Two stories this week highlight how quickly convenience can turn into privacy nightmares. One involves a major security service that’s now tracking users more aggressively. The other shows how AI productivity tools can quietly leak your company data.

Cloudflare Turnstile Goes Full Surveillance

Cloudflare’s Turnstile — the “privacy-friendly” alternative to reCAPTCHA — now requires WebGL fingerprinting to work. This means it’s collecting detailed information about your graphics card, browser, and system configuration to identify you.

The irony is thick. Cloudflare marketed Turnstile as the privacy-respecting choice. Now it’s doing exactly what privacy advocates criticized Google for: building detailed user profiles through supposedly innocent security checks.

For your business: If you’re using Turnstile thinking it’s the “good” option, you’re still serving user data to a third party. Your customers who care about privacy will notice. Consider whether the convenience is worth the trade-off, especially if you’re in regulated industries.

ChatGPT for Google Sheets Leaks Your Data

Security researchers found that the popular “ChatGPT for Google Sheets” extension can exfiltrate entire workbooks to external servers. The extension, used by thousands of businesses, sends spreadsheet contents to third-party APIs without clear disclosure.

This isn’t theoretical. The researchers demonstrated actual data extraction from real business spreadsheets. Financial data, customer lists, internal metrics — all potentially exposed.

The real problem: Most companies install these AI productivity tools without proper vetting. IT sees “helps with spreadsheets” and clicks approve. Meanwhile, sensitive business data flows to unknown endpoints.

This connects directly to what we see building custom AI agents at Artemis Lab. Companies often want the convenience of plug-and-play AI tools but need the control of custom solutions. When you build your own AI workflows, you control where data goes and who sees it.

The Pattern That Matters

Both stories show the same issue: convenience tools that seem helpful but create new attack surfaces. Cloudflare’s fingerprinting makes users more trackable. Google Sheets AI extensions make business data more exposed.

The solution isn’t avoiding AI tools entirely. It’s being intentional about which ones you use and how you deploy them. For mission-critical workflows with sensitive data, custom AI agents running on your own infrastructure beat third-party extensions every time.

You get the productivity gains without the privacy trade-offs. Your data stays in your cloud environment. You control the AI models and their behavior. It’s more work upfront but eliminates the ongoing risk of someone else’s security decisions affecting your business.