Nobody trained you on AI.

One day the discovery system updated and suddenly it’s “AI-powered.” The ILS vendor mentioned “machine learning” in release notes. Administration sent an email about “exciting new AI features.”

Then patrons started asking questions. And you’re expected to have answers.

(Meanwhile, your privacy policy might be lying about how AI is using patron data.)

Here’s the training you should have gotten.

Is Our Library Using AI? (How to Find Out)

Most library staff don’t know which systems use AI. Here’s your checklist:

Systems that probably use AI:

  • Discovery systems with “smart search” or “recommended for you” (EBSCO Discovery, Primo, Summon, WorldCat Discovery) - Learns from search patterns to rank results
  • Chatbots or “Ask a Librarian” virtual assistants - Answers common questions automatically
  • ILS systems with “predictive analytics” (Sierra, Koha, Alma) - Predicts circulation, suggests weeding
  • Digital collections with auto-tagging or OCR - Auto-generates subject tags, searchable text
  • Self-checkout with recommendations - Suggests similar items

How to confirm (ask IT/admin):

“I’m getting patron questions about AI in our library systems. Can you confirm which systems use AI or machine learning, and what data they collect? I need this to answer patron privacy questions accurately.”

If they don’t know:

“Should I reach out to [Vendor Name] directly to ask? Patrons have privacy concerns and I want to give accurate answers.”

Emergency cheat sheet (print this):

If you don’t know and need to answer RIGHT NOW:

“That’s a great question. I don’t have the technical details on hand, but I can find out for you. Can I take your email and get back to you with specifics? Or if you’d like, I can connect you with our IT staff who can explain exactly how the system works.”

Then actually follow up.

Patron FAQ – Copy-Paste Answers

Q: “Is my library data being used to train AI?”

“Some of our systems use AI to improve search results and recommendations, but they’re trained on anonymized usage patterns—not your personal data. Your checkout history and personal information are protected by library privacy policies. If you want specifics about a particular system, I can find out for you.”

Q: “Is this chatbot safe to use?”

“Yes, it’s safe for general questions like ‘What are your hours?’ or ‘How do I renew a book?’ But avoid entering personal information like your library card number or address—use your library account page for that instead.”

Red flag: If the chatbot is asking for library card numbers, passwords, or personal info, escalate to IT immediately.

Q: “Can AI see my search history?”

“Our search system may use anonymized search patterns to improve results for everyone, but it’s not tracking you personally. Your search history in your library account is private and only you can see it. We don’t share that with AI companies.”

If that’s NOT true: Don’t lie. Say:

“Let me get you accurate information about that. I want to make sure I give you the right answer. Can I connect you with [IT/Director]?”

Q: “Can you guarantee my data isn’t being used for AI training?”

“I can guarantee the library isn’t selling your data to AI companies. Some of our vendors may use anonymized usage patterns, but we don’t control that directly—they’re third-party systems. If you want specific details about a vendor’s AI practices, I can help you request that information.”

Don’t promise what you can’t deliver.

Red Flags – When to Escalate

You’re the eyes and ears. Here’s when to alert your supervisor/IT:

  • Patron says the AI gave them incorrect or dangerous information - Document what happened (screenshot if possible) and report immediately
  • AI is asking for sensitive information - Do NOT enter anything. Report to IT immediately.
  • Patron receives email claiming to be from library about “AI update” or “verify your account” - This is likely phishing. Tell patron NOT to click links.
  • System behavior is weird or different than yesterday - Report to IT. Could be a sign of system compromise.
  • Multiple patrons ask the same concerned question - Escalate to management: “We’re getting repeated questions about [X]. Can we get patron-facing talking points?”

Emergency Procedures (Print This)

If systems go down:

  1. Don’t panic (not your fault)
  2. Alert supervisor/IT immediately
  3. Post signage: “Our computer systems are temporarily offline. We’re working to restore service.”
  4. Switch to manual mode (ask supervisor for emergency procedures)
  5. Document everything (what time, what doesn’t work, what patrons are asking for)

If you suspect a security incident (ransomware, locked computers, strange file extensions):

DO:

  • Call supervisor/IT IMMEDIATELY
  • Disconnect computers from network if instructed
  • Take photos of ransom messages (with your phone)
  • Write down what you saw and when

DON’T:

  • Try to “fix it” yourself
  • Click on anything
  • Enter passwords into suspicious login screens
  • Post about it on social media

Basic Phishing Recognition

Red flags in emails:

  • Urgent language (“Your account will be closed!”)
  • Grammar/spelling errors
  • Suspicious sender (hover over email—does it match the claimed company?)
  • Generic greetings (“Dear user”)
  • Requests for passwords/personal info

Real example (library-targeted phishing):

“Subject: URGENT: Library system update required

Dear staff member,

We are performing a mandatory security update on all library systems. Please click below to verify your credentials:

[Suspicious Link]

Failure to verify will result in account suspension.

  • IT Department”

What’s wrong: Urgent language, generic greeting, asking you to click to “verify credentials.” Real IT would never ask for passwords via email link.

If you get this: Don’t click. Forward to IT with “Is this legit?”

What NOT to Enter Into AI Systems

  • Patron personal information (names, addresses, library card numbers)
  • Staff login credentials
  • Confidential library information
  • Patron reference questions with identifying details

Example:

  • BAD: “Can you help me find resources for patron John Smith who’s researching cancer treatment?”
  • GOOD: “What resources do we have on cancer treatment options?”

What to Ask Administration For

You shouldn’t figure this out alone. Here’s what you need from leadership:

  • Clear list of which systems use AI and what they do
  • Pre-written patron FAQ with approved answers
  • Emergency procedures for system outages (printed, at every desk)
  • Regular training (not “here’s an email,” actual training time)
  • Contact person for security concerns (name, phone, email)
  • Authority to escalate patron concerns without pushback
  • Patron-facing privacy policy (printed copies, QR code)

How to ask:

“Patrons are asking questions about AI and privacy that I can’t answer accurately. Can we get official talking points and training? I want to give patrons good information, not guesses.”

The Bottom Line

You didn’t sign up to be an AI expert or cybersecurity specialist. But AI and cybersecurity are now part of patron service.

This guide gives you the basics to identify AI in library systems, answer common questions honestly, recognize security red flags, protect yourself and patrons, and escalate appropriately when needed.

Print this out. Keep it at the desk. Share it with colleagues.

And when administration asks “Why didn’t you know this?” show them this post and say: “Because nobody trained us. Here’s what we need.”

Demand the training you deserve. Forward this to your supervisor. Make them respond.

Authenticity note: With the exception of images, this post was not created with the aid of any LLM product for prose or description. It is original writing by a human librarian with opinions.