Zero Trust and AI Notetakers: What Every Business Owner Should Know
June 29, 2026
Zero trust is a security framework built on a straightforward principle: no user, device, or application receives access by default. Every request is verified. Every tool is evaluated. Nothing is assumed safe simply because it is already in use inside your organization.
Most businesses apply zero trust thinking to their networks and user accounts. Very few apply it to the productivity tools their employees bring into meetings every day.
AI notetakers are third-party applications. They request access to your calendar, your audio stream, and in many cases your contacts and email. They transmit sensitive conversations to external servers and retain data under terms that most organizations have never reviewed. By any zero trust standard, they require the same vendor scrutiny as any other application requesting access to your environment.
Two Categories of AI Recording Tools
AI meeting recorders fall into two distinct categories, and understanding the difference is foundational to assessing risk.
Cloud-Based Meeting Bots
Tools such as Otter.ai, Fireflies.ai, Read AI, and Fathom connect to your calendar, join meetings as a named participant, and record audio on third-party servers. Transcripts and summaries are generated and stored under the vendor's terms of service. Most default to maximum data collection unless enterprise-level controls are explicitly configured. This is the same pattern that drives shadow AI risk across organizations: tools deployed without governance, running under terms no one reviewed.
Dedicated Hardware Recorders
Devices such as the PLAUD NOTE, PLAUD NotePin, and HiDock P1 capture audio locally without joining the meeting as a participant. No bot appears in the participant list. No calendar integration triggers automatically. This architecture allows for local processing, bypassing cloud retention policies entirely and enabling stricter data sovereignty.
The risk profile of each category is meaningfully different, but neither eliminates the obligation to evaluate the vendor relationship carefully.
What Is at Stake: The Contents of a Single Transcript
Before evaluating any specific tool, consider the sensitivity of what is being protected. A single meeting transcript can contain any of the following:
- Customer financial information
- Passwords or credentials shared verbally during troubleshooting
- API keys read aloud during a system handoff
- Active security incident details
- Merger, acquisition, or strategic planning discussions
- Employee performance or HR information
- Protected health information subject to HIPAA
- Controlled Unclassified Information (CUI)
- Export-controlled technical data
This is not a worst-case scenario. It is an accurate representation of what moves through ordinary business conversations. One transcript, stored on a vendor's infrastructure under standard terms, could contain all of it.
Not All Meetings Carry the Same Risk
Zero trust principles require applying controls proportional to the sensitivity of the data being protected. Data classification applies to conversations, not just files. Organizations should establish clear policies about which meeting types are appropriate for AI recording before deploying any tool.
| Meeting Type | AI Notetaker Appropriate? |
|---|---|
| Internal operational meetings | Generally yes, with disclosure |
| External client or partner meetings | Evaluate; obtain consent from all parties |
| HR, legal, or compliance discussions | Generally no |
| Strategic, financial, or M&A discussions | Generally no |
A policy that treats all meetings identically is not a governance framework. It is the absence of one.
Every AI Notetaker Is a Vendor Relationship
Deploying an AI notetaker is not enabling a product feature. It is onboarding a vendor with direct access to your organization's conversations. That relationship carries all of the due diligence obligations of any third-party access grant. A cybersecurity risk assessment is the right starting point for organizations that have not formally evaluated the tools already running in their environment.
Questions to Ask Before Deploying Any AI Recording Tool
- SOC 2 Type II certification: Has an independent auditor verified that the vendor's security controls meet established standards for data handling, confidentiality, and availability? This is the baseline for evaluating a cloud service provider. STACK Cybersecurity holds SOC 2 Type II certification, which informs how we evaluate every vendor we recommend to the organizations we support.
- Encryption: Is data encrypted in transit and at rest?
- SSO and MFA support: Does the platform enforce single sign-on and multi-factor authentication? Unmanaged account access is an unmanaged risk.
- Data residency: Where are recordings and transcripts stored geographically? Cross-border data transfers carry regulatory implications, particularly for organizations subject to GDPR or operating in defense or healthcare environments.
- Zero data retention options: Can the vendor process your data without retaining it on their infrastructure?
- Customer-controlled deletion: Can your organization delete data on demand and receive documented confirmation that it has been purged from all systems, including backups?
- Subprocessor disclosure: Every AI notetaker vendor relies on subprocessors — cloud infrastructure providers, AI model hosts, and third-party analytics services that touch your data as part of the product pipeline. Agreeing to a vendor's terms of service means implicitly agreeing to the data practices of every company in that chain. Request the subprocessor list and review it before deployment.
