How Secure is AI?

At some point, someone in your business has typed something sensitive into an AI tool. A client name. A contract detail. A salary figure. A strategic plan that took six months to develop. They did it because the tool was helpful and the task was pressing and the security implications were, in that moment, not the thing on their mind.

The question it raises needs a clear answer. So here it is.

What really happens to your data when you type it into an AI?

The answer depends on three things: which tool you are using, which version of that tool, and whether anyone in your organisation has configured it correctly. Get all three right and you have a strong foundation. Get any one of them wrong and you may be sharing more than you intend with people you have never met.

There is a fundamental difference between a consumer AI product and an enterprise one, and they are not the same thing wearing different price tags. A consumer product, the free or low-cost version you access through a browser, is designed to improve over time by learning from the conversations it has. That learning process uses your inputs. What you type may be reviewed by humans, used to train the model, and retained on servers you have no visibility of or control over.

This is not a secret. It is in the terms and conditions that nobody reads.

OpenAI, the company behind ChatGPT, is the most scrutinised on this point because it is the most widely used. On the free consumer tier, conversations are used for training by default, though users can opt out in settings. On ChatGPT Plus, the position is similar. Move to ChatGPT Team or Enterprise and the situation changes materially. Enterprise agreements explicitly exclude customer data from model training, include data encryption in transit and at rest, and offer stronger retention controls. The product looks the same. The data handling is substantially different.

Anthropic, which makes Claude, takes a comparable approach. Consumer conversations on Claude.ai may be used to improve the model unless you opt out. Claude for Enterprise and API access operate under different terms, with no training on customer data and stronger contractual protections. Google’s Gemini follows the same pattern.

The industry position is consistent. Free tools are paid for, at least in part, with your data. Enterprise tools are paid for with money, and your data stays yours. Understanding that distinction is the starting point for every security decision your business needs to make.

So what does that mean for the lawyer with confidential client files, the HR director with payroll data, the founder with unreleased product plans?

For the lawyer, the question is not simply whether the AI tool is secure. It is whether using it with client information is consistent with your professional obligations, your confidentiality agreements, and your regulator’s current guidance. The Solicitors Regulation Authority, and equivalent bodies elsewhere, are actively developing their positions on this. Feeding identifiable client information into a consumer AI tool almost certainly creates a problem. An enterprise tool with appropriate data processing agreements is a different conversation, but one that needs to happen with your compliance team.

For the HR director, payroll and personal data sits squarely within GDPR. Any processing of that data by a third party requires a lawful basis and typically a data processing agreement. Most enterprise AI contracts include these. Most consumer subscriptions do not.

For the founder with sensitive commercial information, the risk is lower in legal terms but potentially significant in competitive ones. Intellectual property that passes through an insufficiently governed AI system is IP you have introduced into an environment you do not control. The probability of it surfacing elsewhere may be low. The consequence if it did would not be.

None of this means stop using AI. It means use the right version, governed correctly.

If your business is using AI at any meaningful scale, you need an enterprise tier agreement with at least one major provider. That agreement should include a GDPR compliant data processing addendum, explicit confirmation that your data will not be used for model training, clarity on data retention periods, and information about where your data is stored geographically. These are standard provisions in any serious enterprise contract and any reputable provider will have them ready.

Beyond the contract, configure the tool correctly. Most enterprise AI platforms have administrative settings that allow you to restrict what data can be shared, set retention policies, and control which users have access to which capabilities. These settings are often not touched after initial deployment because nobody was assigned to do it.

Your people also need to understand what they can and cannot do with these tools in practice. Not in a tick-box compliance sense, but in a way that changes behaviour. What goes in, what stays out, and what to do when they are not sure. Getting that clarity in place, and making sure it reflects your specific business, your clients, and your obligations, is exactly the kind of work that repays the time spent on it many times over. It is also where outside expertise tends to earn its keep.

The question of how much confidence you can have is more reassuring than most people expect. The major providers, Anthropic, OpenAI, Google, Microsoft, are among the most scrutinised companies on the planet. A serious data breach or credible allegation of mishandling enterprise customer data would be existential for their business. That matters. It does not replace proper governance, but it is meaningful context.

What actually gives you confidence is guardrails, not paperwork. Knowing which data goes nowhere near any AI tool. Knowing which tools your people are using and under what terms. Knowing that your enterprise agreement says what it needs to say. The risk is not in the technology. It is in neglecting to ask the right questions and take advice.

Protecting your data means choosing the right tools as the technology evolves. The businesses that will handle this best are the ones treating it as an ongoing conversation rather than a one-time decision.