The AI connector access audit
Connected AI can search files, inboxes, calendars, CRMs, finance tools, and project systems. Before you rely on it, make a simple access inventory.
AI assistants are getting more useful because they can reach more of your work. OpenAI's connector documentation describes ChatGPT working with sources like Drive, GitHub, SharePoint, Gmail, Calendar, and Contacts, including synced connectors and automatic use for some Google apps. Google Workspace is adding AI Inbox and more conversational features across Gmail, Docs, and Keep. Anthropic's Claude for Small Business brings Claude into tools such as QuickBooks, PayPal, HubSpot, Canva, Docusign, Google Workspace, and Microsoft 365.
That is powerful, but it changes the question from "what can this model answer?" to "what can this assistant see?" The practical habit is to keep a connector access audit: a short inventory of every app AI can access, what it may use automatically, and what stays off-limits.
The skill
A connector access audit is not a security policy. It is a working checklist for everyday AI use. It helps you avoid surprise context, overbroad searches, and accidental exposure of private information.
AI connector access audit
Assistant:
{ChatGPT, Claude, Gemini, workspace agent, internal tool}
Connected apps:
- {app or system}
What it can read:
- {files, emails, calendar events, contacts, CRM records, tickets, invoices}
Automatic use:
- Yes / No / Unsure
Proactive or scheduled access:
- Yes / No / Unsure
Sensitive areas:
- {finance, HR, legal, customer data, personal inbox, private folders}
Allowed use cases:
- {specific tasks this connector is approved for}
Off-limits:
- {sources or actions the AI should not use}
Review date:
{when to re-check settings}A worked example: connected calendar and inbox
Imagine an assistant can reference Gmail, Calendar, and Contacts. That can be useful for meeting prep and follow-ups. It can also mix personal context into work tasks if the boundaries are vague.
Assistant:
ChatGPT
Connected apps:
- Gmail
- Google Calendar
- Google Contacts
What it can read:
- Recent email threads
- Calendar events
- Contact names and details
Automatic use:
- Enabled for everyday chat: check settings
Proactive or scheduled access:
- Disabled unless explicitly needed
Sensitive areas:
- Personal messages
- Client contract negotiations
- HR or compensation threads
- Private travel plans
Allowed use cases:
- Meeting prep
- Drafting follow-up emails
- Finding scheduling context
- Summarizing project threads I name explicitly
Off-limits:
- Do not search entire inbox by default
- Do not use personal messages for work drafts
- Do not send, invite, forward, or update calendar events without approval
Review date:
First Monday of each monthThe prompt
Use this before asking a connected AI assistant for help:
Before answering, use this connector boundary.
Task:
{what I want}
Allowed connectors:
{apps or sources AI may use}
Allowed scope:
{folders, accounts, projects, date ranges, labels, or records}
Do not use:
{private folders, personal inbox, unrelated clients, old archives, HR/legal/finance areas}
If you need a connector outside the allowed list, ask first.
If you are unsure whether a source is allowed, ask first.
In your answer, list:
1. Which connectors you used
2. Which sources or records were referenced
3. Anything you could not access
4. Any action that needs approval before it changes a systemThe review checklist
- List every connector. Do not rely on memory; check the assistant's settings.
- Mark automatic use. Some tools can use connected sources without you selecting them every time.
- Separate read from act. Reading context is different from sending, updating, deleting, or scheduling.
- Define sensitive zones. Finance, HR, legal, personal inboxes, and customer records need narrower rules.
- Set a review date. Re-check settings when tools update or new connectors are added.
Why it works
Connected AI is at its best when it has the right context and only the right context. Too little access makes it generic. Too much access makes it hard to trust and harder to review.
The access audit gives you a map. Once you know what the assistant can see, you can write sharper prompts, reduce accidental context, and keep approval gates around anything that changes a real system.