Skip to main content

Cornell University

Strategies to Block AI Bots from Zoom Sessions

This article applies to: Zoom

On This Page

Background

Zoom logo with two silly robot graphics

As part of the rapidly growing expansion of AI technology, businesses have begun to offer services in which an AI “bot” might monitor, summarize, take images of, and/or record Zoom meetings for a user.

The presence of such AI services in Zoom meetings can not only be unwanted and distracting, but might also expose the data and personally identifiable information (PII) of the Cornell host and attendees. Without advance consent for the collection and recording of this information and contractual protections or restrictions on what the vendor is permitted to do with the data and PII collected, the activity of AI bots potentially violates important legal restrictions such as the Family Educational Rights and Privacy Act (known commonly by the acronym “FERPA”).

Prevent Unwanted AI Bot Presence in Zoom Sessions

When preventing unwanted AI bot access to Zoom sessions, consider strategies already developed for avoiding “Zoombombing” by unwanted or malicious human users. These strategies are outlined at Checklist: Keep Your Zoom Meeting Secure.

Below are several Zoom features to consider using when setting up Zoom meetings.

Require Attendees to Authenticate in Order to Join Zoom Meetings

Find details about this option at Require Authentication to Join Zoom Meetings

In brief, Cornell Zoom meeting and webinar authentication options include:

  • Cornell Users
    If you have chosen to require authentication for your meeting, this is the default option. Using this setting restricts a meeting to users who sign in using Cornell’s Zoom website (https://cornell.zoom.us) using Cornell credentials. While this is a more restrictive setting, as it limits meetings to Cornell users, it is more secure.
  • Sign in to Zoom
    This setting restricts the meeting to users who have signed in with any Zoom account, free or paid, Cornell or non-Cornell. This offers some protection but is much less secure than Cornell Users.

It is a good rule of thumb that unless you have a specific use case or an attendee who does not or cannot have a Zoom account, you should use one of these authentication options above to help prevent AI bot access to meetings.

Choose the option that best fits the profiles of your anticipated attendees – and strongly consider using the Cornell-only option if possible. Note that you can use one of the settings above and create an exception for specific users you choose – see Add Authentication Exceptions for more details.

Use the Zoom Waiting Room Feature

Find details about this option at Admit Zoom Attendees from a Waiting Room.

For added security, or when you need to host a meeting without any authentication restrictions, enable the Waiting Room, and then do not admit obvious bots or attendees that you don’t recognize.

Of course, the best protection for your Zoom meeting will come from using an authentication option and a waiting room in conjunction.

The AI bot industry is likely to become ever more sophisticated – in the future, versions may be available which are capable of basic Zoom sign in and authentication. This is an argument for developing the habit of using both authentication and waiting room options to help counter more sophisticated bots in the future.

Block Specific Vendor Domains Known to Host AI Bots

If you are concerned about AI bots joining meetings or webinars, you have the ability to block participants who have specific internet domains from joining. This feature can be used to block certain domains that are known to host AI bots. 

To block users from a specific domain from joining meetings and webinars you host:

  1. Log in to the Cornell Zoom site.
  2. Select Settings, then the Meeting tab.
  3. Under Security, scroll down to the setting Block users in specific domains from joining meetings and webinars
    • If the setting is enabled, the toggle will be to the right and colored blue.
    • If the setting is disabled, enable it by clicking the toggle. 
  4. In the text field, type the names of any domains that you want to block from joining meetings and webinars you host. If you are entering more than one domain, separate them with commas.
  5. Click Save.
Be aware that blocking domains with this feature will block any participant with that domain from joining meetings and webinars, not just AI bots.

Remove a Bot from a Zoom Meeting

Should a bot manage to join a meeting despite security settings, use the same options to remove it as you would for an unwanted human attendee. These actions include:

  • Remove a Participant from a Zoom Meeting or Webinar
    Click Participants, click More beside the unwanted bot user, then click Remove.
  • Lock Your Session
    This prevents additional users from joining. Click Security, then click Lock Meeting. Repeat to unlock the meeting.
  • Suspend Participant Activities
    This will suspend all participants’ screen sharing, video, audio, and breakout rooms, and locks the meeting. Click Security, then the red Suspend Participant Activities link.

Find details about using these features in the list of security options at Zoom Security Features: Reduce the Odds of Zoombombing.

Keep in mind that after you’ve removed the unwanted AI bot from your meeting, you may wish to undo the “Suspend Participant Activities” feature, as it affects all attendees and will interfere with screen sharing and other common attendee activities.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.