Key Points

• AI is increasingly tied to identity verification, from CAPTCHAs and biometrics to KYC-style checks and reverse tests that distinguish humans from machines.
• Agentic AI is widening privacy risk by moving personal data across email, cloud, endpoints, and SaaS tools with limited human oversight.
• AI training data markets are turning voice, calls, photos, texts, and video into licensed inputs, often under opaque terms and limited downstream visibility.
• Security failures and weak governance remain part of the privacy picture, with exposed call recordings, transcripts, and phone numbers showing how quickly training-data systems can fail.
• Privacy law is being stressed by AI scraping, model training, erasure requests, and bystander data, especially where removal from trained systems is technically difficult.
• Several services shift legal and operational risk onto users while seeking deep permissions for screen recording, account access, and third-party data ingestion.