Skip to content
PrivateAI
← Back to Home
Privacy Workflow

Private AI for Journalists: How to Use AI Tools Without Burning a Source

10 min read min readBy PrivateAI Team

The Short Answer

If you're a journalist using AI tools for research, transcription, or drafting, the rule is simple: anything that could identify a source or reveal the existence of a story before publication must never touch a cloud AI provider.

That means no pasting leaked documents into ChatGPT. No uploading source interview recordings to a cloud transcription service. No feeding a whistleblower's name, employer, or identifying details into any tool where a third party retains the input.

The fix isn't to avoid AI. It's to split your workflow: cloud tools for public research where nothing sensitive is exposed, and local, on-device tools for anything connected to a source, a document, or a story that hasn't run yet. This guide covers exactly where that line sits and what to use on each side of it.

Why This Isn't Theoretical

Reporter's privilege and shield laws protect journalists from being compelled to reveal sources in many jurisdictions — but that protection covers you, not the AI vendor holding your data. A subpoena, a data breach, or a routine law enforcement request to a cloud AI provider can expose exactly what shield laws were designed to prevent, and the journalist never gets a say.

This has already happened in adjacent contexts: cloud service providers have handed over user data in response to legal process, sometimes without notifying the account holder until after the fact. Most AI vendor terms of service reserve broad rights to retain prompts for "safety" and "abuse monitoring" — retention windows that can run well past your publication date, sitting on a server you don't control, discoverable by anyone who can compel the vendor.

The specific risks for reporters:

  • Prompt logging: Cloud AI providers typically retain your inputs for some period, even on paid tiers, unless you've specifically opted into a zero-retention agreement.
  • Training data inclusion: Free and consumer tiers often reserve the right to use your inputs for model training, meaning source-identifying details could theoretically resurface in later outputs.
  • Third-party legal process: A vendor can be compelled to produce your data even when you personally would be protected by shield law.
  • Metadata leakage: Uploading a recording or document doesn't just expose its content — file metadata, timestamps, and account activity logs create a paper trail connecting you to a source.

None of this requires a vendor acting in bad faith. It's simply what happens when sensitive information leaves your device and lives somewhere else.

Layer 1: What's Safe to Run in the Cloud

Not everything you do as a reporter is sensitive. Cloud AI tools are genuinely useful for the parts of the job that don't touch sources or unpublished material:

  • Background research on public figures, companies, or events already in the public record
  • Summarizing published reports, court filings that are already public, or government data releases
  • Fact-checking claims against publicly available sources
  • Drafting generic explainer language that doesn't reference your specific story

For this tier, Perplexity Pro is a strong fit. It's built for research with cited sources, which matters for verification — you can trace every claim back to where it came from, which is exactly the discipline good reporting already requires. Use it the way you'd use a library research desk: asking about the world in the abstract, never about your specific investigation, your source, or a document you're holding.

The test before you type anything into a cloud tool: if this prompt leaked publicly tomorrow, would it out my source, tip my story, or embarrass anyone I've promised confidentiality to? If the answer is anything but a clear no, it doesn't go in a cloud tool.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

A Working Stack for Investigative Reporting

Here's how these pieces fit together for an active investigation:

Public-record research: Perplexity Pro for anything already published — background on companies, people, and prior reporting. Ask about the world, never about your specific story.

Source communication: Proton Mail for any correspondence with a confidential source, with a separate Proton account created specifically for the investigation rather than your personal or work address. Set messages to auto-expire where the sensitivity warrants it.

Document storage: Leaked materials, interview recordings, and internal notes go into Tresorit or Proton Drive immediately — never sit unencrypted on your laptop's desktop or downloads folder, and never sync automatically to a personal cloud drive tied to your main account.

Transcription and analysis: Interview audio and document review happen through a local model (Ollama with Whisper for transcription, a local LLM for summarization and search) running entirely offline. Disconnect from Wi-Fi during the most sensitive sessions if you want to verify nothing is calling home.

Drafting: Early drafts referencing unconfirmed or source-sensitive material stay local. Once a section is scrubbed of anything identifying — verified, on-the-record, or public — it can move to whatever tools your newsroom's CMS requires.

Handoff to editors: Share via Tresorit's access-controlled links rather than email attachments, so you retain the ability to revoke access and see exactly who opened the file and when.

Six Questions to Ask Before Any AI Tool Touches Story Material

Before adding any AI tool to an active investigation, work through these:

  1. Where does inference happen? On your device, or on a vendor's server?
  2. Does the vendor retain your input, and for how long? Check the specific data retention policy, not just the marketing page.
  3. Does the free or standard tier train on your data? Many do by default; opting out is often a separate, buried setting.
  4. What's the vendor's legal process history? Do they challenge government data requests, or comply routinely?
  5. Would a subpoena to this vendor expose something a subpoena to you personally couldn't? If yes, that's the exposure shield laws don't cover.
  6. Is the document storage zero-knowledge encrypted, or just "encrypted in transit"? These are very different guarantees — the second still means the provider can read your files at rest.

If you can't answer one of these confidently, treat the tool as unsafe for source material until you can.

The Bigger Picture

AI tools are becoming standard equipment in newsrooms for research speed and document review at scale — that's not going away, and it shouldn't. The failure mode isn't using AI. It's using the same tool for a public records summary and a whistleblower's leaked internal memo, because the convenience of one workflow made the split feel unnecessary.

Keep the split. Cloud tools for the public half of the job. Local, encrypted, on-device tools for anything that could put a source at risk. The extra step of switching between the two is small compared to what's lost if it isn't there.

Last updated: 2026-07-03


Stay Ahead of the Source-Protection Curve

AI tooling and vendor data policies change faster than most newsroom guidance can track. If you want workflow recommendations tested specifically against source-protection standards — updated whenever a vendor's retention policy or legal posture shifts — the PrivateAI newsletter covers this directly.

No vendor promotion. No fluff. Just what changed and what it means for your reporting.

Subscribe below to get the next issue directly.


_Have a source-protection AI workflow you've tested in the field? Let us know — we test and publish practitioner-sourced stacks regularly._