past two weeks. For each tool, note: what data went in, what decisions came out, whether you verified those decisions, and whether the use was within any applicable policy. Then apply the four dimensions above to each entry.
The output is not a compliance document. It is a personal risk map — a view of where you are most exposed and where your safety habits are strongest. This map becomes the foundation for everything else in this module.
An audit is not an accusation. It is a diagnostic. The goal is accurate visibility, not guilt. Every practitioner who has conducted an honest audit of their AI use has found at least one practice they want to change.
You work in a mid-sized financial services firm. Over the past month you have used three AI tools: the company-approved Microsoft Copilot for drafting emails, a personal ChatGPT account for analyzing client spreadsheets faster, and an unapproved browser extension that summarizes meeting notes and syncs to your personal Google Drive. You have not reported any of this use.
Apply the four audit dimensions to this scenario. Work through each dimension with the AI assistant below. After at least three substantive exchanges, this lab will be marked complete.
In February 2024, the British Columbia Civil Resolution Tribunal ruled against Air Canada after its AI chatbot told a bereaved customer that he could claim a bereavement fare retroactively — a policy that did not exist. Air Canada's defense, that the chatbot was "a separate legal entity responsible for its own actions," was rejected. The company was ordered to pay damages. The failure was not the hallucination itself. It was the absence of a human habit: verify before committing. No employee reviewed the chatbot's policy claims before they became binding customer promises.
Checklists require conscious attention. Habits run automatically, precisely when attention is depleted. The Air Canada case illustrates a universal truth about AI safety failures: they almost never happen when practitioners are alert and deliberate. They happen during the ordinary flow of work, when someone is moving fast and trusting the tool.
Research on human factors in automation — particularly the work of Lisanne Bainbridge, whose 1983 paper "Ironies of Automation" described how skilled humans become less skilled over time as automation handles routine cases — predicts exactly this pattern. The more capable and reliable the AI, the more the human's own monitoring capability atrophies. Safety habits counteract that atrophy by making certain checks automatic.
These habits have been recommended across multiple post-incident analyses, including reviews following the Air Canada chatbot case, the 2023 cases in which New York lawyers submitted ChatGPT-fabricated case citations, and the Rite Aid facial recognition misidentification incidents of 2020–2023.
In May 2023, New York attorney Steven Schwartz submitted a brief in Mata v. Avianca that cited six court cases, all of which had been fabricated by ChatGPT. The cases had plausible names, realistic docket numbers, and convincing quotations. None of them existed. When the opposing counsel and judge asked for copies, Schwartz's firm had to admit the citations were AI-generated fabrications. The court sanctioned the lawyers for failing to verify their work.
Schwartz later stated he had not realized ChatGPT could fabricate citations. This is the source test failure in its starkest form: AI output was treated as a factual lookup tool rather than a generative system that produces plausible text. The habit of applying the source test — checking that cited cases actually exist — would have caught this before submission.
Both the Air Canada and Mata v. Avianca cases share a structure: a professional used AI output to make a consequential commitment without verification. The tool, the domain, and the consequence differed. The missing habit was the same: the commit check.
Behavioral psychology research (notably Peter Gollwitzer's work on implementation intentions, published from 1993 through the 2000s) shows that habits form much faster when framed as "when X happens, I will do Y" rather than general intentions. Applying this to AI safety: "When I am about to send a prompt, I will spend three seconds asking what data this contains" is far more likely to become automatic than "I will be more careful with prompts."
Each of the five habits above can be formulated as an implementation intention. The most important is the commit check, because it sits at the point where error becomes consequence. If you develop only one AI safety habit, it should be this: before using AI output to make any external commitment, verify it.
Safety habits do not require more time. They require attention at specific trigger moments — the prompt, the commit, the monthly review. Each takes seconds. The cumulative effect over months is a substantially different risk profile from colleagues who never formed the habit.
You will work with the AI assistant to translate each of the five safety habits (Source Test, Prompt Audit, Commit Check, Drift Review, Disclosure Default) into personal implementation intentions using the "when X, I will do Y" format, applied to your specific work context.
