anonym.legal

By · Last updated 2026-04-04

返回博客人工智能安全

没有技术管控的 AI 政策,注定失效

77% 的员工即使在政策明令禁止的情况下,仍会向 AI 工具分享敏感工作数据。一名政府承包商将 FEMA 洪灾救助申请者的数据粘贴进了 ChatGPT。

April 4, 20268 分钟阅读
AI data governancetechnical controlsChatGPT policy failureChrome Extension DLPenterprise AI security

当政策遭遇真实行为

一名政府承包商承受着压力——FEMA 洪灾救助申请积压成山。他将申请人的姓名、地址和健康记录粘贴进 ChatGPT 以加快处理速度。在他看来,自己并没有违法,只是用了手边最顺手的工具。

结果:一场政府调查和公开披露。

这正是「只靠政策」推行 AI 治理的核心失败所在。政策告诉员工该怎么做,但无法阻止行为本身。

77% 的企业员工至少每周会向 AI 工具分享敏感工作数据——即便政策明令禁止(eSecurity Planet/Cyberhaven 2025)。这些并不是粗心大意的员工,而是在时间压力下选择最快工具的普通人。

政策为何会失效

AI 使用政策依赖员工在输入信息时的临场判断。那一刻非常短暂:员工可能记不起相关政策,可能并不认为这些内容属于「敏感信息」,也可能认为时间节省带来的收益值得承担风险。

Cyberhaven Q4 2025 分析发现,34.8% 的 ChatGPT 输入包含机密业务信息。其中许多用户是知晓政策的,但仍然选择粘贴。

访问控制之所以有效,是因为系统会强制执行。邮件层面的 DLP 之所以有效,是因为系统会自动应用。AI 使用政策在粘贴操作发生的那一刻没有任何执行机制,只能依靠人的判断来填补空缺。大规模场景下,人难免出错。

FEMA 承包商犯的正是这样的错误。他不是恶意行为者,只是政策要求他在效率与规则之间做出选择,而在压力之下,他选择了效率。

技术管控能做到政策无法做到的事

真正能在规模化场景下发挥作用的解决方案,必须在技术层面发挥作用——而不是在培训层面。

浏览器扩展程序可以在剪贴板内容到达任何网页端 AI 之前完成拦截。当承包商将申请人的姓名和地址复制后粘贴进 ChatGPT,扩展程序会检测其中的 PII,完成匿名化处理,并将干净版本发送出去。AI 看到的是 [NAME_1][ADDRESS_1],而非真实信息,任务依然得以完成,申请人的隐私数据始终未触及 ChatGPT 的服务器。

这一切都是自动完成的,无需员工记住任何规则。

对于使用 Cursor 或 GitHub Copilot 的开发者,MCP 服务器 提供了相同的防护层:粘贴进 AI 上下文的代码会先经过匿名化引擎处理,凭证和专有标识符被替换为令牌,AI 接收的是干净的输入,仍能给出有用的输出。

请参阅技术对比:拦截 vs 匿名化——浏览器 DLP 方案比较

技术管控如何改变结果

有了浏览器扩展程序,FEMA 承包商的场景会完全不同:

  1. 承包商从案件管理系统复制申请人记录
  2. 扩展程序检测到剪贴板中的 PII
  3. 预览窗口显示将被替换的内容
  4. 匿名化版本发送至 ChatGPT
  5. ChatGPT 处理请求并返回结果
  6. 承包商获得所需帮助——不会触发任何调查

政策无需修改,培训无需重新开展,拦截层自动完成了一切。

政策培训在边际层面降低风险,技术管控则彻底消除失败模式。FEMA 事件是政策失效,若当时承包商的设备上部署了一个 Chrome 扩展程序,这不过是一件普通的日常小事。

延伸阅读:

参考来源

相关文章

人工智能安全

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

人工智能安全

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

人工智能安全

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.