Independent AI risk research

Know where your business data goes when you use AI.

Plain-English vendor ratings, breach analysis, and guidance for small businesses. We rate the AI tools you actually use — tier by tier — and cite primary sources for every claim.

See the AI Tool Risk Directory →
What is AI leakage?

29

AI tools rated

Per‑tier

rated by plan, never averaged

Cited

primary sources, dated on every profile

Krebs on Security meets Money Saving Expert for AI risk. We rate vendors honestly; commercial relationships are disclosed openly. Every vendor profile carries a verification date and cites primary sources.

Start here

If you have not yet read our definition of the term, What is AI leakage? covers the three categories (user error, vendor breach, attack surface) with worked examples from the canonical incidents of 2023-2026: Samsung, EchoLeak, CamoLeak, ForcedLeak, the Replit SaaStr database deletion, and the Otter.ai class action.

The Vendor Database

29 vendor profiles covering the AI tools that small businesses actually use. Each profile follows the same 12-section schema: risk rating, training defaults, retention, jurisdiction, breach history, and three honest takeaways for SMB owners.

Browse all vendor profiles →

By category

Direct AI Tools

12 profiles

ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, Grok, GitHub Copilot, Cursor, Replit, Jasper, Midjourney, ElevenLabs

Embedded Productivity AI

8 profiles

Slack AI, Notion AI, Zoom AI Companion, Asana AI, Linear AI, Granola, Otter.ai, Fathom

Vertical SaaS AI

9 profiles

Intercom Fin, Zendesk AI, Salesforce Einstein/Agentforce, HubSpot AI (Breeze), Shopify Magic, Canva Magic Studio, Adobe Firefly, Grammarly, Xero/JAX

What we cover that other sites don’t

  • SMB-shaped recommendations. The privacy press tends to focus on either consumer privacy or enterprise compliance. AI Leakage is written for the 1-to-10 employee business segment. Recommendations are sized for that scale.
  • Tier-specific risk ratings. Many AI tools have materially different privacy postures between consumer and enterprise tiers. We rate each tier honestly rather than averaging.
  • Active litigation tracking. Several vendors in the database are defending class actions affecting their core products as of mid-2026 (Otter.ai, Perplexity, Midjourney). We track these with specific case numbers, judges, and hearing dates.
  • NZ-relevant context. The site is operated from New Zealand. NZ Privacy Act 2020 considerations and NZ-relevant vendors (Xero JAX) get explicit treatment.

How this site uses AI

AI Leakage uses Claude (Anthropic) in its content workflow. We disclose this on every relevant page. The Anthropic vendor profile applies a deliberate counter-correction to avoid favourable bias. Full disclosure here.

Editorial principles

  • Independence of verdicts. No vendor pays for a favourable rating. Where commercial relationships exist (affiliate, sponsored evaluation, MSP licensing), they are disclosed openly on the affected page.
  • Every factual claim sourced. Every cited URL verified on the date shown at the top of each profile.
  • If our recommendation is uncomfortable, we make it anyway.

Full methodology including the risk rating scale, the 12-section profile schema, and the commercial relationships we will and won’t accept is on the Methodology page. Current affiliate relationships are listed on the Affiliate Disclosure page.

For MSPs and IT consultancies

Managed service providers and IT consultancies who want to use our vendor database, policy templates, or audit methodology with their own SMB clients can license that material. See For MSPs.

Get in touch

Corrections, tips, vendor disclosures, research collaboration: hello@aileakage.com or use the contact page. We respond to factual corrections within five business days.