Security Best Practices
Security best practices help you use AI Employees safely and prevent unintended data sharing or accidental changes. Following these practices protects your workspace and your team's information.
Principle of Least Privilege
What It Means
Only give AI Employees access to what they actually need. Don't share connections or skills with more people or AI Employees than necessary.
How to Apply It
Share connections only with the AI Employees that actually use them
Don't make a connection public to your entire team if only one AI Employee needs it
Keep skills private by default — only share them with people who need to use them
If you have a private Gmail connection, don't share it with every AI Employee
Why It Matters
The fewer people and AI Employees that have access to something, the lower the risk of accidental misuse or data leakage.
Example: You have a private Gmail connection for your personal inbox. You only share this connection with Alfred (your Executive Assistant). You don't share it with Millie or Spec because they don't need access to your personal emails.
Review Trigger Rules Regularly
What It Means
Periodically check the triggers you've set up to make sure they're still working as intended.
How to Apply It
Once a month, review all the autonomous skills you've set up
Check that each trigger is still needed and still makes sense
Make sure the skill is running at the right time or on the right event
Remove skills that are no longer needed
Why It Matters
Triggers can drift over time. A skill that made sense three months ago might not be relevant anymore. Regular reviews prevent unnecessary skills from running and wasting resources.
Example: You set up Millie to send a project status update every Friday at 5 PM. Three months later, your team structure changed and you no longer manage that project. You review your triggers and remove this skill.
Monitor Audit Logs
What It Means
Periodically check the logs that show what AI Employees have done.
How to Apply It
Check the skill run history to see what actions were performed
Look for any errors or unexpected behavior
Review who set up each skill and when
Look for any failed actions that might indicate problems
Why It Matters
Audit logs help you catch problems early. If a skill starts failing or behaving unexpectedly, you'll see it in the logs and can fix it before it causes bigger issues.
Example: You notice that a skill that usually runs every Monday has failed for the last two weeks. You check the audit log and see that the Gmail connection expired. You reconnect Gmail and the skill starts working again.
Revoke Unused Connections
What It Means
Delete connections you're no longer using.
How to Apply It
Periodically review your list of connections
If you're no longer using a connection, revoke it
If a connection is shared with people who no longer need it, unshare it
If an AI Employee no longer uses a connection, remove access
Why It Matters
Unused connections are a security risk. If someone gains unauthorized access to your account, they could use old connections to access services you no longer use. Revoking unused connections reduces this risk.
Example: You used to use Salesforce but switched to HubSpot. You revoke the Salesforce connection so it can't be used even if someone gains access to your account.
Test Before Automating
What It Means
Test a skill manually first before setting it up to run automatically.
How to Apply It
Create a skill and run it manually a few times to make sure it works
Check that the output looks correct
Make sure the skill doesn't do anything unexpected
Only then set up the automatic trigger
Why It Matters
Testing catches configuration errors before they cause problems. If a skill has a bug, you want to catch it when you're manually running it, not when it's running automatically in the background.
Example: You create a skill to automatically update CRM records after sales meetings. Before setting it to run automatically, you run it manually three times to make sure it's updating the right fields with the right data. Once you're confident it works, you set up the automatic trigger.
Document Your Setup
What It Means
Keep notes on what each skill does, why you set it up, and how it's configured.
How to Apply It
Write down the name and purpose of each skill
Document what trigger causes it to run
Note which connections it uses
Write down who set it up and when
Keep notes on any changes you make to the skill
Why It Matters
Documentation helps with troubleshooting and team handoffs. If something goes wrong, you can refer to your notes to understand what the skill is supposed to do. If someone else needs to take over managing the skill, they can read your documentation.
Example: You have a skill called "Weekly Project Update." Your documentation says: "This skill runs every Friday at 5 PM. It checks all projects in the Sales workspace and sends a summary to the #sales-updates Slack channel. It uses the company Slack connection. Sarah set it up on March 15, 2025."
Data Leakage Prevention
What It Means
Understand how context isolation works and make sure you're not accidentally sharing information with people who shouldn't see it.
How to Apply It
Remember that AI Employees run under the context of the person who set them up (in autonomous mode)
If you set up a skill, it can only access what YOU can access
If you share a skill with your team, they can run it, but it still runs under YOUR permissions
Don't set up skills that access sensitive data if you're going to share the skill with people who shouldn't see that data
Why It Matters
Context isolation is a safety feature, but it only works if you understand it. If you set up a skill that accesses sensitive data and then share the skill with your whole team, the skill will still only access what you can access (not what they can access). This prevents accidental data leakage.
Example: You have access to the Executive Team's private workspace. You set up a skill to summarize decisions from Executive Team meetings. You don't share this skill with your whole team because it would run under your permissions and could access the Executive Team's private workspace. Instead, you only share it with other executives.
Understand Permission Boundaries
What It Means
Know what permissions the AI Employee has and what it can and cannot do.
How to Apply It
Check the role of the person whose context the skill runs under (Admin or Member)
Remember that AI Employees cannot do anything that person cannot do
Don't expect an AI Employee to perform Admin-only actions if it's running under a Member's context
If you need an AI Employee to perform an action, make sure the context user has permission to do it
Why It Matters
Understanding permission boundaries prevents frustration. If a skill fails because of permissions, you'll know it's because the context user doesn't have the right role, and you can fix it by upgrading their role or changing the skill.
Example: You set up a skill to delete completed projects. But you're a Member (not an Admin), so the skill can't delete projects. You either upgrade yourself to Admin or change the skill to archive projects instead (which Members can do).
Be Careful With Shared Connections
What It Means
Be thoughtful about which connections you share and with whom.
How to Apply It
Before sharing a connection, think about who needs it and why
Remember that anyone with access to a connection can use it fully
If you share a Gmail connection, anyone with access can send emails from that account
If you share a Salesforce connection, anyone with access can update Salesforce records
Why It Matters
Shared connections are powerful but risky. If you share a connection too broadly, people might use it in ways you didn't intend.
Example: You have a company Gmail account that you use for customer outreach. You share this connection with Spec (your Researcher) so he can send cold emails. You don't share it with other AI Employees because they don't need it. You also don't share it with your entire team because you want to control who sends emails from this account.
Last updated
Was this helpful?