Skip to main content

Cornell University

IT@Cornell

Strategies to Block AI Bots from Zoom Sessions

This article applies to: Zoom

What Are the Issues with AI Bots in Zoom Sessions?

''

As part of the rapidly growing expansion of AI technology, businesses have begun to offer services in which an AI “bot” might monitor, summarize, take images of, and/or record Zoom meetings for a user.

The presence of such AI services in Zoom meetings can not only be unwanted and distracting but also expose the restricted and sensitive data, including the personally identifiable information (PII) of the Cornell host and attendees. 

Without advance consent for the collection and recording of this information and contractual protections or restrictions on what the vendor is permitted to do with the data and PII collected, the activity of AI bots potentially violates important legal restrictions such as the Family Educational Rights and Privacy Act (known commonly by the acronym “FERPA”).

Familiarize Yourself with Steps that Generally Prevent Unwanted Participants

Consider strategies already developed for avoiding “Zoombombing” by unwanted or malicious human users, outlined at Checklist: Keep Your Zoom Meeting Secure.

Require Attendees to Authenticate in Order to Join Zoom Meetings

Find details about this option at Require Authentication to Join Zoom Meetings.

In brief, Cornell Zoom meeting and webinar authentication options include:

  • Cornell Users
    If you have chosen to require authentication for your meeting, this is the default option. Using this setting restricts a meeting to users who sign in using Cornell’s Zoom website (https://cornell.zoom.us) using Cornell credentials. While this is a more restrictive setting, as it limits meetings to Cornell users, it is more secure.
  • Sign in to Zoom
    This setting restricts the meeting to users who have signed in with any Zoom account, free or paid, Cornell or non-Cornell. This offers some protection but is much less secure than Cornell Users.

It is a good rule of thumb that unless you have a specific use case or an attendee who does not or cannot have a Zoom account, you should use one of these authentication options above to help prevent AI bot access to meetings.

Choose the option that best fits the profiles of your anticipated attendees – and strongly consider using the Cornell-only option if possible. Note that you can use one of the settings above and create an exception for specific users you choose – see Add Authentication Exceptions for more details.

Use the Zoom Waiting Room Feature

Find details about this option at Admit Zoom Attendees from a Waiting Room.

For added security, or when you need to host a meeting without any authentication restrictions, enable the Waiting Room, and then do not admit obvious bots or attendees that you don’t recognize.

Of course, the best protection for your Zoom meeting will come from using an authentication option and a waiting room in conjunction.

The AI bot industry is likely to become ever more sophisticated – in the future, versions may be available which are capable of basic Zoom sign in and authentication. This is an argument for developing the habit of using both authentication and waiting room options to help counter more sophisticated bots in the future.

Block Specific Vendor Domains Known to Host AI Bots

If you are concerned about AI bots joining meetings or webinars, you have the ability to block participants who have specific internet domains from joining. This feature can be used to block certain domains that are known to host AI bots. 

The tactic of blocking the internet domain of a vendor known to host AI bots may not be sufficient to prevent their AI bots from joining your Zoom meeting. Some AI bot vendors are now using multiple or alternate domains to circumvent attempts to block by domain.

To block users from a specific domain from joining meetings and webinars you host:

  1. Log in to the Cornell Zoom site.
  2. Select Settings, then the Meeting tab.
  3. Under Security, scroll down to the setting Block users in specific domains from joining meetings and webinars.
    • If the setting is enabled, the toggle will be to the right and colored blue.
    • If the setting is disabled, enable it by clicking the toggle.
  4. In the text field, type the names of any domains that you want to block from joining meetings and webinars you host. If you are entering more than one domain, separate them with commas.
  5. Click Save.
Be aware that blocking domains with this feature will block any participant with that domain from joining meetings and webinars, not just AI bots.

Ask the Participant to Disable the AI Bot

If the bot name clearly associates it with a specific meeting participant, contact the person using Zoom chat and ask them to disable the bot. 

Some participants may not know how to disable their bot, in which case you should tell them to review the documentation for the bot service or contact the vendor for help.

If a participant is unwilling to disable their bot during a meeting that may include sensitive or restricted information, see your options below under “Remove a Bot from a Zoom Meeting.”

Remove a Bot from a Zoom Meeting

Should an AI bot manage to join a meeting despite security settings, use the same options to remove it as you would for an unwanted human attendee. These actions include:

  • Remove a Participant from a Zoom Meeting or Webinar
    Click Participants, click More beside the unwanted bot user, then click Remove.
  • Lock Your Session
    This prevents additional users from joining. Click Security, then click Lock Meeting. Repeat to unlock the meeting.
  • Suspend Participant Activities
    This will suspend all participants’ screen sharing, video, audio, and breakout rooms, and locks the meeting. Click Security, then the red Suspend Participant Activities link. However, depending on the specific functionality of the AI bot, doing this may have little or no effect on a bot’s function. Enable this if you want to immediately deprive the bot of content until you can remove it, but otherwise this step may be more disruptive to your meeting than helpful.

Find details about using these features in the list of security options at Zoom Security Features: Reduce the Odds of Zoombombing.

Keep in mind that after you’ve removed the unwanted AI bot from your meeting, you may wish to undo the “Suspend Participant Activities” feature, as it affects all attendees and will interfere with screen sharing and other common attendee activities.

Disable or Restrict Local Recording Permissions for the Meeting

Some AI bots use local recording to create meeting content for processing. Disabling local recording may block this step. 

If this is a concern, go to your Zoom account settings' Recording tab, and review the settings in the section labeled Record to computer files. Here, you can specify whether internal participants (logged into a Cornell Zoom account) or external participants (not logged in to a Cornell Zoom account) can request permission to record the meeting.

Uncheck the options for Auto approve their permission requests to prevent participants from having the ability to record your meetings without your knowledge or permission.

In addition, if you want to prevent participants from even being able to ask if they can record, uncheck either or both settings that allow Internal meeting participants or External meeting participants to request permission to record. 

''

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.