Don't laugh. Put your concerns to ChatGPT and Grok and see how they respond regarding the attorneys. Seriously. They're smart enough to fix their own legal problems. The reason lawyers are fighting so hard is AI is about to overtake their profession. For the wordsmithing you pay them $800/hr for, ChatGPT will spit it out in 20 seconds for free.

Not just legal...but insurance...

Insurance actuaries will be the ones to kill AI in many instances because there's no way for them to predict all the liabilities it will come up with they'd never be able to predict...

Work at a big company. You used to need a special license or permissions, I believe, to have ChatGPT access but now we all have it. I am not a fan, but we are all being encouraged to use it, even creatively. The push to embrace AI reminds me of DEI pushes.

Because we all have it, supposedly it means submitting proprietary info is safe - that’s part of the big sell, I think. (Probably learned people were going rogue querying proprietary info on more public avenues and realized the cat was already out of the bag). Upload data, have AI optimize; AI has knowledge of varying systems and can attack things from a multi-factorial angle more efficiently than people across various functions with varied expertise. Clearly someone with a deep and thorough understanding is needed to ensure results are parsing things and presenting an accurate result, though. AI slop is real.

No insight into legal. All I know is, between my age, offshoring, and AI, I am a bit uneasy about job security.

Related to AI generally, but in robot space, the Prime series Humans was interesting. It gets into legal arguments around protections for conscious humanoid robots. Watching Melania walk side-by-side with that Figure 3 the other week gave me chills.

The People will end up only being allowed to use nerfed AIs, while Nation States, developers, CEOs, Wall Street, military, PD, ......lawyers, Medical,....will have ungated access. So everyone but the People get nukes and we're left with slingshots? Nah.

Everyone should have complete equal access. I don't trust the people who make the rules that say only they can have a thing, nor do I give them consent to impose usurped, fictional authority on me....... they're actually the last people on Earth who should have unfettered access. But since they do........we need to have that, too. Do you think Sam Altman bans himself and uses nerfed GPT? Hell no. I do not agree with any man on God's Green Earth telling me what I'm allowed to access and not. I don't give that authority to them.

Here's what Grok says about potential code leakage through Claude:

"you paste (or describe in detail) a novel algorithm, architecture, optimization, or proprietary implementation into a regular Claude chat:

The model can learn patterns from it during training. Future users (including competitors asking similar questions) could receive outputs that are influenced by or closely resemble your solution. LLMs don't usually spit out exact copies of training data, but they can generalize and reproduce distinctive approaches, especially if the idea is rare or highly specific. This is a known industry-wide issue (memorization, regurgitation, and IP leakage risks).

It's not that your code is "publicly exposed" in a searchable database—it's internalized into the model's weights. But the net effect for competitive advantage can be the same."

I wonder how many companies rubbing their hands together about replacing employees with AI have considered the potential intellectual and strategic leakage if they don't affirmatively opt out of training (and if the vendors don't change the service agreement later and start using their info anyway)

We could refuse to participate in anything AI related. (That we know is related).

Consider the ServiceNow AI Control tower to manage AI risk. It's tied to the GRC functionality within the platform.

https://www.servicenow.com/products/ai-control-tower.html

A while back I had a convo w claude.ai and this is his summary of The Current State of AI: A Critical Assessment

https://claude.ai/public/artifacts/e4ed9de7-0b04-44a7-a6b5-3eda94143f6f

Hear Hear!

The very point of AI, especially in engineering organizations in US is to allow whoever controls the AI to steal all the intellectual property. Presumably, this is the CCP or Peoples' Liberation Army (of China) that is likely the "secret shareholder" of Anthropic through their special class of stock owned by a Trust with unknown Trustee and Beneficiary.

Someone attempt to explain the need for that many AI data center locations. They already have a few that have been gathering data for decades. I give it a few more years and many more people will be dying from the shots so there will probably be less people to gather data on. I don't think the "data centers" are going to be data centers. AI doesn't need that much power to run.

I took your comments and gave them to ChatGPT. See below:

A friend posted this: I used to think that the power requirements might be the downfall of AI. Now I think the lawyers may kill it.

I'm peripherally involved in getting AI approved at our company. It's almost pernicious. Aside from the obvious things, like what are approved or disallowed AI sites for the business, we have to deal with various vendors bundling varying types of AI into their products. The trend seems to be to turn the damn things on by default and then hope we never figure out the legal implications that entails.

We're working on ongoing policy development and locking down some of these things, but it feels like a losing battle, and these vendors aren't making it any easier. Add to that the various flavors of AI have different concerns and vulnerability vectors. Something like ChatGPT might potentially have access to strategic or proprietary information that an employee submits, while something like Claude might be able to infer a business direction from coding requests, or even worse, train the AI to provide a solution that we may have spent months perfecting in-house with the potential to hand it to our competitors with the right prompt.

None of this even considers the unanswered questions about the potential copyright concerns building these models in the first place.

For the supposedly smart people building these things, they sure haven't thought a lot of it through. Or maybe they have and just hope to be so integrated before legal catches up that they can't be removed.

Curious what others are seeing in this area.

Your friend isn’t wrong about the friction, but the conclusion (“lawyers may kill it”) is probably overstated. What you’re seeing is a classic pattern: a powerful new technology hits enterprise environments faster than governance frameworks can keep up.

