Ever wondered what happens when your secret AI chats turn into courtroom exhibits? Today, we're diving into shocking stories of CEOs, engineers, and companies tripping over their own AI footprints—even after deleting chats. Spoiler: privacy and governance are more than just buzzwords—they're your new best friends.
KEY TOPICS
• Over 90% of companies’ employees secretly using AI tools for work
• How deleted chats can still haunt you in court (hello, Samsung's internal ban lift)
• The lurking dangers of connected AI accounts and prompt injections
• Real-life cases: a CEO’s illegal strategy, trade secrets leaked, and a major deal derailed
• The “lethal trifecta”: private data, outside content, and sent info at risk
• Why bans don’t work and what actually does (spoiler: good tools, clear policies, real training)
• A simple question to ask yourself before pasting into any AI tool
• The skyrocketing costs of uncontrolled AI use and why governance is your insurance
• The importance of proactive policies before a crisis hits
Chapters
00:00 - The shocking story of a CEO who deleted ChatGPT chats but still got sued
00:30 - Over 90% of companies' employees secretly using personal AI for work
01:00 - The dangers lurking in connected AI accounts and prompt injections
01:30 - Samsung's internal AI ban lift and what happened next
02:00 - Engineers uploading confidential code and internal meetings recorded by AI
02:45 - How even well-intentioned AI users can inadvertently leak secrets
03:15 - The legal case where deleted AI chats still surfaced in court
04:00 - The CEO’s illegal plans using AI to dodge a deal, and the evidence that betrayed him
05:00 - The hidden risks of connecting AI to other work tools like Gmail, Slack, and Outlook
05:40 - How AI-connected accounts can be hijacked and the "lethal trifecta"
06:00 - Why criminal hackers prefer employees with connected AI tools
06:30 - The flaws of bans and the 3-step solution for AI governance
07:00 - The simple question to ask before pasting into any AI tool
07:38 - How anonymized prompts can save your job and your reputation
08:00 - The shocking cost of unchecked AI breaches—over 9 million dollars on average
08:45 - Why governance beats strict bans—building the right policy and training
09:00 - How proactive AI management companies safeguard everyone
09:45 - Your quick checklist: tools, policies, and training
I wrote Moving Target because overconfidence is the enemy. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes and Noble, and more.
Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out at DMauro@NetGainIT.com or find more at www.NETGAINIT.com
New Exclusive Offers for our Listeners!
New non-fiction Book Series is out!
- Moving Target: The Art of Online Camouflage drops April 14.
- Moving Target: The Obedient Machine drops April 21.
- Book 3 -- Ghost and the Machine -- out soon!
🔥 4 years. 400+ interviews. Available on Amazon. We are all Stevie Parker.
Remove Your Data Online Today. Consider OPTERY Risk Free. Sign up here https://get.optery.com/DMauro-CyberCrimeJunkies
Or Turn it over to the Pros at DELETE ME and get 20% Off! Remove your data with 24/7 data broker monitoring. 🔥Sign up here and Get 20% off DELETE ME
🔥Experience The Best AI Translation, Audio Reader & Voice Cloning! Try Eleven Labs Today risk free: https://try.elevenlabs.io/gla58o32c6hq
===========================================================
Learn to stop cyber crime. ~Cyber Crime Junkies
[00:00:03] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books 1 and 2, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book 3, coming soon. Be a moving target.
[00:00:39] Stopped prompting AI. Do this first so you don't get fired. Today we're covering a guy who deleted his ChatGPT chats, and yet a judge used them against him anyway. Ever notice that companies with no AI governance still have employees using AI? They just don't tell anyone. And this is the part that kind of bothers us all. Right now, today, while you're watching or listening to this,
[00:01:06] there's a setting on your personal ChatGPT, Grok, Claude, Gemini, your personal setting that decides whether the company you work for ever finds out what you upload or typed into it. And the default, in air quotes, is set to the wrong answer.
[00:01:29] I'm going to tell you a few true stories that happened recently, including one about a CEO who deleted his secret ChatGPT AI conversations. He thought that made them gone. A Delaware judge disagreed. We're getting there. But first, we're going to go over the numbers because the numbers are the part that most people actually don't get. So let's get into it. This is Cybercrime Junkies.
