Strategies to Block AI Bots from Zoom Sessions
This article applies to: Zoom
Background
As part of the rapidly growing expansion of AI technology, businesses have begun to offer services in which an AI “bot” might monitor, summarize, take images of, and/or record Zoom meetings for a user.
The presence of such AI services in Zoom meetings can not only be unwanted and distracting, but might also expose the data and personally identifiable information (PII) of the Cornell host and attendees. Without advance consent for the collection and recording of this information and contractual protections or restrictions on what the vendor is permitted to do with the data and PII collected, the activity of AI bots potentially violates important legal restrictions such as the Family Educational Rights and Privacy Act (known commonly by the acronym “FERPA”).
Prevent Unwanted AI Bot Presence in Zoom Sessions
When preventing unwanted AI bot access to Zoom sessions, consider strategies already developed for avoiding “Zoombombing” by unwanted or malicious human users. These strategies are outlined at Checklist: Keep Your Zoom Meeting Secure.
Below are several Zoom features to consider using when setting up Zoom meetings.
Require Attendees to Authenticate in Order to Join Zoom Meetings
Find details about this option at Require Authentication to Join Zoom Meetings.
In brief, Cornell Zoom meeting and webinar authentication options include:
- Cornell Users
If you have chosen to require authentication for your meeting, this is the default option. Using this setting restricts a meeting to users who sign in using Cornell’s Zoom website (https://cornell.zoom.us) using Cornell credentials. While this is a more restrictive setting, as it limits meetings to Cornell users, it is more secure. - Sign in to Zoom
This setting restricts the meeting to users who have signed in with any Zoom account, free or paid, Cornell or non-Cornell. This offers some protection but is much less secure than Cornell Users.
It is a good rule of thumb that unless you have a specific use case or an attendee who does not or cannot have a Zoom account, you should use one of these authentication options above to help prevent AI bot access to meetings.
Choose the option that best fits the profiles of your anticipated attendees – and strongly consider using the Cornell-only option if possible. Note that you can use one of the settings above and create an exception for specific users you choose – see Add Authentication Exceptions for more details.
Use the Zoom Waiting Room Feature
Find details about this option at Admit Zoom Attendees from a Waiting Room.
For added security, or when you need to host a meeting without any authentication restrictions, enable the Waiting Room, and then do not admit obvious bots or attendees that you don’t recognize.
Of course, the best protection for your Zoom meeting will come from using an authentication option and a waiting room in conjunction.
The AI bot industry is likely to become ever more sophisticated – in the future, versions may be available which are capable of basic Zoom sign in and authentication. This is an argument for developing the habit of using both authentication and waiting room options to help counter more sophisticated bots in the future.
Block Specific Vendor Domains Known to Host AI Bots
If you are concerned about AI bots joining meetings or webinars, you have the ability to block participants who have specific internet domains from joining. This feature can be used to block certain domains that are known to host AI bots.
To block users from a specific domain from joining meetings and webinars you host:
- Log in to the Cornell Zoom site.
- Select , then the tab.
- Under Security, scroll down to the setting .
- If the setting is enabled, the toggle will be to the right and colored blue.
- If the setting is disabled, enable it by clicking the toggle.
- In the text field, type the names of any domains that you want to block from joining meetings and webinars you host. If you are entering more than one domain, separate them with commas.
- Click .
Remove a Bot from a Zoom Meeting
Should a bot manage to join a meeting despite security settings, use the same options to remove it as you would for an unwanted human attendee. These actions include:
- Remove a Participant from a Zoom Meeting or Webinar
Click , click beside the unwanted bot user, then click . - Lock Your Session
This prevents additional users from joining. Click , then click . Repeat to unlock the meeting. - Suspend Participant Activities
This will suspend all participants’ screen sharing, video, audio, and breakout rooms, and locks the meeting. Click , then the red link.
Find details about using these features in the list of security options at Zoom Security Features: Reduce the Odds of Zoombombing.
Comments?
To share feedback about this page or request support, log in with your NetID