I’ve seen a lot of government screwups in my forty years covering the beat, but this latest report out of Ontario is a doozy. We talk about artificial intelligence like it’s the second coming, but apparently, nobody bothered to lock the front door. Auditor General Shelley Spence dropped a bombshell Tuesday: thousands of public servants have been feeding sensitive personal data into unsecured AI tools. It’s a mess.
The Great Data Dump
Between April and August 2025, about 12,000 Ontario government employees accessed roughly 400 AI websites. That alone isn't the problem; the problem is that 60 percent of those sites were flagged as unsafe or unsecured by Microsoft Defender. We aren't talking about employees asking a chatbot to write a poem. We are talking about them uploading health card numbers, driver’s licenses, and credit card information.
The Ministry of Public and Business Service Delivery apparently “did not have consistently effective processes and procedures” to ensure AI was used safely. That is bureaucratic speak for “we let the horse out of the barn and then realized we never built a fence.”
“When OPS staff use publicly available GenAI [generative AI] websites, there is a risk that these websites can retain and use the data or any personal or sensitive information entered by staff to train the sites’ large language model software,” the report says.
When AI Hallucinates
It gets worse. It isn't just data privacy; it's reliability. The auditor general looked at “AI Scribe,” software used by healthcare professionals to summarize patient visits. You would think medical software would be held to a higher standard. You would be wrong.
In testing, nine of 20 approved systems fabricated information and suggested treatments that were never discussed. Twelve recorded the wrong medication. Seventeen missed important mental health details. That is negligence wrapped in innovation.
“Inaccuracies in medical notes generated by AI Scribe systems could potentially result in inadequate or harmful treatment plans that may potentially impact patient health outcomes,” the report warns.
The Freelancer's Dilemma
You might read this and think, “I’m not the government, so this doesn't apply to me.” That is a dangerous assumption. If you are a freelancer, you are handling the same kind of sensitive data—contracts, invoices, maybe even client credit card numbers. The Ontario government moved faster than its safeguards, and they have a whole IT department. You probably don't.
You cannot just dump your financial life into a random, unsecured browser window. You need tools that are built for the job, tools that respect the confidentiality of your work. This is where a dedicated assistant like Invoice Gini actually makes sense. It is designed specifically for finance, meaning you can generate professional PDFs and track payments without worrying that your data is being scraped to train some public model.
Bottom Line
Ontario has moved aggressively to adopt AI, but they forgot the basics of cybersecurity. Only one generative AI tool is officially approved for government use: Microsoft Copilot. Yet, it accounted for just six percent of usage. The other 94 percent was a free-for-all.
Don't be like the Ontario government. Don't sacrifice security for convenience. Use the right tools for the job, keep your data secure, and for heaven's sake, stop uploading driver's licenses to random websites.
Source: Thousands of Ontario government staff using unsecured AI, watchdog finds