How to use AI at Work (and Not Get FIRED)
He Deleted His ChatGPT Chats. A Judge Used Them Against Him Anyway.
Inside the Samsung leak, the Krafton lawsuit, and the AI governance gap costing companies millions — and what every employee needs to do before their next prompt.
Ever notice that the people most confident they're using AI safely at work are usually the ones who've never opened the settings menu?
They don't even know there's a toggle.
Today were covering a guy who Deleted His ChatGPT Chats. And yet A Judge Used Them Against Him Anyway.
Ever notice that companies with no AI Governance still have employees using AI?
They just do not tell anyone.
And this part is what bothers us all.
Right now, while you're reading this, there's a setting on your personal ChatGPT, your Claude, your Gemini, your Grok, that decides whether your employer ever finds out what you typed into it.
And “The Default” is set to the wrong answer.
I'm going to tell you about a CEO who deleted his ChatGPT conversations. Thought that made them gone.
A Delaware judge disagreed.
We'll get there. First, the numbers nobody's saying out loud.
The Gap
More than 90 percent of companies have employees using personal chatbots for work without telling IT. Not my opinion. MIT and Stanford. This year.
Fifty-seven percent have typed sensitive information into a personal account at least once.
And here's the one that should worry you if you're the one paying for the company AI tool: 22 percent of employees at companies that already have a sanctioned, IT-approved tool still reach for their personal account anyway.
They're not doing it because they're reckless. They're doing it because the personal tool is faster, better, and nobody told them the rules.
That gap, between what your policy says and what your people actually do, is not a communication problem.
It's a governance problem.
And the difference between those two words is the difference between a memo and a lawsuit.
If you prefer to watch/listen rather than read:
https://youtu.be/HOtjlvbLVs8?si=6KfWbGWPBI3TPX4x
The Cases Are Already on Record
Let me tell you what this looks like when it ends badly.
Samsung. April 2023. Samsung's semiconductor division lifts its internal ban on ChatGPT. Within twenty days, engineers leak confidential information three separate times. Source code, pasted in to check for errors. More code, uploaded for optimization. A confidential internal meeting, recorded, converted to text, handed to the AI to summarize.
None of those engineers were malicious. They were just trying to do their jobs faster.
Every word of it became training data for a model they don't own and can't control.
Samsung banned every generative AI tool on every company device. Opened disciplinary investigations. Anyone caught violating it now faces termination.
The data that had already been submitted could not be recalled.
The data that had already been submitted could not be recalled.
(Sources: Fortune, Bloomberg, redteams.ai, May 2023)
West Technology Group v. Sundstrom. February 2024. A sales specialist uses an AI meeting tool called Otter to record and transcribe confidential company calls. Customer lists. Pricing. Proprietary manufacturing process. All of it, before he leaves the company. He keeps access after he's gone.
The company finds out four days after they fire him.
How? His bot tries to auto-join a company sales call. Under his name.
They sue for trade secret theft. The case settles.
Nobody installed a keylogger. Nobody hacked a firewall. He just used a tool that saved everything, and the company never had a policy that said he couldn't.
(Source: Law.com, The Sedona Conference, 2024)
Krafton / Fortis Advisors v. Krafton, Inc. March 2026.
This one's a CEO.
Krafton, the South Korean gaming company behind PUBG, buys a studio called Unknown Worlds in 2021. Five hundred million dollars. The deal has an earnout. Two hundred fifty million more, tied to how well their next game performs.
The game starts hitting the targets.
The CEO decides he doesn't want to pay.
His own head of corporate development tells him, directly, that firing the founders "for cause" won't hold up. It'll get them sued.
The CEO skips his own legal team.
And goes to ChatGPT.
He asks the AI how to avoid the payout. The AI tells him it'll be difficult to cancel the deal.He doesn't accept that answer. He keeps going. Works out what the court later calls "Project X," a plan to fire the founders and block the game from shipping on Steam.
Krafton executes the plan. The founders sue. In discovery, his ChatGPT conversations get pulled as evidence.
He had deleted them.
They surfaced anyway.
March 16th, 2026. Vice Chancellor Lori Will rules Krafton breached the deal. Orders the founders reinstated. Finds, on the record, that the CEO had consulted an artificial intelligence chatbot to contrive a corporate takeover strategy.
Deleted chats.
Used as evidence.
Against the person who typed them.