Platform Comparison: Security and Privacy at a Glance
Important: Privacy policies, HIPAA offerings, and AI training practices change frequently. Review current vendor documentation before making deployment decisions.
| Tool | SOC 2 | HIPAA Support | AI Training on Customer Data | Joins Meeting as Participant | Local Recording Option |
|---|---|---|---|---|---|
| Microsoft Teams Copilot | ✔ | Available with Microsoft 365 compliance controls | Customer data not used to train foundation models | ✘ | ✘ |
| Zoom AI Companion | ✔ | Available for eligible Zoom Healthcare plans | Customer audio/video not used to train OpenAI or Anthropic models | ✘ | ✘ |
| Google Meet AI Notes (Gemini) | ✔ | Available under Google Workspace and BAA | Workspace data not used to train foundation models by default | ✘ | ✘ |
| Fireflies.ai | ✔ | Available on Enterprise plans | Customer-controlled; review current privacy policy | ✔ | ✘ |
| Otter.ai | ✔ | Not marketed as HIPAA-compliant for general use | Review current privacy policy and workspace settings | ✔ | ✘ |
| Read AI | ✔ | No public HIPAA offering | Review current privacy policy | ✔ | ✘ |
| Fathom | ✔ | Available for qualifying organizations | States customer meeting content is not used to train AI models | ✔ | ✘ |
| Avoma | ✔ | Available on Enterprise | Review current privacy policy | ✔ | ✘ |
| Grain | ✔ | Available on Enterprise | Review current privacy policy | ✔ | ✘ |
| MeetGeek | ✔ | Enterprise healthcare options available | Review current privacy policy | ✔ | ✘ |
| Sembly AI | ✔ | Enterprise healthcare support | Review current privacy policy | ✔ | ✘ |
| Granola | ✔ | No public HIPAA offering | States notes remain local before optional cloud sync | ✘ | ✔ |
| Jamie AI | ✔ | No public HIPAA offering | Processes recordings locally before cloud AI processing | ✘ | ✔ |
| PLAUD NOTE | Not publicly advertised | ✘ | Review current privacy policy | ✘ | ✔ |
| PLAUD NotePin | Not publicly advertised | ✘ | Review current privacy policy | ✘ | ✔ |
| Pocket AI Recorder | Varies by product | ✘ | Review current privacy policy | ✘ | ✔ |
Active Litigation
A proposed class action filed against Otter.ai in August 2025 alleges its tool records conversations without the consent of all participants and uses that data to train its AI models (Fisher Phillips, 2025). The Fireflies.ai lawsuit filed in Illinois alleges the tool records and stores the unique vocal characteristics of every meeting participant, including people who never created an account and never consented to its terms of service, in potential violation of the Illinois Biometric Information Privacy Act (Meetily, 2026). Both cases are pending. No final rulings have been issued.
A Note on iFLYTEK
The iFLYTEK Smart Recorder advertises fully offline transcription, which offers genuine data sovereignty advantages at the hardware level. However, in October 2019, the U.S. Department of Commerce added iFLYTEK to its Entity List, citing its role in enabling mass surveillance and human rights abuses against Uyghur and other Muslim minority groups in Xinjiang, China (Davis Wright Tremaine, 2019). iFLYTEK is a partially state-owned company with China Mobile as its largest shareholder, backed by multiple state-owned investment funds (Wikipedia, 2024). Organizations operating under U.S. government contracts or in regulated industries should evaluate that exposure carefully before deploying the device.
Risk by Tool Category
Not all recording tools carry the same risk profile. The table below compares the three primary categories against key zero trust criteria. Individual products within each category vary, but the architectural differences are consistent.
| Risk Category | Cloud Meeting Bot | Local Desktop App | Hardware Recorder |
|---|---|---|---|
| Third-party vendor access | High | Medium | Low |
| Appears in participant list | Yes | No | No |
| Local recording possible | No | Sometimes | Yes |
| Cloud dependency | High | Medium | Low |
| AI model training concerns | Varies | Varies | Low |
| Data sovereignty | Low | Medium | High |
| IT visibility and governance | High | Low | Very low |
Cloud meeting bots offer the most IT visibility and are the most governable through enterprise controls, but they carry the highest vendor access and data sovereignty risk. Local desktop apps and hardware recorders reduce third-party exposure but introduce a different governance challenge: they are significantly harder for IT to detect, monitor, and manage. A hardware recorder on a conference table is nearly invisible to your security stack.
Zero trust does not favor one category over another by default. It requires that whichever category your organization permits, the tool is evaluated, approved, and governed before it enters your environment. Read more about how STACK applies zero trust architecture to protect business environments.
The Recorder Hears Everyone, Not Just Your Team
When an AI notetaker joins a meeting, it does not record only your employees. It captures every participant: customers, prospects, vendors, outside legal counsel, consultants, government contacts, and partners. Those organizations did not select your AI vendor and did not agree to its terms of service.
