The AI Meeting Bot That Spreads Without Your Permission

You joined a Zoom call. Someone else in the meeting was using an AI notetaker. Now that same AI bot is showing up in your meetings, meetings you organized, meetings where nobody consented to being recorded.

You didn't sign up for anything. You didn't install anything. But the bot is there, and it won't go away.

This is happening to people right now. IT support queues at companies of all sizes are filling up with a new kind of ticket: "How do I remove this AI meeting bot that I never asked for?"

How AI notetakers spread

Here's the mechanism. You attend a meeting. Another participant has an AI notetaker running, something like Otter.ai, Fireflies.ai, or Read.ai. After the meeting, the service emails all attendees a summary and a link to "see the full transcript."

You click the link. Or maybe you don't click it but the service still has your email. Either way, the service now knows who you are and has access to your calendar through the meeting metadata.

If you click and authenticate with Google or Microsoft to see the transcript, you've just granted the service OAuth access to your account. That access lets it read your calendar. Which means it can show up to future meetings you're invited to.

The result: you joined one call. You now have an AI notetaker in every meeting you attend going forward, and you have no idea how it got there or how to remove it.

IT professionals have started calling these things worms. One security engineer put it this way: "These are the new viruses, I swear. Once they latch on to your account, they take part in everything they can and spread to other meeting attendees."

The consent problem nobody talks about

When a bot joins your meeting, who consented to that?

The person who installed the notetaker did. The other eleven people in the meeting did not. They may not even realize they're being recorded, depending on how the bot presents itself in the participant list.

Recording consent laws vary by state. In California, Florida, and ten other states, all parties must consent before a conversation can be recorded. In most states, only one party needs to consent. But "one-party consent" means one party to the conversation consented. A bot that was invited by one participant may not satisfy that requirement, especially if participants weren't notified.

The person running the notetaker may have clicked through a terms of service that claims to handle consent on their behalf. Whether that actually satisfies consent requirements in your jurisdiction is a different question, one most people don't ask until there's a problem.

For professionals in law, medicine, finance, or therapy, the stakes are higher. Client confidentiality and privilege attach to those conversations. A third-party service recording and storing the audio changes the picture significantly.

What's happening to the recordings

When an AI notetaker records your meeting, the audio goes somewhere. Usually to the service's cloud infrastructure, processed by their systems, and stored for some period.

Most services store your transcripts indefinitely on their servers unless you manually delete them. Some retain audio for model training purposes, though policies vary. The company can access your recordings. Their support team can access your recordings. If they're breached, the attacker can access your recordings.

The person who installed the notetaker might assume their data is their own business. But the recordings contain what everyone in the meeting said. Every attendee's words are now sitting on a server they have no relationship with and no control over.

One IT manager summed it up: "I don't allow AI notetakers into meetings at all, especially where technical jargon or price quoting is the topic." That instinct is correct.

How to find and remove these connections

If you think an AI notetaker has attached itself to your calendar, here's where to look.

For Google accounts: Go to myaccount.google.com, then Security, then Third-party apps with account access. Look for any meeting or transcription apps you don't recognize. Revoke their access.

For Microsoft accounts: Go to myapplications.microsoft.com and check which apps have access. In corporate environments, your IT team may need to do this through the Entra ID admin console, as users don't always have the ability to revoke app permissions themselves.

For Zoom: Sign into the Zoom web portal, go to Profile, then App Marketplace, and check installed apps.

After revoking access, contact the service directly and request deletion of any recordings or transcripts they have on file. Some services make this straightforward. Others don't.

The structural problem

The spreading behavior of cloud meeting tools isn't really a bug. It's how these businesses grow. Your data is shared across attendees. Those attendees become leads. Leads become users. Users invite the bot to more meetings, which generates more leads.

From a business perspective, it makes sense. From a privacy perspective, it means your meetings are raw material for someone else's growth engine, whether you agreed to that or not.

Some services have made this behavior more aggressive over time, not less. Fireflies changed their behavior recently in a way that frustrated even existing customers who had recommended the product. The incentives don't point toward restraint.

Local transcription doesn't have this problem

A transcription tool that runs entirely on your Mac can't spread to other people's accounts. It doesn't connect to your calendar. It doesn't email your meeting attendees. It doesn't know who else was in the call. It processes audio locally and produces a text file.

Nothing goes to a server. There's no account to be compromised, no third party storing your recordings, no growth loop that treats your attendees as acquisition targets.

The audio is discarded after transcription. The transcript stays on your machine, under your control, accessible only to you.

That's the difference between a tool that works for you and a platform that works for itself.

Join the MeetingVault waitlist and get founding member pricing when we launch.