Background

As part of the rapidly growing expansion of AI technology, businesses have begun to offer services in which an AI “bot” might monitor, summarize, take images of, and/or record Zoom meetings for a user.

The presence of such AI services in Zoom meetings can not only be unwanted and distracting, but might also expose the data and personally identifiable information (PII) of the Cornell host and attendees. Without advance consent for the collection and recording of this information and contractual protections or restrictions on what the vendor is permitted to do with the data and PII collected, the activity of AI bots potentially violates important legal restrictions such as the Family Educational Rights and Privacy Act (known commonly by the acronym “FERPA”).

Prevent Unwanted AI Bot Presence in Zoom Sessions

When preventing unwanted AI bot access to Zoom sessions, consider strategies already developed for avoiding “Zoombombing” by unwanted or malicious human users. These strategies are outlined at Checklist: Keep Your Zoom Meeting Secure.

Below are two Zoom features to consider using when setting up Zoom meetings.

1. Require Attendees to Authenticate in Order to Join Zoom Meetings

Find details about this option at Require Authentication to Join Zoom Meetings. 

In brief, Cornell Zoom meeting and webinar authentication options include:

• Cornell Users
  If you have chosen to require authentication for your meeting, this is the default option. Using this setting restricts a meeting to users who sign in using Cornell’s Zoom website (https://cornell.zoom.us) using Cornell credentials. While this is a more restrictive setting, as it limits meetings to Cornell users, it is more secure.
• Sign in to Zoom
  This setting restricts the meeting to users who have signed in with any Zoom account, free or paid, Cornell or non-Cornell. This offers some protection but is much less secure than Cornell Users.

It is a good rule of thumb that unless you have a specific use case or an attendee who does not or cannot have a Zoom account, you should use one of these authentication options above to help prevent AI bot access to meetings.

Choose the option that best fits the profiles of your anticipated attendees – and strongly consider using the Cornell-only option if possible. Note that you can use one of the settings above and create an exception for specific users you choose – see Add Authentication Exceptions for more details.

2. Use the Zoom Waiting Room Feature

Find details about this option at Admit Zoom Attendees from a Waiting Room.

For added security, or when you need to host a meeting without any authentication restrictions, enable the Waiting Room, and then do not admit obvious bots or attendees that you don’t recognize.

Of course, the best protection for your Zoom meeting will come from using an authentication option and a waiting room in conjunction.

The AI bot industry is likely to become ever more sophisticated – in the future, versions may be available which are capable of basic Zoom sign in and authentication. This is an argument for developing the habit of using both authentication and waiting room options to help counter more sophisticated bots in the future.

Remove a Bot from a Zoom Meeting

Should a bot manage to join a meeting despite security settings, use the same options to remove it as you would for an unwanted human attendee. These actions include:

• Remove a Participant from a Zoom Meeting or Webinar
  Click Participants, click More beside the unwanted bot user, then click Remove.
• Lock Your Session
  This prevents additional users from joining. Click Security, then click Lock Meeting. Repeat to unlock the meeting.
• Suspend Participant Activities
  This will suspend all participants’ screen sharing, video, audio, and breakout rooms, and locks the meeting. Click Security, then the red Suspend Participant Activities link.

Find details about using these features in the list of security options at Zoom Security Features: Reduce the Odds of Zoombombing.