[00:01:58] And now the show. More than 90% of companies have employees using personal chat bots, AI, for work right now without telling leadership or their IT department, etc. That's not my opinion. That's MIT, Stanford this year.
[00:02:25] 57% have typed something sensitive into a personal account at least once. Here's the one that should actually worry you if you're the one paying for the company AI tool. 22% of employees at companies that already pay for a sanctioned IT-approved AI tool still reach for their personal account anyway. Look, they're not doing it because they're reckless.
[00:02:49] They're doing it because the personal tool is faster, better, and nobody explained the rules. That gap between what your policy says and what your people actually do, that's not a communication problem. That's a governance problem. And the difference between those two worlds is the difference between an email, a memo, and a lawsuit.
[00:03:17] Let me tell you what this looks like when it ends badly. Samsung's semiconductor division lifts its internal ban on chat GPT. They had banned it when AI and chat GPT first became popular in 2023. Samsung had the policy that they explained to everybody that was banning all of AI. Then their semiconductor division lifts the internal ban on chat GPT.
[00:03:46] Within 20 days, less than a month, engineers uploaded confidential information on three separate occasions. Actual source code pasted in to check for errors. Then more code uploaded for optimization.
[00:04:07] A confidential internal meeting recorded, converted to text, and handed to the AI to summarize. None of those engineers were malicious. They didn't intend to harm their employer. They were just trying to do their job faster. I mean, isn't that the whole freaking point of AI?
[00:04:30] And every word of it now becomes training data for a model they don't own, can never get back, and can't control. Samsung banned every generative AI tool on every company device after that. They opened up disciplinary investigations. Anyone caught violating it now faces being fired. The data that had already been submitted is gone.
[00:04:58] So, in another case, a sales specialist uses an AI meeting tool called Otter, Otter AI. It pops up and records meetings. It transcribes any Teams or Zoom call that you jump on. It also can transcribe confidential company calls, which includes company lists, discussions on pricing, proprietary manufacturing processes, and that's what happened here.
[00:05:25] All of it captured before he left the company. And he kept access to Otter after he left. The company found out four days after they fired him. How? His bot tried to auto-join a company sales call after they had fired him, under his name. So, they sue for trade secret theft. And the case settles. Nobody installed a key logger. Nobody hacked in.
[00:05:55] Nobody got ransomware. Nobody hacked a firewall. He just used a tool that saved everything. And the company never had a policy or actual practices in reality, governance, that said he couldn't. Here's the third case. And this one's a little different. This one's a CEO.
[00:06:16] Crafton, a South Korean gaming company that built the popular game PUBG, buys a studio called Unknown Worlds back in 2021 for $500 million. The deal has an earn out. $250 million more tied to how well their next game performs. The game starts hitting the targets. The CEO decides he doesn't want to pay the rest of the money.
[00:06:43] His own head of corporate development tells him directly that firing the founders for cause won't hold up. It'll get them sued. So, the CEO skips his own legal team and ignores the legal advice. Where does he go? He goes to ChatGPT. He asks AI how to avoid paying out the extra hundred millions of dollars.
[00:07:11] The AI tells him it'll be difficult to cancel the deal. Well, he doesn't want to accept that answer. So, he keeps going. He works out what the court later calls Project X. A plan to fire the founders and block the game from ever shipping on the platform stream. Crafton executes the plan. The founders turn around and sue. In discovery, right?
[00:07:40] Written interrogatories, depositions, subpoenas, where they get all the bulks of all the information. His ChatGPT conversations get pulled as evidence. He had deleted them. But they surfaced anyway. On March 6, 2026, Vice Chancellor Lori Will rules that Crafton breached the deal. And orders that the founders get reinstated.
[00:08:08] And finds, on the record, that the CEO had consulted an artificial intelligence chatbot to contrive a corporate takeover strategy. Deleted chats used as evidence against the person who typed them. Here's the thing most AI security conversations skip over completely. It's not just what your employees paste into AI tools. It's what they connect.
