Sự bùng nổ của AI làm gia tăng nguy cơ rò rỉ dữ liệu cá nhân – Chongluadao.vn

The rapid development of artificial intelligence in recent years has opened up a series of conveniences for life, work and entertainment. However, it also comes with potential risks regarding data security that most users do not realize. As AI infiltrates every online activity — from work, study to entertainment — personal data is being collected, exploited and abused at an unprecedented rate.

Here are the main reasons why AI becomes a “catalyst” that increases the risk of personal data leaks:

Article table of contents hide

1. AI-based attack techniques are becoming increasingly sophisticated

2. Misusing entertainment AI apps and accidentally providing biometric data

3. Relying on AI chatbots and accidentally revealing too much information

4. AI collects data beyond users' control

AI-based attack techniques are becoming increasingly sophisticated

The explosion of AI also brings with it the danger of cybercrime as these advanced tools are being “weaponization”" serving criminal purposes:

AI helps analyze entire data warehouses in minutes.
Deepfake AI tool creates fake videos/voices that are indistinguishable to the naked eye.
AI helps criminals collect information from open source code (OSINT) many times faster.
Malicious AI tools help generate malware, write personalized phishing emails, or automate attacks based on user behavior.

Reports from Trend Micro and IBM Security show that AI has helped hackers shorten 70% attack time and increase accuracy in predicting targets.

Misusing entertainment AI apps and accidentally providing biometric data

The trends of “creating photos, creating videos with AI” — like effects winter snow, face transformation, classical portrait simulation, or face transplant onto famous people — is attracting millions of participants.

But behind some fun operations is users providing biometric data themselves including:

face photo,
eye-nose-mouth structure,
expression,
head movement and facial angle,
voice (with voice generation applications).

Facial data is immutable — exposed once, lost forever. And in the hands of cybercriminals, it can be used to create deepfakes, unlock biometrics, or impersonate people in financial transactions.

With the development of AI today, when facial data is widely collected, criminals can completely:

create deepfake videos that look like real people 90–99%,
fake video call with identical face,
Voice + face fusion to scam money transfers, loans, or defame reputation.

The time it takes to create a deepfake is now just a few seconds thanks to the new generation AI model.

Relying on AI chatbots and accidentally revealing too much information

Unlike traditional search engines (like Google Search), large language models (LLMs) and AI applications typically work on the following mechanism: Collect input data to back-train the system.

In work and study, many people are gradually getting used to:

send internal documents,
provide personal information,
enter notes, private conversations,
describe habits, preferences, consumer behavior,

into chatbots like ChatGPT, Claude, Gemini or AI assistants in office applications.

The problem lies in this:

Users have no control over what AI stores,
not knowing how much data was used to train the model,
and have no right to permanently delete once uploaded to the server.

Recent cybersecurity reports from Cloudflare, Kaspersky, Microsoft… also point to a sharp increase in internal data leaks originating from employees uploading documents to AI chatbots without permission.

AI collects data beyond users' control

In reality, personal data is collected not only by what users actively provide, but also by countless systems, devices, and applications using machine learning algorithms that operate silently behind the scenes. This creates an environment where users have almost no control over the extent of data collected.

Today, AI is everywhere from browsers, phones, smart TVs, security cameras, home IoT devices, to cars — most of which use AI or machine learning to:

record behavior and usage habits,
track search and browsing history,
voice analysis through microphone,
read the content displayed on the screen,
locate and move,
Optimize personal experiences based on accumulated data.

This “ubiquity” means that it is difficult for users to know specifically which devices are collecting what data, when it is collected, and for what purpose.

Many AI tools, especially mobile apps, not only collect data that users upload (photos, voice, text), but also take:

device information,
GPS location,
contacts,
linked social network data,
cookies and browsing history,
system information and background activity.

The more convenient AI is, the less users will care about access. Just one time allow camera access, grant read permission to photo library, connect to account Google/Facebook, for example, are applications that can harvest large amounts of data that cannot be retrieved. All of what they collect is compiled into a detailed “user profile” — an extremely valuable data point for cybercriminals.

Users are increasingly in the dark about their own data. But the biggest problem lies in:

Data collection sources are opaque and difficult to trace.
The privacy policy is dozens of pages long.
Default mechanism “maximum collection – user is responsible if consent”
Psychology of clicking “Continue / Allow / Agree” to quickly use the service

Result: AI knows more about users than they know themselves, from the level of intimacy in relationships to spending habits.

This opens up a serious risk: when the data is leaked or sold to third parties, cybercriminals can use this “AI profile” to personalize scams, target attacks, and create extremely convincing fake scenarios.

So how to protect personal data in this era of AI explosion?

AI is becoming a weapon of cybercriminals Data security in the AI era