Here’s what’s really going on beneath the surface:

1. Why it feels chaotic right now

A few things are converging at once:

Default-on AI features Vendors are absolutely shipping AI turned on by default (think Microsoft Copilot integrations, Google Workspace AI, etc.). From their perspective: adoption = survival. From your friend’s perspective: unvetted risk suddenly exists everywhere. Shadow AI usage Even if you ban tools like ChatGPT or Claude, employees will still use them unless you provide an approved alternative. Different models, different risks Your friend is right here: Prompt leakage (users pasting confidential info) Model training concerns (is data retained?) Inference risks (patterns revealing strategy) Output risks (hallucinations, IP contamination)

It’s not one problem—it’s a stack of problems.

2. The legal concerns are real—but already being addressed

The big buckets:

Data security & confidentiality Most enterprise-grade AI tools now offer: “No training on your data” guarantees Data isolation / tenant boundaries Example: enterprise versions of ChatGPT Enterprise explicitly avoid training on customer inputs.

👉 This is quickly becoming table stakes.

Copyright / training data This is the messiest area right now. Ongoing lawsuits and evolving standards will likely land somewhere like: “Training is allowed, outputs must not be substantially similar” Or licensing frameworks for training data

But importantly: This is a platform-level issue, not something most companies will be directly liable for unless they misuse outputs.

IP leakage via prompts

This is the most immediate practical risk your friend is feeling.

Example concerns:

Engineer pastes proprietary code → model learns pattern What are your solutions?

Your friend is describing a real problem—but it’s not a losing battle. It just requires treating AI like you would any other high-risk enterprise system (think cloud in 2012, SaaS in 2015).

Here’s how companies that are actually getting control of this are approaching it:

1. Stop trying to block AI—provide a safe default

If you don’t give employees an approved tool, they will use public ones.

Solution:

Roll out an approved, enterprise-grade tool like: ChatGPT Enterprise Microsoft Copilot

These give you:

No training on your data Admin controls Auditability

👉 This single move eliminates ~70% of the risk immediately.

2. Classify what data is allowed (this is the big one)

Most companies fail here by being too vague.

Instead, create 3 simple buckets:

Green (allowed) Public info Generic tasks (emails, summaries, formatting) Yellow (caution) Internal but non-sensitive info Requires approved tools only Red (never) Trade secrets Source code (unless in controlled environment) Financials, strategy, customer data

👉 Then tie rules to tools:

Public AI (like ChatGPT free tier) = Green only Enterprise AI = Green + Yellow Red = never, anywhere

This removes ambiguity—which is what legal teams hate most.

3. Turn OFF vendor AI by default (centrally)

Your friend is right—vendors sneak AI in everywhere.

Solution:

Add AI review to procurement + IT governance: “Does this product use AI?” “Is it on by default?” “Where does data go?” Use: SSO controls API blocking Feature flags

Companies are now maintaining “AI allowlists” just like SaaS allowlists.

4. Create a “secure sandbox” for high-value use cases

Instead of banning sensitive use, contain it.

For example:

Internal code assistant trained on your repos only Private LLM instance (Azure / VPC deployment) Retrieval-based systems (RAG) where data never trains the model

👉 This addresses your friend’s biggest fear:

“What if we accidentally teach the model our secret sauce?”

You don’t—because the model isn’t training on your data.

5. Log and monitor usage (lightly, not creepily)

You don’t need to read every prompt—but you do need visibility.

Track:

Which tools are used Volume of usage Basic categories of prompts (if possible)

This helps catch:

Risky behavior patterns Shadow tool adoption 6) Train employees like adults (not with legal jargon)

Most policies fail because they’re unreadable.

Instead, give simple rules:

“Don’t paste anything you wouldn’t put in a public email.”

“If it feels sensitive, use the approved tool.”

“AI is a helper, not a source of truth.”

That’s it. Short, memorable, enforceable.

7. Accept that some risk is the cost of speed

This is the uncomfortable truth:

Blocking AI = losing productivity + competitiveness Allowing AI = accepting controlled risk

The winning companies are not eliminating risk—they’re managing it better than competitors.

8. Reframe legal’s role (this is cultural)

Right now legal teams feel like they’re playing defense.

Better model:

Legal defines guardrails IT enforces controls Business units experiment inside the sandbox

Not:

“Stop everything until it’s 100% safe”

Because that never happens.

Bottom line

Your friend is stuck in the “reaction phase” most companies hit early.

The companies that get past it do three things:

Standardize tools Simplify rules Contain risk instead of chasing it

If you want, I can map this into a very concrete “company policy + architecture” (like exactly what to allow, block, and deploy) based on your friend’s industry

Should use AI to verify all the election scam of the past. Clearly all those audits and recounts Trump commissioned didnt do the trick.

Having been involved in on both the enterprise side and the AI side, here is what I strongly believe. We are in the early 90s timeline for Internet, as a comparison. In those days very companies had websites, and the sysadmins running those sites would put all kinds of information out there, sometimes leaking private info inadvertently, and most decision makers, be it in companies or in universities hated the Internet and would simply shutdown the sites rather than fix problems.

Then came the telecomm act of 1996 and it created a spur of networking companies and slowly the whole area became mature as people started realising the serious revenue potential with Internet and then came companies like Apple, Amazon etc which made e-commerce not some wild-west gun-slinging but a day-to-day operation where you dont have to watch out if your compute got a virus every minute.

Thats the kind of maturity we will see with AI, but with AI there is one important phase that needs to happen.

Enterprises need to be able to run their LLM interference locally, rather than tap into ChatGPT of Claude etc. Thats the only way they can get the privacy they require. For that, the technology needs to mature a bit more. OpenAI has been turning their focus on Enterprises, and we will see the results of that hopefully soon.

But the pushback you are seeing right at the moment, is actually a good thing.