This session is a practical, grounded introduction to generative AI for startup founders and social-impact entrepreneurs. Whether you have experimented with AI tools daily or are still figuring out where to begin, the goal is the same: help you make informed, responsible decisions about how (and when) to bring AI into your work.

We will move through the landscape quickly, covering the real risks of generative AI, the intellectual property questions every founder should understand, the privacy and security concerns that apply even to free-tier tools, and a hands-on look at agents and retrieval-augmented generation. By the end, you will have a personal checklist for integrating AI safely and a set of tools you can explore right away.

The PDF slide handout is available here.

Before we talk about what AI can do for your startup, we need to talk honestly about where it breaks. Understanding failure modes is not about discouraging you; it is about giving you the judgment to spot problems before they reach your customers, investors, or partners.

Hallucinations
A hallucination is when a large language model generates content that sounds confident and plausible but is factually wrong or entirely fabricated. This is not a bug that will be patched away; it is a structural feature of how these models work. They predict the most likely next word in a sequence, which means they can construct fluent sentences about things that never happened, people who do not exist, or statistics that were never published.

Hallucinations fall into two broad categories. In a closed-domain scenario, the model fabricates information that was not present in the data source you provided; it invents details it should have pulled from your documents. In an open-domain scenario, the model generates false information without any input context, such as citing a nonexistent study or making up a quote during an open-ended conversation.

Strategies for Reducing Hallucinations
No single technique eliminates hallucinations, but several approaches reduce their frequency. Using newer, more advanced models helps because their training processes have improved factual grounding. Placing more supporting data in the model's working memory, through document uploads, web browsing, or Retrieval-Augmented Generation (we will cover RAG later in this session), gives the model real information to draw on instead of guessing. Self-consistency methods, where you generate several responses and select the one most consistent across attempts, can catch outliers. Chain-of-thought prompting, which asks the model to reason step by step, also improves accuracy, especially for multi-step problems. And models that spend more processing time during inference (using more "tokens" internally before answering) tend to produce more reliable outputs.

Context Windows and Knowledge Cutoffs
Think of a context window as the AI's short-term memory for one conversation. Every word you type, every document you upload, and every word the AI responds with counts toward a fixed token limit. When a conversation gets too long, the earliest parts quietly drop out of the model's awareness. This is why very long conversations can produce worse results than starting fresh. Different models, and even different versions of the same model, have different context window sizes.

Knowledge cutoffs are a related but different limitation. Every model is trained on data up to a specific date. Ask it about an event after that date and it will either say it does not know or, worse, hallucinate an answer. Tools with web search capabilities can partially bridge this gap, but you should always verify time-sensitive claims.

Sycophancy
Sycophancy is the model's tendency to agree with you even when you are wrong. If you present a flawed argument and ask for feedback, many models will compliment your reasoning instead of pointing out errors. This is especially dangerous in startup environments where founders may be seeking validation for a business plan or marketing strategy. The antidote is to explicitly ask the model to challenge your thinking (we will cover confidence-scoring prompts in the Three-Layer Defense section).

Intellectual property law was not designed with AI in mind, but it directly affects every piece of content your startup produces with AI assistance. This section covers what you need to know to protect your work and avoid infringing on others'.

Copyright and AI-Generated Content
Copyright protection, the legal right that prevents others from copying your creative work, is established the moment a human creates and "fixes" a work in a tangible form: writing it down, recording it, publishing it. Registration with the U.S. Copyright Office is not required for protection to exist, but it is required if you want to seek monetary damages per work in court. Copyright lasts for the life of the author plus 70 years (sometimes 50, depending on jurisdiction), after which the work enters the public domain.

Here is the critical point for AI users: copyright protection requires human authorship. The U.S. Copyright Office does not consider purely AI-generated works eligible for copyright. A January 2025 report from the Copyright Office confirmed this position, concluding that existing law can address AI-related questions without new legislation and that AI is a tool, not an author.

This means that if you use AI to generate marketing copy, internal reports, or training materials without significant human creative input, competitors could freely replicate that content because it has no copyright protection. The human-in-the-loop review step is therefore a business necessity, not just an ethical one.