(Sources: Fortune, Inc., Delaware Chancery Court ruling, March 2026)
The Mechanism Nobody Explains
Here's the thing most AI security conversations skip completely. It's not just what your employees paste into these tools. It's what they connect.
A connector links an AI account to another service. Gmail. Drive. Slack. Outlook. Once it's connected, the AI can read and act on everything inside that service.
Connect your work Gmail to a personal AI account and you've piped your company's entire inbox into a tool your company has no contract with, no legal agreement with, no visibility into.
In 2025, security researchers proved, twice, that a connected AI account can be hijacked by content it reads. They called it the lethal trifecta. Access to private data. Exposure to outside content you don't control. The ability to send information back out.
All three conditions exist in a connected personal AI account. Right now. Possibly on your phone.
A criminal doesn't need to breach your network anymore. They need one employee with a connected personal account and one email with a hidden instruction buried in the text.
The AI reads the email.
Follows the instruction.
Sends the data out.
The employee never knows.
What Most Companies Get Wrong
So what do most companies do about all this?
They ban it.
Samsung banned it. JPMorgan restricted it. Apple, Amazon, Verizon, Deutsche Bank, all put rules in place in 2023 and 2024.
And in every one of those companies, employees kept using it anyway. Just on their phones. Just on personal devices. Just somewhere the security team can't see.
Bans don't solve this. They push it underground.
The actual fix isn't complicated. It has three parts. Give people a sanctioned tool that's actually good enough that they want to use it, because if the company hands someone Copilot and they've already been using Claude, that's a battle you lose every time. Write a policy in plain language with real examples of what's allowed and what isn't. And train people. Not a PDF nobody reads. Not a checkbox in an onboarding module. Actual training, where people walk out knowing exactly what to do and why.
That's it. A sanctioned tool. A followable policy. Real training.
The One Question
Before you paste anything into any AI tool, personal or company-issued, there's one question that cuts through all of it.
Would I be fine if this exact text showed up in a company-wide email with my name on it?
Yes? Proceed.
No? Anonymize it first. Strip the names. Strip the dollar amounts. Strip anything that identifies the company. The AI doesn't need the real names to do the work. It needs the shape of the problem.
"Draft a renewal email to Sarah Chen at Medtronic for their $2.3 million contract." Or, "draft a renewal email to a client whose contract expires next month."
Same email comes out the other side.
Only one of those is actually yours to give away.
The Math
IBM's 2025 Cost of a Data Breach report found that companies with significant uncontrolled AI use paid substantially more per breach than companies with governed AI environments. Average cost of a U.S. data breach in 2024 exceeded $9 million.
An AI governance training program for a mid-sized company does not cost $9 million.
It does not cost $1 million.
The proactive investment was never the expensive option. It just feels that way right up until the alternative shows up in your inbox as a discovery request.
Seven Things to Do Right Now
Whether or not your company has a policy, do these seven things immediately.
Turn off the training toggle in every personal AI account, in Claude, ChatGPT, Grok, and Gemini, because the data retained under default settings can be held for up to five years.
Use Incognito or Temporary Chat for anything work-related.
Apply the one-question filter before every paste.
Never put source code, customer data, financials, credentials, legal documents, or meeting recordings into a personal account, anonymized or not.
Anonymize everything else, roles instead of names, approximate values instead of real ones.
Never connect work accounts to a personal AI tool.
And understand that your AI conversations are discoverable. Deleting them does not make them gone. The Krafton CEO found that out in a Delaware courtroom.
Closing Argument
The companies that avoid this aren't the ones with the strictest ban list. They're the ones who took governance seriously before an incident forced their hand. Built a real policy. Gave people a real tool. Trained their teams on how to use it.
The ones who waited are the ones reading about Samsung on a Tuesday morning, wondering if their own people did the same thing last week.
Individual rules protect one person.
Governance protects everyone.
The Do's and Don'ts above aren't just talking points. We turned them into a single-page checklist your team can actually use, covering personal and professional AI use, at home and at work.
Comment "Guide" below. COnnect and DM me and I'll send it to you directly.
No form. No funnel. Just the guide.
If you lead a team and any part of this described something already happening inside your organization, that's exactly who our AI Governance Workshops are built for. We run them across North America.
David Dean Mauro | Cyber Crime Junkies YouTube | VP of Strategic Growth, NetGain Technologies, LLC | CyberCrimeJunkies.com | Author, Moving Target Trilogy Book Series (Audiobooks too)
Be a moving target.