top of page

Is That AI Tool Actually Safe? A Prompt Anyone Can Run


Every week I get some version of the same message from clients: "Hey Erick, is this AI tool actually safe to use?"
Every week I get some version of the same message from clients: "Hey Erick, is this AI tool actually safe to use?"

The tools change. The concern doesn't. New AI platforms launch constantly — many with polished landing pages, bold feature claims, and zero transparency about who's behind them, where your data goes, or how they stay in business.

So instead of answering the question one client at a time, I built a prompt that lets anyone run the check themselves. Here's the full breakdown — and the prompt, free, no strings attached.


The Problem: You Can't Always Tell

The AI tool landscape has four categories most people can't easily distinguish at sign-up:

  • Legit companies — Real team, real funding, clear privacy practices. Usually fine.

  • Polished landing pages — Looks great. No real company behind it. No support, no recourse.

  • Data harvesters — Free to use because you and your prompts are the product.

  • Gray-market API resellers — Routing your calls through unverified third parties, often violating the original provider's ToS.

By the time you realize a platform was problematic, you've already submitted client work, connected integrations, or signed up with your real email — and now you're the data funding their operation.


A Real Example: DIT.ai

I ran this check recently on DIT.ai — a platform marketing itself as an AI token exchange that routes your API calls to the cheapest available provider, claiming savings of 30–70%.

Verdict: Moderate–High Risk. The savings are plausible, but: no founders listed, no team page, no headquarters address, no compliance certifications, and no visibility into who the 160+ "competing providers" actually are. Your prompt gets routed to whichever anonymous supplier is cheapest at that moment — under their own undisclosed data policy. Fine for non-sensitive experimenting. Not for anything involving client data, PHI, or proprietary business information.


The 8-Category Framework for the AI Prompts

The prompt runs a structured check across eight categories:

  1. Company Identity — Who owns it, where they're based, who's running it, and whether leadership has a verifiable track record.

  2. Funding & Financial Backing — VC-backed, bootstrapped, government-funded? Who are the investors and are any concerning?

  3. Business Model — How do they make money? If free, what's being monetized — data, ads, premium tier?

  4. Data & Privacy — Privacy policy summary. Do they train on your prompts? Can you opt out? GDPR/CCPA compliance?

  5. Terms of Service — Broad rights over your content? Data retention and deletion policy? Acquisition clauses?

  6. Security & Trust Signals — SOC 2, ISO 27001, bug bounty program, documented breaches?

  7. Reputation & Red Flags — Credible press? Legal issues? Newly registered domain? No community presence?

  8. Verdict — Low / Moderate / High Risk / Insufficient Data, with top 3 reasons and a plain-language recommendation.


The Prompt — Copy It, Use It, Share It

Drop this into Claude or ChatGPT with web search turned on. Replace the URL placeholder with the platform you want to check:

I need you to research the AI platform or tool at this URL: [INSERT WEBSITE URL HERE]

Please act as a technology due diligence analyst and give me a clear, structured safety and trust assessment. Cover the following:

1. Company Identity
— Who owns or operates this platform?
— Where is the company incorporated or headquartered?
— Who are the founders or key leadership, and do they have credible backgrounds?
— Is this a startup, an established company, or an unknown entity?

2. Funding & Financial Backing
— Venture-backed, bootstrapped, or government-funded?
— Who are the known investors? Any concerning ones?
— Is there transparency around their financial model?

3. Business Model
— How does this platform make money?
— If free, what is being monetized — ads, data, premium tiers?
— Does the pricing or model make sense for a legitimate business?

4. Data & Privacy
— Is there a clearly written Privacy Policy? Summarize the key points.
— Is user data used to train AI models? Can users opt out?
— Do they share or sell data to third parties?
— GDPR / CCPA compliant?

5. Terms of Service
— Easy to find and reasonably written?
— Any clauses giving unusually broad rights over user content?
— Data retention and deletion policy?

6. Security & Trust Signals
— Published security policy or SOC 2 / ISO 27001 certifications?
— Responsible disclosure or bug bounty program?
— Documented incident history or known breaches?

7. Reputation & Red Flags
— Credible reviews, press, mentions from trusted tech sources?
— Reported scams, controversies, or legal issues?
— Domain newly registered or long history?
— Does the website feel legitimate?

8. Verdict
Give an overall trust rating: Low Risk / Moderate Risk / High Risk / Insufficient Data
List the top 3 reasons for the rating.
List specific concerns a non-technical user should know before signing up.

Use plain language. Avoid jargon. Flag anything that feels off, even if it's a gut-check observation.

3 Rules to Remember

  • Web search must be ON. Without it, the AI only accesses training data — which may be months old.

  • Low info = yellow flag. Real companies have press, team pages, LinkedIn profiles. Invisible online + asking for your data = leap of faith you shouldn't take.

  • Free ≠ Safe. If you can't find the business model in two minutes, assume data monetization until proven otherwise.


For Business Users

This prompt is a starting point, not a final verdict. For anything involving client data, PHI, financial records, or a significant financial commitment, the output should be a conversation starter — not a green light. If you're in a regulated industry (healthcare, finance, legal, education), every AI tool that touches your workflow needs a formal vendor risk assessment before it goes near production data.


That's where Chibitek can help. Reach out at hello@chibitek.com or visit chibitek.com.

Disclaimer: This post and prompt are provided for informational and educational purposes only. The output generated by any AI tool using this prompt does not constitute legal, security, compliance, or professional advice. Chibitek makes no representations regarding the accuracy or completeness of AI-generated assessments. Users are solely responsible for decisions made based on AI output. For critical decisions, consult a qualified professional.

Comments

bottom of page