When Can a Human Claim Copyright Over AI-Assisted Work?
The Copyright Office has outlined three paths where human involvement may establish authorship. First, if a human inputs their own copyrightable work into an AI system and that work remains clearly perceptible in the output, the human is the author of at least that portion (this creates a derivative work). Second, significant human modifications or creative arrangements of AI-generated output can establish authorship, provided there is a sufficient amount of human creativity. Third, highly detailed and iterative prompting, combined with other expressive elements, may in rare cases contribute toward a finding of human authorship. In all cases, the Copyright Office will annotate the registration to specify which portions are the product of human authorship.

Trademarks
Trademarks protect the symbols, names, phrases, shapes, and even color schemes that identify a brand. Think of Nike's "Just do it" or the distinctive brown used by UPS. Unlike copyright, trademarks must be renewed periodically to remain in force. For startups, the risk with AI is that a model might inadvertently generate text or visuals that incorporate someone else's trademarked phrase or brand element, and using it, even unknowingly, can create legal liability.

Patents
Patents protect inventions and processes, granting exclusive rights for a limited period (typically 15 to 20 years). After expiration, the invention enters the public domain. While patents are less immediately relevant to everyday AI content generation, patented processes or proprietary methods can surface in AI outputs, particularly in technical or scientific domains.

The Reuse Problem: Text, Images, and Logos
Large language models can inadvertently reuse published phrases, generate images resembling real people or copyrighted visual works, and produce logos that look strikingly similar to existing trademarks. You are liable for infringement even if you were unaware the content was copied. This makes a verification step essential for any AI-generated content that will be published, shared with clients, or used in branding.

General Guidance for Startups
Create internal audit trails so you can document how content was produced. Label anything that is AI-generated. Verify the authenticity of work created by vendors, freelancers, and third parties. Consider adopting C2PA (Coalition for Content Provenance and Authenticity) metadata standards; the ability to prove that a document or image was not manipulated by AI, or to document exactly how it was, is becoming a baseline security requirement.

The Acknowledgment Statement
When your team uses AI, good documentation practices include recording four elements: the tool identification (name and version of the AI, such as "ChatGPT-5.2"), the purpose (the role the AI played, such as "initial outline generation"), the extent of use (approximate proportion or specific sections impacted), and human oversight confirmation (that the output was reviewed, edited, and verified by a person).

When you type a prompt into an AI tool, your words leave your computer and travel to a remote server. For startups handling any sensitive information, from customer data to proprietary business plans, understanding where that data goes and who can see it is not optional. This section covers the threats you should know about and the practical steps to protect yourself.

Data Exfiltration
Data exfiltration is the unauthorized transfer of sensitive data from a secure environment to an unsecured or external location. In the context of AI tools, this can happen when a team member pastes confidential information (customer lists, financial projections, unreleased product details) into a free-tier AI chatbot. That data may be stored on the provider's servers, used for model training, or accessed by third parties, depending on the tool's terms of service.

Prompt Injection vs. Jailbreaking
These are two distinct types of attacks on AI systems, and both are relevant to startups that build products on top of AI models. Jailbreaking is when a user deliberately crafts a prompt to get the AI to bypass its own safety filters. For example, directly asking the AI to provide harmful instructions may be blocked, but framing the same request as a fictional scenario may slip past the filters.

Prompt injection is a more insidious threat. Instead of the user attacking the model, an external attacker embeds hidden instructions in content the AI is likely to process, such as a web page, an email, or a document. When the AI reads that content to answer a user's question, the hidden instructions silently activate, potentially changing the AI's behavior without the user's knowledge. Researchers have demonstrated this by hiding invisible, zero-point-font text in web pages that redirects AI assistants during live conversations.

Inbound Attack Vectors
AI-related security threats can reach your team through several channels: email (attachments or links containing injected prompts), SMS and text messages, audio (voice-based AI interactions), and visual content (images or documents with embedded instructions). Smart devices that use AI assistants add another layer of exposure. Thinking about which channels your startup uses regularly helps you identify where to focus your security practices.

