Every time you asked AI for help, did you unknowingly hand over your company’s confidential data? Recent AI data breach incidents prove the risks you take when you input company data into OpenAI.

A case study with Samsung employees proves that entering sensitive data into public AI tools risks workplace data breaches. When you input information, it is stored on OpenAI’s servers and remains accessible to other users outside your network.

In 2023, Samsung faced a widespread data breach within their company due to uncontrolled employee use of ChatGPT and OpenAI. Samsung employees leaked confidential source code into ChatGPT for help with code optimization and meeting summaries. They didn’t realize that these inputs not only exposed Samsung’s confidential data, but also threatened Qualcomm, a leading U.S. chipmaker.  

This breach made their strategies and data vulnerable to competitors. Samsung banned the use of AI tools within their company, then later developed its own internal secure AI platform.

Recognizing the importance of having internal AI safeguards, major organizations including Amazon, JPMorgan Chase, and Walmart have tightened their security. These companies implemented higher internal controls and access limitations. These measures were designed to strengthen employee safeguards and maintain greater control over the use of artificial intelligence.

Amazon: Driven by data security concerns from ChatGPT platforms in 2023, Amazon implemented a policy restricting employee use of AI chatbots. To later address this, the company introduced its’ in-house AI tool, Cedric. Reports show Cedric contains security advantages over ChatGPT. It securely executes essential tasks such as document summarization and accurate information retrieval.

JPMorgan Chase: JPMorgan Chase initially restricted external AI usage in 2023 to protect proprietary data. However, the firm has since deployed its’ own internal AI platform called the LLM Suite. Chief Data & Analytics Officer, Teresa Heitsenrether, revealed, “Since our data is a key differentiator, we don’t want it being used to train the model. We’ve implemented it in a way that we can leverage the model while still keeping our data protected.” This ensures that the company can implement AI while maintaining strict control over its valuable data. 

Walmart: Walmart initially restricted the use of AI by its employees in 2023. This restriction was recently lifted following their new partnership with OpenAI on October 14th of this year. Walmart has implemented safeguards including mandatory AI literacy programs, comprehensive training, and certification requirements. These are designed to ensure employees understand AI’s proper use and confidentiality protocols to prevent accidental disclosure of confidential data.

Beyond exposure of competitive secrets, the uncontrolled use of AI creates a major corporate liability crisis, particularly in regulated industries. Companies face severe penalties when sensitive data is mishandled. Especially, concerning the protection of client information, patient records, and company trade secrets.

• Protected Health Information (PHI): For healthcare organizations, using public AI tools to process PHI is a major HIPAA risk. Uncontrolled employee access defeats the purpose of having the required administrative and technical safeguards. This leads to AI data breaches, financial penalties from the Department of Health and Human Services, and loss of trust.
  
  
• Trade Secret Protection: Inputting company data like source code or customer lists into a public AI model risks compromising trade secret status. The Defend Trade Secrets Act requires “reasonable measures” of secrecy. Uncontrolled employee pasting can compromise legal protection for those assets.
  
  
• Financial and Legal Penalties: The most immediate consequence is the financial hit. Fines are often calculated based on each compromised record. This can quickly escalate to a massive legal and financial obligation that can run into tens of millions of dollars. These costs can include direct regulatory fines, required investigation costs, legal fees, and credit monitoring services for affected customers.

Companies and businesses face severe penalties when sensitive data is mishandled. The increasing risk of AI and data breaches forces organizations to address data security and accountability.  

The use of OpenAI for routine tasks and private, unchecked accounts inadvertently exposes sensitive information. Companies and businesses face severe penalties when sensitive data is mishandled, particularly under frameworks like HIPAA, GDPR, or CCPA.  

Business leaders are recommended to establish frameworks that acknowledge and safely integrate the use of AI into business operations.

Employees need to understand why public AI poses a risk, how to use approved systems safely, and the consequences of contributing to AI and data breaches through negligence. 

These frameworks include: 

• Mandatory training 

• Active network monitoring 

• Secure enterprise API versions with zero data retention 

Implementing these frameworks requires specialized partners, such as LeeShanok Network Solutions. We are a proven leader in securing data and offering the necessary technical controls with strategic consulting. We implement essential solutions to actively monitor and block the transmission of sensitive data to external services.  

LeeShanok also develops and delivers the consistent training required to create a security-aware culture. We educate your business and employees on the dangers of using public tools and the safe use of approved systems. Partner with LeeShanok Network Solutions today!