Samsung ChatGPT Source Code Leak: Employees Paste Proprietary Code into AI

Samsung employees inadvertently leaked proprietary source code and internal meeting notes by pasting them into ChatGPT for assistance, just weeks after the company lifted a ban on using the AI tool. In at least three documented incidents, Samsung engineers pasted semiconductor source code, internal test sequences, and meeting transcription content into ChatGPT. Because OpenAI could use chat inputs for model training at the time, the proprietary information potentially became part of ChatGPT's training data, making it impossible to fully retrieve or contain. Samsung subsequently banned all generative AI tools on company devices and networks, and reportedly began developing an internal AI alternative. The incident became the most cited example of the shadow AI problem facing enterprises: employees using consumer AI tools for work tasks without understanding data handling implications. It prompted companies worldwide to implement AI usage policies and invest in enterprise AI deployments with data controls.

The ramifications of this incident extend beyond the immediate data exposure. Privacy regulators in multiple jurisdictions have opened investigations, and affected individuals are organizing collective action to demand accountability and meaningful remediation. The case highlights systemic weaknesses in how organizations handle personal data and the gap between corporate privacy promises and operational reality.

For impacted individuals, immediate action is critical. Filing a data subject access request forces the company to disclose exactly what data they hold about you, providing the foundation for deletion requests, regulatory complaints, and potential legal action. Below, we outline the specific data types at risk and the concrete steps you can take to protect yourself.