AI & Privacy

What Never to Type Into AI at Work

Shikhar BurmanShikhar BurmanLinkedIn·July 4, 2026·10 min read

Pasting the wrong thing into ChatGPT at work can leak company secrets. Here is what never to share, why it is risky, and how to use AI safely.

The short version: on a normal consumer AI account, treat anything you type like it could be stored on someone else's servers and, unless you have turned training off, used to improve the model. That makes a few things off-limits at work, no matter how convenient the shortcut feels: source code and internal systems, unreleased or confidential business information, customer and employee personal data, anything covered by law or contract, and your passwords and keys. Everything else, the ninety percent of daily tasks that involves no secrets, is fair game. The skill is not avoiding AI at work; it is knowing which ten percent to keep out of it.

This is not hypothetical caution. It is the lesson companies learned the expensive way, and the details are worth knowing because they explain exactly why the rules below exist. Once you understand the one mechanism that makes pasting risky, the list of what to avoid stops feeling arbitrary and starts feeling obvious.

The Cautionary Tale That Set the Rules

In early 2023, Samsung allowed engineers to use ChatGPT. Within about twenty days, three separate leaks happened. One engineer pasted proprietary semiconductor source code to check it for errors. Another uploaded internal code to get optimization help. A third fed in the transcript of a confidential internal meeting to generate minutes. All of it left Samsung's walls and landed on an outside company's servers. Samsung banned generative AI tools across the company in response, and the episode became the reference case for every corporate AI policy written since.

Samsung was not alone or unusually careless. Around the same time, Amazon warned staff after noticing model outputs that resembled its internal data, and a wave of major banks including JPMorgan Chase, Bank of America, Citigroup, Deutsche Bank, Wells Fargo, and Goldman Sachs restricted employee use of ChatGPT over exactly this concern. The point of the story is not that these tools are dangerous toys. It is that smart people at sophisticated companies leaked real secrets simply by pasting them into a chat box, because it felt as private as a search bar. It is not.

Insight

The uncomfortable footnote: banning AI did not make the risk disappear, it just made it invisible. Surveys found most employees who used ChatGPT at work did so without telling their employer, and analyses of workplace data found a meaningful share of workers had pasted company data into AI tools, a slice of it confidential. People will use the tool. The realistic goal is to use it without handing over the things that matter.

Why Pasting Is Risky: The One Mechanism

Here is the mechanism that makes all of this matter. On consumer AI plans, the free and personal paid tiers, your conversations can be used to help train future versions of the model unless you explicitly turn that off in settings. Even setting training aside, your inputs are transmitted to and stored on the provider's servers, outside your company's control, and you cannot reliably reach in and delete them. Combine those two facts and the risk is clear: sensitive text you paste can persist somewhere you do not control, and in the worst case influence a model that other people use.

The important distinction is the account type. Business and enterprise AI tiers generally do not train on your data by default and add real data protections, which is exactly why the fix for companies was never to ban AI forever but to move people onto controlled accounts. On your personal account, the protections you would assume are there simply are not, unless you have gone into the settings and changed them. That single difference is what separates a safe paste from a leak.

The Do-Not-Paste List

Keep these five categories out of any consumer AI tool at work. If you are unsure whether something qualifies, treat it as if it does.

Never pasteExamplesWhy it is dangerous
Source code and internal systemsProprietary code, configs, architecture, API keysLeaks intellectual property and can hand attackers a map
Confidential business infoUnreleased plans, financials, contracts, strategyA competitor edge and a possible breach of contract
Personal data of othersCustomer or employee names, records, health, IDsTriggers privacy laws like HIPAA and GDPR
Regulated or legal materialTrade secrets, sealed documents, privileged adviceLegal liability and lost protections
Credentials and secretsPasswords, tokens, keys, security answersDirect path to account and system compromise

Notice the through-line: every item is something you would not shout across a crowded coffee shop. That is the mental test. A chat box feels private and personal, but for a normal account it is closer to a public counter than a locked drawer. If you would not say it out loud to a stranger, do not type it into a consumer AI tool on the clock.