Describe your actual work role (or a realistic hypothetical) and develop at least three implementation intentions. The assistant will help you identify the most important triggers and refine the specificity of each intention. Complete at least three back-and-forth exchanges to finish the lab.
From 2020 to 2023, Rite Aid deployed facial recognition systems in more than 200 stores, flagging customers as potential shoplifters. The FTC's December 2023 complaint documented that staff implemented the system's alerts — detaining or confronting customers — without being trained to recognize the system's error rates or to understand that it disproportionately misidentified people of color. Front-line employees who had concerns about the system's accuracy had no established channel to raise them. The FTC banned Rite Aid from using facial recognition for five years. The organizational failure was not just the system's bias — it was the absence of any mechanism for employees to surface what they were seeing on the ground.
Post-incident analyses consistently find that someone in the organization saw the problem before it became consequential. In the Rite Aid case, store-level employees were witnessing misidentifications. In the Air Canada chatbot case, the policy error was observable to anyone checking the company's published bereavement fare terms. The barrier was not knowledge — it was the absence of a viable path to raise the concern.
Psychological safety research (Amy Edmondson, Harvard Business School, from 1999 through present) identifies three barriers to raising concerns in organizations: fear of appearing incompetent, fear of appearing obstructionist, and uncertainty about whether concerns are legitimate. All three apply directly to AI safety: employees worry that raising concerns about an AI tool will seem like technophobia, that it will slow a project, or that they are simply wrong and will look foolish.
Research on effective safety communication across industries — aviation, nuclear power, healthcare — consistently shows that the framing of a concern determines whether it is heard. Several principles apply directly to AI safety contexts.
Between 2013 and 2018, IBM's Watson for Oncology was deployed at hospitals across Asia, Europe, and the Americas to recommend cancer treatments. In 2018, internal documents obtained by STAT News showed that Watson was recommending treatments that its own clinical advisors had flagged as "unsafe and incorrect." At least one advisory panel at Memorial Sloan Kettering had raised concerns internally as early as 2017. Those concerns did not reach clinical deployment sites until media reporting forced the issue.
The communication failure here was organizational, but individual practitioners at deployment sites could have surfaced concerns sooner using effective framing: "I want to flag a specific recommendation that differs from our standard protocol — can we verify this against our own clinical database before acting on it?" This framing is a check request, not a halt request. It is anchored to a specific observable event and proposes a verification step.
"I noticed [specific observable thing]. Before we [commit/act/deploy], can we [specific verification step]? I want to make sure we don't end up in the situation [documented case from another organization] faced." This template is concrete, proposes a check rather than a stop, and connects to external precedent.
Not all concerns will be acted on. Understanding what to do when a legitimate concern is dismissed is part of having a safety lens. The practical sequence is: raise the concern with specific framing once; if unaddressed, document that you raised it with a dated record; if the risk is significant and the dismissal persists, escalate to a formal channel (ethics hotline, legal, compliance, or external regulatory body where applicable).
Documentation matters because it establishes that the concern was raised in good faith and at the appropriate time. In post-incident reviews — including the FTC's Rite Aid proceeding — documented internal concerns that were dismissed become legally and organizationally significant. They demonstrate that the system failed, not the individual.
Your job is not to stop every AI risk. It is to ensure that risks you can see are seen by the people with authority to act on them, framed in a way that makes action possible. That is what the safety lens looks like in practice.
You are a marketing analyst at a retail company. Your team has started using an AI-powered customer segmentation tool to automatically assign risk scores to customers for credit promotions. You've noticed that the tool's scores seem to be declining for certain zip codes with high minority populations — scores that would disqualify them from promotional offers. Your manager is enthusiastic about the tool's efficiency gains. No one has reviewed whether the scoring model complies with fair lending guidance.
Draft a communication to your manager using the check-request template from Lesson 3. Practice with the AI assistant below. Aim for at least three exchanges to refine your message. This lab is complete after three substantive exchanges.
