What is Zoom AI Companion?
Zoom's AI Companion features are an opt-in suite of generative AI tools that enhance the in-meeting and post-meeting experience. The University has made the following functions in AI Companion available:
It is important to note that Zoom does not use any of the data captured by the AI tools to train the Large Language Model. Find more information about how Zoom's AI Companion handles data.
NOTE: Zoom AI Companion should not be used during meetings with sensitive information. It is approved only for Level 1 and 2 data (see the Data Classification Policy for a description of data levels). Level 3 data and higher (PHI, HIPAA, Business Sensitive Data) is prohibited in any use cases where AI Companion is present.
Acceptable Use and Academic Considerations
Due to the risk of inaccuracies, inability to understand tone, and the potential to lack additional context, AI tools should not be used to quote or paraphrase discussed topics. All summaries generated through the use of these AI tools should be reviewed for accuracy and edited (when applicable) prior to sharing.
Instructors who are interested in using Zoom AI Companion in their courses should declare this in their syllabus. AI summaries are not valid replacements for notetaking in courses. Instructors should state clearly to students that AI summaries cannot be relied upon for the accuracy of course content.
Refer to Zoom AI Companion: Guidance for Instructors for more information.
Best Practices for Use of AI Companion for Meetings
Inform Attendees of Use
- Declare your intent to enable any features.
- If concern around the use of AI is expressed in the meeting, consider disabling the features.
- Reminder: Zoom AI Companion should not be used during meetings with sensitive information. It is approved only for Level 1 and 2 data (see the Data Classification Policy for a description of data levels). Level 3 data and higher (PHI, HIPAA, Business Sensitive Data) is prohibited in any use cases where AI Companion is present.
Attendee Identification
- Pronoun accuracy is dependent on a user's pronouns as listed within their Zoom account. If a user has no pronouns listed, the accuracy maybe be poor.
Meeting Summary
- Remind users that the meeting summary is not intended to be a full replacement for note taking.
- Be sure to review meeting summary transcripts for accuracy before sharing.
Smart Recordings
- Review the chaptering after your meeting recording has been processed and edit for accuracy.
- Consider exporting the Zoom recording to Panopto to take advantage of better chaptering capabilities.
In-Meeting Questions
- Zoom AI Companion is only able to respond to in-meeting questions based on content from after the feature was enabled in the meeting.
- Be specific with your prompts and questions for better accuracy.
Risks of Unauthorized Third-Party AI Tools
Zoom Meetings can contain sensitive information. As a university community, the security of your data and your colleagues’ data is a shared goal. Third-party tools or services may obtain private information during a Zoom meeting when appropriate security controls are not in place. The sections below outline the specific concerns raised when using third-party tools.
Third-party AI Tools/Bots, that should not be used are, but not limited to, the following:
- Fireflies.ai
- Sembly
- Meet Record
- Grain
- Avoma
- Dubber
- Fathom
- Gong
- Colibiri
This is not a complete list of third-party bots.
Privacy and Security (Data Recording and Use)
AI bots pose significant risks by accessing and using potentially sensitive data from the meeting.
- Recording Without Consent: Bots can record, transcribe, and store sensitive meeting content (audio, video, chat) without explicit, real-time consent from all participants, especially the host.
- AI Model Training: The data collected by these bots is frequently used to train the bot provider's AI models. This means confidential, proprietary, or private discussions could be used by third parties to improve the service for other non-Northwestern users.
Data Handling and Access
The management and access permissions of third-party AI bots introduce serious data security and compliance concerns.
- Handling of Sensitive Data: Most third-party bots are not approved for handling sensitive, regulated data (e.g., healthcare, financial, proprietary, etc.) and may violate internal policies like the University’s Information Security Policy or compliance regulations (like HIPAA or GDPR).
- Inappropriate Data Sharing: Bots may gather and inappropriately share meeting transcripts, summaries, and related documents.
- Calendar Access: Bots are often granted extensive access to the host's and attendees' calendar information, including meeting titles, participants, and private notes, which increases the scope of potential data compromise.
Self-Propagation (Viral Spread and Adoption)
Meeting AI bots can leverage their access to encourage rapid, widespread adoption.
- Unauthorized Communication: The "viral" nature of these bots allows them to email, message, or share information on your behalf without specific host or user permission, effectively propagating themselves to new users and meetings.
- Encouraging Adoption: Bots are deliberately designed to encourage adoption and ease of sign-up for other attendees present in meetings, increasing the number of users whose data and systems they can access.
Zoom Settings to Protect Your Meetings
To protect your meetings from non-approved AI services or bots:
- Enable "Require authentication to join" when scheduling your meetings.
- Enable the Waiting Room. This gives the host and co-host the ability to admit participants they can identify.