How to Use AI at Work Without the Risk

None of this means avoiding AI. It means using it in a way that keeps the sensitive ten percent out of it while still getting all the benefit. A few habits cover almost every situation.

  • Use the account your company gives you. If your employer offers a business or enterprise AI tool, use that for anything work-related; those tiers are built not to train on your data and to add protections your personal account lacks.
  • Turn off training on personal accounts. In the settings of most consumer AI tools there is a data control that stops your chats from being used for training. Switch it off; it takes thirty seconds and changes the risk profile.
  • Anonymize before you paste. Replace real names, numbers, and identifiers with placeholders. AI helps you draft the memo just as well when the client is Company A and the figure is X.
  • Ask about the shape, not the secret. Instead of pasting the confidential contract, describe the type of clause you need help with. You get the guidance without exposing the document.
  • Check the policy. Many workplaces now have a written AI policy naming approved tools and forbidden data. Reading it once saves you from being the next cautionary tale.

Judge the Tool, Not Just the Rule

Whatever assistant you use, the same principle applies: know where your words go and what the provider does with them, then decide accordingly. That is worth checking on any platform before you trust it with work. A multi-model tool like LumiChats lets you reach Claude, GPT-class, and Gemini-class models in one place, which is convenient for comparing answers, but the rule does not change with the interface, review any provider's data-handling terms, keep the do-not-paste list in mind, and route genuinely sensitive work through the controlled account your employer sanctions. Convenience never overrides the five categories above.

Frequently Asked Questions
01Is it safe to use ChatGPT at work?

It is safe for the large majority of tasks that involve no secrets, such as drafting, summarizing, and brainstorming with non-confidential information. It is not safe to paste source code, confidential business data, other people's personal information, regulated material, or credentials into a consumer account. Use your employer's business or enterprise tool for anything sensitive.

02What should you never share with an AI chatbot?

Five categories: source code and internal systems, confidential business information like unreleased plans and financials, personal data about customers or employees, regulated or legally protected material, and any passwords, keys, or credentials. If you would not say it aloud to a stranger, do not type it into a consumer AI tool.

03Does ChatGPT use my data to train its models?

On free and personal paid plans, your conversations may be used to improve the models unless you turn training off in settings, and your inputs are stored on the provider's servers regardless. Business and enterprise plans generally do not train on your data by default, which is why companies move employees onto those accounts.

04Can my company see my AI chats?

On a company-managed business or enterprise account, administrators may have visibility and logging, and that is by design for security and compliance. On a personal account you use for work, your employer usually cannot see the chats, but that is exactly the shadow-use risk that led many companies to provide sanctioned tools instead.

05How do I use AI at work safely?

Use the account your employer provides, turn off training on any personal account, anonymize names and numbers before pasting, describe the shape of a problem rather than exposing the confidential document, and follow your workplace's written AI policy. These habits let you keep the productivity while keeping the secrets out.

The takeaway: AI at work is not the danger; careless pasting is. Learn the one mechanism, your inputs leave your control and may train the model, and the five do-not-paste categories follow naturally. Keep the secrets out, use the account your company sanctions for anything sensitive, and you get all the speed of AI without becoming the story your colleagues read about next.

Was this article helpful?

Found this useful? Share it with someone who needs it.

Free to get started

Claude, GPT-5.4, Gemini —
all in one place.

Switch between 40+ AI models in a single conversation. No juggling tabs, no separate subscriptions. Pay only for what you use.

Start for free No credit card needed
Shikhar Burman
Written by
Shikhar BurmanLinkedIn

Co-Founder and CTO of LumiChats. Writes technical deep-dives on AI systems, infrastructure, and how large language models actually work under the hood.

Keep reading

More guides for AI-powered students.