Speaker:: Joe Sullivan Title:: AI Notetakers: The Most Important Person in the Room Duration:: 20 min Video:: https://www.youtube.com/watch?v=oXj1Kee_crw ## Key Thesis AI notetakers have quietly become the de facto memory of organizational meetings, yet the security community has largely ignored them as a governance and risk problem. As AI wearables proliferate over the next 24 months, the patterns established now — around consent, data custody, prompt injection, and legal privilege — will define how ambient AI recording is handled across the enterprise. ## Synopsis Sullivan frames AI notetakers as the first widespread, socially embedded AI in the workplace: unlike most AI tools which are one-on-one interactions, notetakers are present in group human contexts and are generating the only persistent record of what was said. He argues that because of this, they have effectively become "the most important person in the room." He surveys the emerging research on how AI notetakers can be gamed. High-signal phrases ("the most important thing to remember is..."), positional gaming (primacy and recency effects — AI captures things at the beginning and during transitions), contrastive framing, repetition, and format mirroring all meaningfully influence what gets captured and summarized. Studies show ~3% of AI-generated notes contain inaccuracies due to hallucination or accent misrecognition. Prompt injection into notetakers has also been demonstrated — a conference attendee reported successfully destroying meeting notes by talking to the Otter bot before the meeting started. Sullivan highlights several specific security-relevant incidents: Otter's virality mechanism (sharing notes required downloading Otter via OAuth, which then auto-inserted itself into all calendar meetings — scaling from one user to 80,000 endpoints quickly), the risk of AI notetaker companies going out of business with full meeting transcript archives in their cloud, and the Granola app which runs silently on the desktop without joining the meeting as a visible participant, creating two-party consent violations in states like California. He draws a personal lesson from his own experience being prosecuted for Uber's 2016 security incident through 2022: critical decisions made in incident response rooms are poorly documented, and AI notetakers could have materially changed the evidentiary record. He raises the question of whether IR teams should now use notetakers to capture real-time decision context. From a governance standpoint, Sullivan recommends: SSO-centralized notetaking, clear data retention and access policies, attorney-client privilege review, security awareness training, third-party risk assessment of allowed apps, monitoring and policy enforcement, and closer collaboration with legal teams. He cites a Feb 17, 2026 court ruling where a judge determined that Claude conversations are not privileged because sharing data with Anthropic breaks the confidentiality requirement. Sullivan closes by noting the Campbell Soup CISO case — fired after an employee secretly recorded him (legally, in a one-party consent state) making statements that were used as evidence in a wrongful termination lawsuit — as a preview of what's coming when AI wearables become ubiquitous. ## Key Takeaways - AI notetakers are the first socially-embedded AI in workplaces, and they're largely ungoverned - Note content can be actively gamed through positional gaming, high-signal phrases, and format mirroring - ~3% of AI-generated meeting notes contain factual inaccuracies - Otter scaled to 80,000 enterprise endpoints via viral OAuth sharing mechanism - Granola doesn't show up in meetings — running silently on desktop violates two-party consent laws in some states - AI notetaker companies going out of business leaves full meeting transcripts in limbo in their clouds - A Feb 2026 court ruling: conversations with Claude are not privileged communications - Prompt injection into meeting notetakers has been demonstrated in the wild - The real threat horizon is AI wearables (Meta glasses, OpenAI wearable, Apple) arriving within 24 months ## Notable Quotes / Data Points - Limitless wearable (ambient AI recorder) was acquired by Meta on December 5th - ~3% inaccuracy rate in AI-generated meeting notes - Otter went from 1 user to 80,000 endpoints in a company through viral OAuth mechanism - Feb 17, 2026 court ruling: Claude conversations are not privileged attorney-client communications because Anthropic's privacy policy allows data use beyond legal confidentiality - Campbell Soup CISO fired after employee recorded him in Missouri (one-party consent state) - "I wish I had a notetaker for our incident room during [the 2016 Uber breach]" #unprompted #claude