Consent Laws Vary by State
Twelve U.S. states require all-party consent before a conversation may be recorded (Meetily, 2026). In one-party consent states, only the person initiating the recording must be aware. In all-party consent states, every participant must consent.
| Consent Requirement | States |
|---|---|
| All-party consent required | California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Washington |
| One-party consent | All remaining U.S. states and Washington D.C. |
Even in a one-party consent state, recording a client conversation without their knowledge constitutes a trust violation that can carry significant relationship and reputational consequences, independent of legal exposure. Consent is not only a legal standard. It is a professional standard.
Attorney-Client Privilege
Attorney-client privilege is protected only when communications remain confidential. Allowing a notetaker vendor to access or use a transcript for its own purposes could provide grounds for waiving that privilege (Smith Anderson, 2025). Organizations that routinely include outside legal counsel in recorded meetings should review this exposure directly with their attorneys before continuing that practice.
"These tools also present serious risks to attorney-client privilege and confidentiality."
American Bar Association, 2025
Identity and Access Risk
The risk embedded in AI transcripts extends well beyond the content of what was said. Modern transcription tools identify speakers by name, associate job titles and departments from calendar metadata, log email addresses from meeting invitations, and attribute action items to specific individuals.
Over time, a library of meeting transcripts becomes a detailed organizational directory: reporting structures, project assignments, system access responsibilities, and approval authorities. That is precisely the information that social engineering and business email compromise attacks are built on. A targeted campaign becomes significantly more effective when the attacker already knows who approves wire transfers, who manages vendor accounts, and who holds administrative system credentials.
A transcript library stored under inadequate vendor security controls is not only a privacy liability. It is a direct component of your organization's attack surface. This connects directly to the broader pattern of ungoverned AI tool use creating exposure that IT and security teams cannot see or contain.
NIST SP 800-171 and CMMC Implications
For organizations that handle Controlled Unclassified Information (CUI) or are working toward CMMC certification, AI notetakers introduce specific compliance considerations under NIST SP 800-171. The following controls are directly implicated by AI meeting assistant use.
| Control | Requirement | AI Notetaker Considerations |
|---|---|---|
| 3.1.1 | Limit system access to authorized users | Who can access meeting transcripts? Are permissions role-based? |
| 3.1.2 | Limit transactions and functions | Can users download, share, or export transcripts? |
| 3.1.3 | Control information flow | Are transcripts shared externally or synced to unauthorized applications? |
| 3.1.5 | Least privilege | Do all employees need access to every meeting transcript? |
| 3.1.20 | External connections | Has the AI service been approved as an external information system? |
| 3.3.1 | Audit logging | Are transcript access and downloads logged? |
| 3.4.1 | Configuration management | Are AI notetakers approved and managed by IT? |
| 3.5.3 | Multifactor authentication | Is MFA required for access to the AI platform? |
| 3.8.1 | Media protection | Where are recordings and transcripts stored? |
| 3.8.3 | Sanitize media | Can recordings and transcripts be securely deleted? |
| 3.13.8 | Protect CUI in transit | Are recordings and transcripts encrypted during transmission? |
| 3.13.11 | Cryptographic protection | Is sensitive meeting data encrypted at rest? |
| 3.14.1 | Identify and manage risk | Has the organization assessed the risks of AI meeting assistants? |
If your organization is subject to CMMC requirements, use of an unapproved AI notetaker in a meeting where CUI is discussed may constitute a compliance gap requiring remediation. STACK Cybersecurity is a CMMC Registered Practitioner Organization (RPO) and can help you assess how AI tool use intersects with your compliance obligations.
Applying Zero Trust: What to Do Now
Zero trust governance for AI recording tools is a set of organizational decisions, not a product purchase. The following practices establish a defensible posture:
- Classify meetings before deploying tools. Determine which conversation types should never be recorded by any method. Document that policy and enforce it consistently.
- Apply vendor due diligence before deployment. Evaluate SOC 2 certification, encryption standards, SSO and MFA enforcement, data residency, retention terms, deletion rights, and subprocessor transparency.
- Do not rely on default configurations. Most tools default to maximum data collection. Enterprise agreements with explicit data processing terms provide materially stronger protections.
- Obtain consent from all participants before every recorded meeting. This applies to internal and external attendees alike, regardless of your state's minimum legal requirement.
- Govern transcripts as sensitive data assets. Apply the same access controls, retention schedules, and deletion procedures you apply to other sensitive organizational data.
- Account for identity data, not only conversation content. The organizational intelligence embedded in a transcript library is an active component of your attack surface.
Evaluate Your AI Tool Risk with STACK
The tools your employees are using in meetings today may already be creating vendor risk, consent exposure, and data governance gaps your organization has not yet addressed. Zero trust means asking those questions before access is granted, not after an incident occurs.
STACK Cybersecurity helps organizations evaluate third-party AI tools and build governance frameworks grounded in zero trust principles. Contact us to schedule a conversation, or start with a Cybersecurity Risk Assessment to identify where gaps exist in your current environment.