Professionals see new possibilities with AR glasses

The past 15 years of smart glasses were a bit foggy—looking at you, Google Glass. Despite some early promise, the technology never seemed to really take off with consumers or professionals.

But millions are reportedly buying into some form of hands-free, photo-taking, video-recording eyewear, and vendors are investing heavily in developing new products.

We spoke with people using augmented-reality (AR) glasses in their everyday work—and security and privacy professionals who offered reminders on the risks of this rapidly evolving tech.

On the record. Paul Zeylikman, a dentist who runs Brooklyn and Queens’s Little Tooth Pediatric Dentistry, recently used first-generation Ray-Ban Meta glasses to record a lip-tie procedure, also known as a laser frenectomy. The doctor said he records complicated procedures with the glasses, then uses the short videos or photos to provide instruction to peers.

“I can’t de-gown, and take my gloves off, and start recording with a camera,” he told IT Brew. To begin recording, Zeylikman uses a verbal prompt or holds a button located on the side of the glasses.

Zeylikman said he obtains written consent from patients regarding his use of AR glasses, and also asks for a verbal consent from a parent in the room before taking a photo or video. He emphasizes that he’s using the footage “for educational purposes,” and footage isn’t shared on social media or publicly distributed.

Help on the job. Dentistry is just one of many professions incorporating AR eyewear. On Oct. 22, Amazon announced smart delivery glasses to help workers “identify hazards, seamlessly navigate to customers’ doorsteps, and improve customer deliveries.”

Engineering software company Bentley Systems has a research lab exploring AR applications in construction settings, using devices like the Apple Vision Pro and Meta headsets to provide on-screen virtual representations and to support digital run-throughs of giant construction projects.

“Allowing people to rehearse with those headsets and project themselves exactly like they would be onsite allows them to be better prepared and to act in a more safe way,” Bentley Systems CTO Julien Moutte said.

Though many companies appear to be in a more experimental phase with AR eyewear, tech vendors have been steadily investing in the technology over the past few years. Meta reportedly sold over a million of its Ray-Ban Meta glasses in 2024, according to The Verge. Last week, Samsung introduced Galaxy XR, the first device built on Android XR, Google’s new operating system for headsets and glasses.

But it’s been a long, bumpy road to get to this point:

• In 2012, Google introduced Google Glass, wearable AR glasses featuring a small display, voice activation, and smartphone connectivity (the company ended support for its enterprise version in 2023).
• Tech companies built AI-assisted vision technologies for specific industries, including Vuzix M100 for healthcare and industrial settings in 2013 and Recon Jet for athletes in 2015.
• Microsoft launched its HoloLens in 2016. The AR headset managed to get a sequel (the HoloLens 2) but eventually ceased production.
• 2021’s Ray-Ban generation 1, also known as Stories, featuring an AI voice assistant, photo and video capture, and audio notifications. (Its second-gen option arrived this year.)
• Apple launched its “spatial computing” Vision Pro in 2024, but is reportedly revamping its design to compete with Meta’s AI glasses, according to Bloomberg.

AR there hacks, though? As adoption of AR and VR increases in specialized industries, so does the potential for cyberattacks and privacy risks.

When asked about encryption features on the smart glasses, Meta spokesperson Dina El-Kassaby Luce referred IT Brew to the company’s 2021 announcement, which states,“For added peace of mind, photos and videos are encrypted on the smart glasses.” The glasses can also only be synced with one user, and the data is not transferrable between accounts if, say, the glasses were lost and then found by someone else.

There’s also a light to indicate when video or photos are taken—not that that light can’t be hacked.

Zeylikman said generally he tries to get any data out of the glasses and locally onto his (locked) phone quickly, to prevent the data from being stored in a cloud environment.

Though the health regulations known as HIPAA do not mention AR glasses specifically, the standard calls for protected health information to be encrypted in transmission and at rest.

“From a HIPAA standpoint, my use of the glasses is essentially equivalent to taking a cell phone photo or video to show a colleague—just in a more hands-free, efficient format,” Zeylikman wrote to us in a follow-up email, where he also emphasized that he’s using the glasses in a “limited, privacy-forward manner” until he can fully verify security specifications.

Jenai Marinkovic, CEO of governance nonprofit GRCIE and a member of the ISACA Emerging Trends Working Group, sees the benefits of the smart glasses, but emphasized the importance of industry practitioners obtaining written consent and adhering to the state- and age-related privacy regulations. Generally speaking, phone-held data can be risky, she said, because a phone is often not a corporate-owned device. Marinkovic recommended that every smart-glasses user build a data map to understand the full route of any sensitive information.

“You need to make sure that that data is encrypted through every single one of those pathways,” Marinkovic said.

Joe Jones, director of research and insights at nonprofit privacy org IAPP, noted the difficulty in maintaining a digital social contract or privacy notice as the millions of glasses wearers bring the tech from industry to everyday life.

He has seen some business leaders already embracing best practices when it comes to AR usage, including processing data locally and on-device as much as possible, and deleting data as soon as it’s no longer needed.

“There’s only so much [wearers] can control when it comes to the device manufactured by someone else, but the extent to which they’re pulling down and pulling out that data for their own use in their own systems. That’s when they have more control and more is expected of them,” Jones said.