Enterprise vs. Free Tier Data Protection
The data protection you get depends heavily on which tier of a tool you are using. On free tiers, providers like OpenAI may retain chat data for up to 30 days and may use conversations to train future models. Deleting a conversation from your account does not immediately erase it from backend systems. Similarly, consumer-grade Microsoft Copilot may use your data to help train generative AI models.

Enterprise tiers offer substantially stronger protections: data residency options in multiple regions, encryption at rest and in transit, contractual commitments that your data will not be used for model training, and compliance with regulations like GDPR. For startups that cannot yet afford enterprise plans, the most important immediate step is to disable model training in the settings of every AI tool your team uses.

How to Turn Off Model Training
Each major AI platform has a setting to prevent your conversations from being used to improve their models. For Anthropic Claude, disable "Help improve Claude" in your privacy settings. For Google Gemini, navigate to Activity, then "Turn off and delete activity." For OpenAI ChatGPT, go to Settings, then Data Controls, and turn off "Improve the model for everyone"; also turn off "Memory" under Personalization; and visit privacy.openai.com to select "Do not train on my content."

Not all AI models are the same, and choosing the right one for a given task is one of the most practical decisions you will make. This section maps the current landscape so you can navigate it with confidence.

Three Levels of AI Models
Today's AI models fall into three broad tiers, each suited to different kinds of work.

1. General-purpose models are the older, simpler generation. You give them explicit instructions, and they follow them to the best of their ability. Models like GPT-4o and GPT-4o-mini fall into this category. They are fast and cost-effective for straightforward tasks, but they require you to be precise in your prompts because they do not "think" before answering.
2. Reasoning models think before they respond. They run a long internal chain of thought, generating many tokens behind the scenes before producing an answer. Models like OpenAI's o1, o3-mini, Claude 3.7, DeepSeek R1, and Gemini 2.5 belong to this tier. They are better for complex, multi-step tasks (analysis, strategy, debugging) because they can catch errors in their own reasoning. The tradeoff: they use more processing time and are typically more expensive per query. A useful way to guide these models is to give them a goal rather than step-by-step instructions.
3. Agentic models are the newest tier. After receiving an initial prompt, they can work independently, sometimes for seconds, sometimes for hours, to complete multi-step tasks. They may browse the web, write and execute code, read and create files, and call other tools without waiting for your input at each step. We will see examples of agentic tools (Claude Cowork, OpenAI Codex) later in this session.

How You Can Access AI Models
There are several ways to use AI, each offering a different balance of convenience and control. The most familiar is a web app (a browser-based chat interface like ChatGPT or Claude). Beyond that, there are regular APIs for developers who want to integrate AI into their own products, dedicated APIs for higher-volume or customized use, and AI-as-a-Service platforms that bundle AI capabilities into ready-made tools. Many AI models are also now embedded into application integrations you may already use: Microsoft Office, Notion, Slack, and Zoom all have AI features built in.

Local LLMs: Running AI on Your Own Machine
If data privacy is a top priority (and for many social-impact startups, it should be), you can run open-source language models entirely on your own computer. Tools like GPT4All, LLaMA.cpp, and Ollama make this possible on macOS, Linux, and Windows. The models you can run locally (such as Meta's LLaMA or Mistral AI's models) are smaller than the cloud-based giants, but they keep your data completely under your control, with no information ever leaving your machine.

Using AI responsibly is not about a single checklist; it is about building habits at three stages of your workflow. Think of this framework as preparation, verification, and documentation, working together to catch problems before they reach your stakeholders.

Layer 1: Measure Twice, Cut Once (Preparation)
The first layer is about what you do before you press "send" on any AI interaction. It involves five practices:

• Think about what might go wrong. Before using AI for a task, ask yourself: Is generative AI the right approach here? What are the risks? Is my data safe? Do I need to copyright the output? If the AI hallucinates, will I be able to tell?

