AI notetaking bots like Otter.ai, Read.ai, Fireflies.ai, and Fathom can join your Zoom meetings automatically, often without your knowledge. They do this by connecting to a participant's calendar, scraping the meeting link, and auto-joining as a separate account. Once in, they transcribe the audio in real time and store it on a third-party server, under that service's own terms of service and privacy policy.
In plain terms: allowing a participant to bring one of these bots into your meeting is the same as allowing them to record it, except the recording goes directly to someone else's platform, outside of your control. To make matters worse, meeting hosts often won't even know who the bot belongs to or which participant's account it is linked to. The bot simply sits there in the participant list, as a separate attendee.
For meetings that involve confidential, legally privileged, or otherwise sensitive information, that is a serious problem. And because no single setting in Zoom blocks every AI transcriber, a layered approach is the only reliable solution to keep them out of the room.
Here is how to set it up.
Step 1: Block third-party domains
This prevents AI assistant accounts from joining at the account level, before they ever reach your meeting.
- Sign in to your Zoom Web Portal.
- Go to Settings > Meeting > Security.
- Turn on the toggle labeled "Block users in specific domains from joining meetings and webinars."
- Click the pencil icon and add the domains you want to block, separated by commas. Known AI notetaker domains include: otter.ai, read.ai, fireflies.ai, fathom.video.
- Click Save.
This list requires manual maintenance. New AI transcription tools appear regularly, so review it periodically and add domains as needed.
Step 2: Disable third-party apps
Domain blocking alone is not enough. A participant can still invite a bot through the Zoom App Marketplace. To close that door:
- Sign in to the Zoom App Marketplace as an administrator.
- Click Manage in the upper right corner, then select Admin App Management > Apps on Account.
- Find any third-party transcription apps and click Manage App to disable or remove them.
- To enforce this organization-wide, uncheck the option that allows users to install unapproved apps.
Step 3: Enforce the Waiting Room
If a bot slips through, for example, because it joined from a calendar invite before your domain block was in place, the Waiting Room is your safety net.
- Enable the Waiting Room in your meeting security settings.
- Before admitting anyone, review the waiting room list.
- Look for names like "Otter.ai Meeting Assistant" or "Read.ai Bot," or any participant that does not correspond to an actual person you are expecting.
- Do not admit them.
Step 4: Remove bots already in the meeting
If a bot has already joined, you can remove it manually.
- Open the Participants panel.
- Find the bot's name, click the More button (the three dots) next to it, and click Remove.
One critical caveat: once a bot has been in the meeting, anything it already transcribed may not be retrievable or deletable from that service's servers. That is why the Waiting Room matters so much. Removing a bot after 20 minutes of sensitive discussion does not undo those 20 minutes.
When AI transcription is fine and when it is not
These tools exist for legitimate reasons. Internal team meetings, study sessions, training calls: in many contexts a transcript is useful and uncontroversial. The issue is not the technology itself but the lack of visibility and consent. A bot that joins without announcement is a problem not just for privacy but for basic trust.
As a meeting participant, it also makes sense to scan the list of participants to identify any bots and report them to the host as needed for removal when appropriate, as they are easy to miss in very large meetings.
The practical rule is simple: everyone in the meeting should know a bot is present, what it records, and where that data goes. If that transparency is not there, the controls above exist for exactly that reason.
