Don’t give your IP to GPT
How much control do you have over where your company data goes today? What's flowing where, and who's sharing it with which external services? These aren't new questions. As a matter of fact, most mature companies have at least one person whose job it is to answer them.
The answers to these questions however, have gotten radically more complex in recent years, and more consequential than ever before. With the explosion of AI apps, foundational models, and now agents, data is moving faster and is harder to track than it's ever been.
A good friend and former co-founder of mine put it well: "LLMs are the ultimate aggregation machine." They consume every piece of data they can get their hands on. But it goes beyond raw data, over time, they absorb the intelligence, processes, and workflows of everything they're exposed to. With every prompt, every workflow they're asked to automate, and every custom GPT that gets created, they learn. Quietly. Continuously.
Cookie Monster doesn't care what's on the table, he just wants all of it. LLMs work the same way with your data.
For those of you who use ChatGPT, Claude, or any other foundational model regularly — have you ever tried asking it: "Tell me what you know about my personality?" The answer is both impressive and a little unsettling. We already know Google has built a detailed picture of most of us through our searches, location data, and browsing habits, detailed enough to predict purchases, political leanings, and life events before we've consciously made a decision. Now imagine something far more intimate: a system that has seen the way you think, the way you write, your professional anxieties, your half-formed strategies, your most sensitive questions, and can synthesize all of it on demand. That's what we're quietly constructing, prompt by prompt, every single day.
Now imagine that same thing happening at the scale of an entire company.
Before we get there, it's worth asking: what actually constitutes a company's IP? The answer depends on who you ask. An HR lead at Zappos would say "the people." A senior exec at Disney would say "the brand." A scientist at Coca-Cola might say "the recipe." All of these are valid, but when you look across companies, the most defensible competitive advantages tend to cluster around a few building blocks: people, operational processes, and product. And perhaps most importantly, the intelligence layer that connects them all.
Disney's brand is one of the most recognizable on the planet, built over nearly a century, impossible to replicate overnight.
That intelligence is woven into the fabric of a company through databases, code, culture, workflows, customer relationships, and partnerships. It can't be reduced to any single formula, algorithm, logo, or individual. It lives in people's thoughts, questions, answers, and daily decisions. And right now, all of that is being fed directly into AI, at scale, often without anyone in leadership realizing it.
Employees are independently prompting AI tools to solve problems and get answers. Companies are deploying LLM-powered applications to automate workflows. Both of these things are genuinely exciting, they allow individuals and teams to work faster and more effectively than ever before. But if it happens without careful consideration, your company's intelligence is quietly leaking out, prompt by prompt, agent by agent.
Here's why this matters more than it might appear. In the past, different vendors handled different parts of your business operations. You shared intelligence with each of them, but those companies operated independently, with their own separate data infrastructure. Today, you might be working with 50 different AI apps and services across your organization, but the vast majority of those vendors are built on top of just a handful of foundational model providers. The same providers your employees are prompting from their personal devices at home, with or without your knowledge.
And trust me: just because you're a large company with firewalls and an IT policy doesn't mean your employees aren't using these tools. I've spoken with engineers, lawyers, salespeople, and executives at major companies who openly admitted to using AI tools in violation of company policy. In some cases, people deliberately use personal laptops to get around company restrictions. The demand is real, and it's not going away.
So what happens when all of this knowledge flows into the same underlying models — directly through employee prompts, or indirectly through the vendors you've adopted? Well-resourced AI companies have enough signal at the aggregate level to build a detailed picture of your industry, your competitors, and yes, your company, even if they're not doing anything malicious or extracting data in real time. The exposure is structural. Consumer-facing AI products have historically used conversations to improve their models, and employees using free or personal accounts are almost certainly contributing to that. This isn't a conspiracy, it's just how the incentives work.
Now, I want to be clear: this is not an argument to stop using AI or ban it from your operations. Quite the opposite. Your ability to adopt AI quickly and effectively may well be your next real competitive advantage. Build a culture that embraces these tools. Push for acceleration at every level. But, before you give employees open access to public AI services, and before you adopt AI-powered applications built on those same foundational models, take a step back. Bring in senior data and security experts. Design an architecture that ensures you continue to own and control your company's intelligence, rather than gradually donating it.
One concept worth understanding is the company data fabric, an internal layer that sits independently of any AI app or service, making those apps and services interchangeable rather than load-bearing. This matters more than it might seem today. Many of the AI tool providers crowding the market right now are, at their core, wrappers on top of foundational models. As those models continue to mature, many of these wrappers will simply become native features built directly into the platform. A significant number of today's AI vendors won't survive as standalone businesses. That's yet another reason not to tie your intelligence, and your processes, too tightly to any one of them.
I'm not a deep technical expert, but a few starting points: use private or enterprise instances of AI services rather than public consumer endpoints. Thoroughly vet every vendor to understand whether your data could flow back into a foundational model's training pipeline. Get clear on how your company handles Data, AI, and Agent Governance as a unified discipline. From there, explore AI Orchestration and Observability tools, and take a serious look at LLM security solutions. The space is evolving fast, but the foundational questions remain constant: who owns the data, where does it go, and who controls it?
Don't wait and see. But don't move so fast that you lose sight of what you're giving away. Act now, act with intention, and make AI part of your IP, rather than handing your IP over to it.
P.S. If you've already built an infrastructure and operational model that successfully navigates these challenges, I'd genuinely love to talk.
