I used to think that the power requirements might be the downfall of AI. Now I think the lawyers may kill it.
I'm peripherally involved in getting AI approved at our company. It's almost pernicious. Aside from the obvious things, like what are approved or disallowed AI sites for the business, we have to deal with various vendors bundling varying types of AI into their products. The trend seems to be to turn the damn things on by default and then hope we never figure out the legal implications that entails.
We're working on ongoing policy development and locking down some of these things, but it feels like a losing battle, and these vendors aren't making it any easier. Add to that the various flavors of AI have different concerns and vulnerability vectors. Something like ChatGPT might potentially have access to strategic or proprietary information that an employee submits, while something like Claude might be able to infer a business direction from coding requests, or even worse, train the AI to provide a solution that we may have spent months perfecting in-house with the potential to hand it to our competitors with the right prompt.
None of this even considers the unanswered questions about the potential copyright concerns building these models in the first place.
For the supposedly smart people building these things, they sure haven't thought a lot of it through. Or maybe they have and just hope to be so integrated before legal catches up that they can't be removed.
Curious what others are seeing in this area.
I took your comments and gave them to ChatGPT. See below:
A friend posted this: I used to think that the power requirements might be the downfall of AI. Now I think the lawyers may kill it.
I'm peripherally involved in getting AI approved at our company. It's almost pernicious. Aside from the obvious things, like what are approved or disallowed AI sites for the business, we have to deal with various vendors bundling varying types of AI into their products. The trend seems to be to turn the damn things on by default and then hope we never figure out the legal implications that entails.
We're working on ongoing policy development and locking down some of these things, but it feels like a losing battle, and these vendors aren't making it any easier. Add to that the various flavors of AI have different concerns and vulnerability vectors. Something like ChatGPT might potentially have access to strategic or proprietary information that an employee submits, while something like Claude might be able to infer a business direction from coding requests, or even worse, train the AI to provide a solution that we may have spent months perfecting in-house with the potential to hand it to our competitors with the right prompt.
None of this even considers the unanswered questions about the potential copyright concerns building these models in the first place.
For the supposedly smart people building these things, they sure haven't thought a lot of it through. Or maybe they have and just hope to be so integrated before legal catches up that they can't be removed.
Curious what others are seeing in this area.
Your friend isn’t wrong about the friction, but the conclusion (“lawyers may kill it”) is probably overstated. What you’re seeing is a classic pattern: a powerful new technology hits enterprise environments faster than governance frameworks can keep up.
Here’s what’s really going on beneath the surface:
A few things are converging at once:
Default-on AI features Vendors are absolutely shipping AI turned on by default (think Microsoft Copilot integrations, Google Workspace AI, etc.). From their perspective: adoption = survival. From your friend’s perspective: unvetted risk suddenly exists everywhere. Shadow AI usage Even if you ban tools like ChatGPT or Claude, employees will still use them unless you provide an approved alternative. Different models, different risks Your friend is right here: Prompt leakage (users pasting confidential info) Model training concerns (is data retained?) Inference risks (patterns revealing strategy) Output risks (hallucinations, IP contamination)
It’s not one problem—it’s a stack of problems.
The big buckets:
Data security & confidentiality Most enterprise-grade AI tools now offer: “No training on your data” guarantees Data isolation / tenant boundaries Example: enterprise versions of ChatGPT Enterprise explicitly avoid training on customer inputs.
👉 This is quickly becoming table stakes.
Copyright / training data This is the messiest area right now. Ongoing lawsuits and evolving standards will likely land somewhere like: “Training is allowed, outputs must not be substantially similar” Or licensing frameworks for training data
But importantly: This is a platform-level issue, not something most companies will be directly liable for unless they misuse outputs.
IP leakage via prompts
This is the most immediate practical risk your friend is feeling.
Example concerns:
Engineer pastes proprietary code → model learns pattern What are your solutions?
Your friend is describing a real problem—but it’s not a losing battle. It just requires treating AI like you would any other high-risk enterprise system (think cloud in 2012, SaaS in 2015).
Here’s how companies that are actually getting control of this are approaching it:
If you don’t give employees an approved tool, they will use public ones.
Solution:
Roll out an approved, enterprise-grade tool like: ChatGPT Enterprise Microsoft Copilot
These give you:
No training on your data Admin controls Auditability
👉 This single move eliminates ~70% of the risk immediately.
Most companies fail here by being too vague.
Instead, create 3 simple buckets:
Green (allowed) Public info Generic tasks (emails, summaries, formatting) Yellow (caution) Internal but non-sensitive info Requires approved tools only Red (never) Trade secrets Source code (unless in controlled environment) Financials, strategy, customer data
👉 Then tie rules to tools:
Public AI (like ChatGPT free tier) = Green only Enterprise AI = Green + Yellow Red = never, anywhere
This removes ambiguity—which is what legal teams hate most.
Your friend is right—vendors sneak AI in everywhere.
Solution:
Add AI review to procurement + IT governance: “Does this product use AI?” “Is it on by default?” “Where does data go?” Use: SSO controls API blocking Feature flags
Companies are now maintaining “AI allowlists” just like SaaS allowlists.
Instead of banning sensitive use, contain it.
For example:
Internal code assistant trained on your repos only Private LLM instance (Azure / VPC deployment) Retrieval-based systems (RAG) where data never trains the model
👉 This addresses your friend’s biggest fear:
“What if we accidentally teach the model our secret sauce?”
You don’t—because the model isn’t training on your data.
You don’t need to read every prompt—but you do need visibility.
Track:
Which tools are used Volume of usage Basic categories of prompts (if possible)
This helps catch:
Risky behavior patterns Shadow tool adoption 6) Train employees like adults (not with legal jargon)
Most policies fail because they’re unreadable.
Instead, give simple rules:
“Don’t paste anything you wouldn’t put in a public email.”
“If it feels sensitive, use the approved tool.”
“AI is a helper, not a source of truth.”
That’s it. Short, memorable, enforceable.
This is the uncomfortable truth:
Blocking AI = losing productivity + competitiveness Allowing AI = accepting controlled risk
The winning companies are not eliminating risk—they’re managing it better than competitors.
Right now legal teams feel like they’re playing defense.
Better model:
Legal defines guardrails IT enforces controls Business units experiment inside the sandbox
Not:
“Stop everything until it’s 100% safe”
Because that never happens.
Bottom line
Your friend is stuck in the “reaction phase” most companies hit early.
The companies that get past it do three things:
Standardize tools Simplify rules Contain risk instead of chasing it
If you want, I can map this into a very concrete “company policy + architecture” (like exactly what to allow, block, and deploy) based on your friend’s industry
Thanks for that.