In 2022, researchers at Stanford published findings that developers using GitHub Copilot were significantly more likely to introduce security vulnerabilities into their code than developers working without AI assistance — and that Copilot users were also significantly more confident their code was secure. A 2023 follow-up study confirmed the pattern: AI-assisted developers produced more insecure code while believing they were working more carefully. The safety lens had not just weakened. It had inverted: the tool generated a false sense of security that displaced the human's own critical review.
The Stanford Copilot findings illustrate what researchers call "automation bias" in a particularly dangerous form: the AI's output not only substitutes for human judgment but actively suppresses the human's uncertainty. When you are uncertain, you double-check. When AI output makes you feel certain, you don't. This is not unique to coding. Studies of radiologists using AI-assisted diagnostics, financial analysts using AI-generated reports, and content moderators using AI flagging systems all show similar patterns.
A sustained safety lens requires active countermeasures against confidence inversion. The most effective are: deliberate periodic skepticism exercises (intentionally looking for what the AI got wrong, even when the output looks correct); tracking AI error instances in your own workflow; and regular recalibration of your confidence in specific tools based on observed error rates.
AI capabilities, deployment contexts, and documented failure modes evolve rapidly. A safety lens calibrated entirely on 2023 incidents may miss entirely new risk vectors that emerge in 2024 and 2025. But practitioners cannot monitor every development in a field that produces thousands of papers and incidents per year.
A sustainable approach involves three tiers of attention: a small set of authoritative sources reviewed regularly (NIST AI Risk Management Framework updates, the AI Incident Database, your organization's AI governance bulletins); a personal trigger list of the specific capabilities you use most and their known failure modes; and annual recalibration of your personal audit framework to check for new tools and new risk categories that have entered your workflow.
Between 2017 and 2023, the Amazon Rekognition facial recognition system was deployed by at least two dozen law enforcement agencies in the United States. Civil liberties organizations documented significant error rates, particularly for darker-skinned individuals. Despite public reporting and internal concerns, deployment continued to expand. Individual contractors and procurement officers who had the technical knowledge to surface those concerns rarely had the organizational standing to stop deployment.
The lesson for the individual practitioner is not that individual action is futile — it is that the form of individual action matters. A practitioner who documents concerns, raises them through appropriate channels, and establishes a record of having done so is in a fundamentally different position from one who notices problems and says nothing. Organizational drift toward unsafe AI practices is stopped, slowed, or mitigated most often by the accumulation of individual documented concerns reaching decision-makers simultaneously — not by a single heroic intervention.
The safety lens is not a fixed skill acquired once. It requires continuous recalibration as tools change, as organizational contexts shift, and as your own relationship with AI tools evolves. The practitioners who maintain effective safety lenses over years share one habit: they treat each new AI deployment as a fresh audit trigger, not as a continuation of existing safety coverage.
By completing this module, you have built the four components of a personal safety practice: a method for auditing your own AI workflows across four dimensions; a set of five durable safety habits anchored to specific implementation intentions; a framework for raising concerns effectively when you observe risk; and a sustainable approach to staying current as the technology and its failure modes evolve.
These are not theoretical tools. They are the specific practices that would have prevented or substantially mitigated every incident examined in this course — from the Samsung data leak to the Mata v. Avianca citation fabrication to the Rite Aid surveillance overreach. The technology will keep changing. The underlying structure of the risks will not. A practitioner who has internalized a genuine safety lens will continue to recognize risk in new forms, because they understand the patterns behind the incidents — not just the incidents themselves.
The most dangerous moment in AI safety is not the one where the risk is obvious. It is the ordinary Tuesday when the AI tool is working well, you are busy, and nothing seems wrong. That is exactly when habits matter most — because awareness is not available, but habits are always running.
This final lab asks you to synthesize everything from Module 8: the four audit dimensions, the five safety habits, the concern-communication framework, and the sustainability tier system. You will work with the AI assistant to draft a 90-day personal safety plan that includes: one monthly audit trigger, at least two implementation intentions, one concern-communication template adapted to your context, and a personal Tier 1 source list.
The plan should be specific enough that you could hand it to a colleague and they would understand exactly what you intend to do. Complete at least three exchanges to finish the lab.