Skip to main content

Cornell University

IT@Cornell

File Sharing in the Age of AI

As AI tools integrate with day-to-day applications, it makes sense to take extra care when you share files.  

This article applies to: Artificial Intelligence (AI) , Box , Cornell Google Workspace for Faculty and Staff , Cornell Google Workspace for Students , File Storage at Cornell , GenAI at Cornell , Microsoft 365 Copilot Chat , Microsoft Document Storage , Office 365 Productivity Bundle , OneDrive , SharePoint

NOTE: Microsoft 365 Copilot is currently under review and not yet available at Cornell. However, a file you save today may be visible when more AI tools become available to campus. Take time to understand how the sharing settings you apply now have the potential to expose your files later.

File Sharing Basics

Share responsibly! 

You can't control what someone does with your documents or data when you give them access either deliberately or accidentally.

Online file storage, and online file sharing, are two tools that make our modern workflow possible. Whether you work from home, share huge data sets with colleagues across campus, or need to send critical information at 2am for your final group project, you need remote access to files.

Whenever you share your content, you set permission levels on the files or folders in question. The various online storage services offered at Cornell allow you to share with specific people, everyone at Cornell, or anyone with the link.

If you need to share information with a large group, or if you're pressed for time, it's undeniably easier to use the everyone with the link or everyone at Cornell permission setting. Bear in mind that those choices can expose your information to the world, or to current (and future) AI tools. 

In addition to controlling who has access to a file, you also control what they can do with it. In general, if you assign "View Only" access to a file, you will prevent it from migrating to places you don't intend it to.

Remember, a file's privacy decreases the more access you give to it.

Sharing Options and Potential AI Exposure

AI tools tend to stay in their own ecosystem; Microsoft 365 Copilot searches the Microsoft environment (OneDrive, Sharepoint, etc.), Gemini will search Google Workspace (and so on).

  • Low AI Exposure

    Sharing is very limited: only a few people have the link or file. In this case public AI tools cannot access the data (assuming that it is properly stored on a Cornell site). Your sharing options may include one of the following terms:

    • Invited people only
    • One or a few selected individuals
    • People you choose
    • Restricted

  • Moderate AI Exposure

    Sharing is moderately limited: a group or large number of people have access to the file. Public AI tools cannot access the files (assuming that it is properly stored on a Cornell site). AI tools like Microsoft 365 Copilot may be able to see inside the file. Your sharing options may include one of the following terms:

    • People with existing access
    • Share with a Group
    • People with the link
    • Anyone with the link
    • Remember, a file's privacy decreases the more access you give to it.

  • High AI Exposure

    Sharing is not limited: Public AI tools may be able to access the files. AI tools like Microsoft 365 Copilot will probably be able to see inside the file. Your sharing options may include one of the following terms:

    • Everyone Except External Users
    • People in Cornell
    • People in your company
    • Cornell
    • Remember, a file's privacy decreases the more access you give to it.

Copilot Pro (The Personal Version of Microsoft 365 Copilot)

If you use Copilot Pro with your personal Microsoft account, your Microsoft-integrated version of Copilot cannot view and respond to prompts about Cornell-secured files, including:

  • People with the link
  • People in your company
  • Invited people only

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.