• Choose the right tool. This may be dictated by your organization's policy. Do not use Shadow AI (unauthorized tools outside your approved stack). Reasoning models generally outperform general-purpose models for complex tasks. Paid or enterprise tools typically have stronger data and security protections.

• Ground the model. Grounding means giving the AI specific data or context to anchor its responses. You can ground in data (the AI only answers from information you provide), ground in context (you include examples with your prompt), or ground via the web (the AI searches for current information not in its training data). Temperature settings also function as a form of grounding: low temperature produces more predictable, consistent outputs ("Be precise and consistent"), while high temperature produces more creative, varied results ("Be creative and generate diverse ideas"). sign your prompts carefully. Clear, specific prompts produce better results.

• Curate a repository of trusted prompts. When you find prompts that work well for recurring tasks, save them. A shared prompt library across your team ensures consistency and reduces the risk of poorly constructed prompts

Layer 2: Verification Protocols
The second layer is about checking the AI's work. Three practices anchor this layer:

• The three-source rule: cross-check any important AI output against at least three independent sources. Do not rely on the AI to fact-check itself.

• Human-in-the-loop checkpoints: identify specific points in your workflow where human review is mandatory, not optional. For a startup, this might be before any content goes to customers, investors, or the press.

• Confidence scoring: actively ask the AI to critique its own work. Example prompts include: "What would a harsh critic say is missing from this?" or "What are the top three ways this could be improved?" or "What are the three strongest arguments against this approach?" Then cross-reference facts, dates, definitions, and terminology against trusted knowledge bases to flag potential errors or inconsistencies.

Layer 3: Audit Trails (Documentation)
The third layer ensures you can prove what happened after the fact. This involves three practices: content tagging (labeling AI-generated or AI-assisted content in your files and systems), disclaimers and AI acknowledgments (using the acknowledgment statement format we discussed in the IP section), and metadata (embedding provenance information in your files, ideally using standards like C2PA).

Agentic AI is the most rapidly evolving area in the field, and it is where the practical power for startups is expanding fastest. This section introduces retrieval-augmented generation, walks through a real-world case study, and demonstrates two agentic tools you can start using today.

Retrieval-Augmented Generation (RAG)
RAG is a technique that enhances the accuracy and reliability of AI by giving the model access to specific external data sources when generating a response. Instead of relying solely on its training data (which may be outdated or incomplete), the model first retrieves relevant information from a database or document collection, then generates its answer grounded in that retrieved data. It is sometimes called "chat with documents."

To understand why RAG matters, think about the context window limitation. If you try to paste an entire database of documents into a single prompt, you will quickly exceed the model's working memory. RAG solves this by using a "similarity search" to find only the most relevant pieces of your data and feed just those into the prompt alongside your question. The model never needs to hold all your data at once; it just needs the right slices at the right time.

Two tools demonstrated in this session illustrate what agentic AI looks like in practice today.

Claude Cowork
Claude Cowork is an AI agent tool launched by Anthropic in early 2026. Built on the same agentic architecture as Claude Code (a developer tool), Cowork is designed for non-developers. It runs in the Claude Desktop app for macOS and Windows and can autonomously complete multi-step tasks by accessing files on your computer. You grant it access to a specific folder, and it can read, edit, create, and organize files within that folder.

In the session demo, Cowork was given the presentation slide deck and a detailed prompt describing a desired website. It read the PDF, studied the DePaul University website for design cues, and then built a complete, self-contained microsite, all from a single multi-part prompt. The resulting page was published live. Cowork can also organize research files into logical folder structures, rename files by topic and date, and generate presentation outlines with citations from source materials.

OpenAI Codex
OpenAI Codex is a similar agentic tool from OpenAI, capable of independently researching, building, and refining software and web projects from a natural-language prompt. In the session, Codex was used to produce a comparable microsite from the same source material, demonstrating that agentic capabilities are available across multiple platforms and that founders are not locked into a single provider.

These four free MOOCs (Massive Online Open Courses) are highly recommended for beginners:

1. Generative AI for Educators (Google)
2. Elements of AI
3. Building AI
4. Ethics of AI