Bryan "B" Kemler
Bryan “B” Kemler
Family Security · Artificial Intelligence · Contra Costa County, California
← Writing

Family security

What ChatGPT Already Knows About You

A quiet demonstration for working professionals

By Bryan “B” Kemler · Invalid Date

There is a short exercise I like to walk people through. I ask them to take out their phone, open whichever AI assistant they trust, and type a single prompt:

“Tell me everything you can find out about [their own full name and city].”

What comes back is rarely what they expect. Sometimes it is mundane — a few professional bios, a paragraph from a published article, the address of the office. Sometimes it is uncanny — a chronology of where they went to school, where they have worked, the names of their children, the make of the car they were photographed beside at a charity gala in 2019. Sometimes it includes things they had forgotten existed. A volunteer board position from a decade ago. A quoted comment in a newspaper. A podcast appearance their daughter set up.

I do this not to alarm anyone but to relocate a conversation that has been stuck in the marketing department for fifteen years. Being findable online used to be primarily a marketing question. It is now also a security question. Both are still true. The trade has shifted.

What changed

For most of the internet’s history, the people who could synthesize information about a stranger were either professionals — researchers, investigators, journalists — or were willing to spend hours assembling fragments. The barrier was not access. Most of what those professionals found was public. The barrier was the time required to pull it together coherently.

Large language models removed the time barrier. A request that would once have taken a private investigator an afternoon now takes a chatbot fourteen seconds. The fragments have not changed. Their accessibility has.

For a professional with any visible body of work — an attorney with a website bio, a physician with a hospital affiliation, a financial advisor with a LinkedIn profile, a board member with a press release in their past — the synthesis is detailed enough to be uncomfortable. Names of partners. Names of children. Approximate net worth, estimated from public salary surveys and zip code. Schedules deducible from past speaking engagements. Recent moves, deducible from public real estate records.

None of this is illegal to assemble. None of it requires breaking any privacy law. All of it is already available to anyone willing to ask the right question.

How this is being used against working professionals

The most common attack pattern I’m seeing now — and the one families with significant assets should plan against — is AI-tailored spear-phishing.

The classic spear-phishing email of ten years ago was crude. It misspelled your name. It used a generic pretext (“urgent invoice attached”). It came from an address that, if you looked, was obviously wrong. Most professionals had learned to ignore it.

The AI-tailored version looks like this: an email arrives from a colleague’s name and a domain that matches their firm’s domain except for one character. It references a meeting you actually attended last month. It mentions a case or transaction by a name you would recognize. It asks for a small, plausible favor — please forward this document, please review this draft, please confirm the wire instructions we discussed. The tone is exactly right. The colleague’s voice is exactly right, because an AI read three years of their public writing before composing the email.

Most professionals who see this email do not catch it. The reason is not carelessness. The reason is that the email is well-written, contextually plausible, and uses the same conversational cadence as the colleague it is impersonating. The defense is no longer pattern-matching against bad grammar. The defense is procedural.

What to actually do

I work with families on something I call a Digital Perimeter Audit — a few hours of work. The full audit goes deep, but the four highest-leverage actions are short enough to list here, for free.

One: separate your personal and professional digital footprints

On firm bios and professional pages, list a professional phone number and email, not a personal one. Many attorneys and physicians still list a direct cell that doubles as their personal line. That number is now in every scraped dataset, attached to your name and your firm. Move it.

Two: harden the spouse and minor-child layer

The most common path into a high-net-worth professional’s digital life is through a less-defended family member. Your spouse’s Facebook is often the soft entry point — a few well-meaning posts about a trip, a renovation, a college acceptance, become the raw material for the spear-phishing email. The fix is not to ask your spouse to disappear from the internet. The fix is to walk through their privacy settings together with someone who knows the current landscape, and to align the family on what does and does not get posted.

Three: stop verifying urgent requests over email

Build the habit: any email requesting a wire transfer, a password reset, a change to vendor banking information, or a sudden favor at an unusual hour gets verified by phone, on a number you already have stored — not the number in the email’s signature. This single discipline blocks most of what AI-tailored phishing is currently optimized to do.

Four: assume your voice and image are public

Anything you say in a recorded podcast, a video conference that gets shared, a publicly streamed event, or a long voicemail to a colleague is now training data for voice cloning. This is not paranoia; it is the current state of consumer-grade software. The defense is the Verified Family Code I’ve written about separately — a spoken phrase your family agrees on, never written, used to verify any urgent voice call claiming to be a family member.

Why this matters now

The families who most need a digital perimeter are, more and more, the same families who have quietly built something worth protecting — the professional households of the East Bay: judges, partners, surgeons, founders, retired executives, owners of operating businesses, whose digital exposure has grown faster than their defenses.

That gap is the reason I came back to work after I thought I was done. Businesses and corporations get help preparing for a new generation of AI — tools that are very good at hacking — while almost no one was offering that help at the family level. The documents in your safe protect what you own. A digital perimeter protects how it gets stolen. Increasingly, those are the same conversation.

The shape of the threat has changed. The defense, mostly, has not: know what’s exposed, close the easy doors, and slow down the one moment — the urgent request, late at night — that the whole attack is built around.