Insurers have started writing AI exclusions into corporate policies. The people whose entire job is pricing risk just published their honest read of where your data goes.
Goldman, JPMorgan, and Morgan Stanley each built their own private AI. The other 4,000+ US banks got a policy memo. Guess which group's employees are pasting customer data into ChatGPT right now.
40 million people a day now upload lab results and medical records to ChatGPT. Answers in seconds, HIPAA quietly waived.
That data isn't protected, and it can be subpoenaed.
@PeteTownsendNV@NeraSystems@MNSShow Thanks again, Pete. Still thinking about the starship-to-Mars bit. The science already says you can run AI on sensitive data. The part nobody talks about is what you actually do once you can.
The line that frames this whole conversation: the more valuable your data, the less you've been able to use it. I spent over 20 years on the technical side of this problem before enterprise AI ran into it. Good one with @PeteTownsendNV.
What if the most valuable data in your industry is exactly the data you've been told you can't use with AI?
@ramiakeela, founder & CEO @NeraSystems answers that question for me on @MNSShow.
Twenty years building cryptographic infrastructure for a problem enterprise AI is only just hitting.
The same principle that kept him building personally is the one he's spent his career solving technically: the more valuable your data, the harder it's been to use.
(links in the thread)
Colorado's "first real AI law" just got delayed to 2027. Everyone waiting on regulation to force their hand, enjoy the false comfort. Your data's still exposed.
Pitched "AI on data you can't expose" in 2023 and got blank stares. Now it's the first question every enterprise asks. The problem went mainstream faster than the solutions did.
@GenAISpotlight You can't policy your way out of an architecture problem. 88% already pasted the data. The model shouldn't have been able to read it in the first place.
@_shinkim@OpenAI The problem isn't the test accounts. It's that "disable MFA so we can test" ships as a real code path. Every bypass you build for convenience is one someone else inherits. The threat model doesn't care that it was for QA.
@teddyellison91 Good framework. The question I'd add before "is this output defensible" is "did anyone actually read it." As outputs get more confident the scrutiny gets lighter. That's true in legal, in code, in financial models.
67% of employees use AI on corporate devices through personal accounts.
Outside every policy. Every audit trail. Every DLP tool you have.
Not because they're careless. Because the approved tools are worse.
Give people something that works. Build it so the data never leaves.
@ThePupOfWallSt Good read. The piece nobody's writing about these partnerships: as enterprises go deeper into cloud AI infrastructure, the question of what data touches that infrastructure gets harder to answer. Tighter cloud integration cuts both ways.
@EHackerNews This is the pattern. AI tools that need broad access to work become the exposure point. The fix isn't better monitoring after the fact. It's building tools where the sensitive data never reaches the model in the first place.
@BernardMarr The agent trend is real but the data access question is lagging. Agents are powerful because they reach across systems autonomously. That's also what makes data exposure harder. Most enterprise security stacks aren't built for that yet.
@rohanpaul_ai Secure by design is the right frame. Most orgs bolt security onto AI after deployment. The ones getting ahead ask "what would we build differently if data exposure was never an option." Very different starting point.