[00:08:37] A connector links an AI account to another service. Think Gmail, Drive, Slack, Outlook, things like that. Once it's connected, the AI can read and act on everything inside that service. Connect your Work, Outlook, or Gmail to a personal AI account.
[00:09:01] And you've just piped your company's entire inbox into a tool your company has no contract with. No legal agreement with. And no visibility into whatsoever. In 2025, security researchers proved twice that a connected AI account can be hijacked by the content that it reads. It's prompt injection. And they call that connection and that risk the lethal trifecta.
[00:09:31] It's got access to private data. Exposure to outside content that you don't control. And the ability to send information back out. All three conditions exist in a connected personal AI account. Right now, possibly on your phone. Criminal doesn't need to breach your company's network anymore. They need one employee with a connected personal account.
[00:09:58] And one email with a hidden instruction buried in the text. The AI will read the email. Remember, AI itself is an evil. It's obedient. It will do what you tell it to do. It will also do what you fail to tell it not to do. So AI will read that email and follow the instruction because it's obedient. It'll send the data out that the threat actor wants sent.
[00:10:29] And the employee will never know. So what do most companies sit around and do about this? Some just ban it. They just say no. Right? Think of Samsung, JP Morgan, Apple, Amazon, Verizon, Deutsche Bank. Samsung banned it. JP Morgan restricted it. Apple, Amazon, Verizon, and Deutsche Bank all put rules in place in 2023 and back in 2024.
[00:10:56] And every single one of those companies, employees kept using it anyway. Just on their phones. On their personal devices. Just somewhere the IT leadership and security team can't see. Bans don't work. Bans don't solve the problem. They just push it underground. The actual fix isn't complicated. It has three parts.
[00:11:21] One, give people a sanctioned tool that actually is good enough that they want to use it. If the company hands someone co-pilot and they've already been using Claude, there's going to be a battle you're going to lose every time. Two, have a policy written in plain language with real examples of what's allowed and what isn't and communicate that policy to everyone with teeth. Meaning there's consequences if you don't follow the policy.
[00:11:51] And three, train them. Not a PDF that nobody reads. Not a checkbox in some onboarding module. Actual training. Actual training. Where people walk out knowing exactly what to do, what not to do, and why. That's it. A sanctioned tool. A followable policy. And real training. Before you paste anything into an AI tool. Personal or company issued.
[00:12:18] There's one question that cuts through all of it. Would I be fine if this exact text showed up in a company-wide email with my name on it? If the answer is yes, proceed. If it's no, then anonymize it first. Strip the names. Strip the dollar amounts. Strip anything that identifies your company. The AI doesn't need the real names to do its work.
[00:12:47] It needs the shape of the problem. For example, draft a renewal email to Sarah Chen at Medtronic for their $2.3 million contract. Or, anonymized version, draft a renewal email to a client whose contract expires next month. The AI will do the same thing. You just insert the actual names. The same email comes out on the other side.
[00:13:13] Only one of those is actually yours to give away. And only one of those will keep you from getting fired. IBM's cost of a data breach report this year found something specific. Companies with significant, uncontrolled AI use paid substantially more per data breach than companies with a governed AI environment.
[00:13:41] The average cost of a U.S. data breach last year was over $9 million. It's slightly less for small to mid-sized businesses, but it's still higher than it's ever been in history. For context, an AI governance training program for a small to mid-sized company doesn't cost $9 million. Doesn't even cost one. Proactive investment is never the expensive option.
[00:14:09] It just feels that way right up until the alternative shows up in your inbox as a lawyer's discovery request. The companies that avoid this aren't the ones with the most strict ban list, right? They don't overreact. They're the ones who take governance seriously before an incident forces their hand. They build a real policy. They give people a real tool. And they train their teams on how to use it.
[00:14:38] The ones who waited are the ones reading about Samsung on a Tuesday morning, wondering if their own people did the same thing last week. Individual rules protect one person. Governance protects everyone. If you want the single-page version of everything we just covered, the do's, the don'ts, the checklist, so your team can actually use it, just reach out to us at cybercrimejunkies.com. We have it listed under the resources.
[00:15:06] Or comment guide below. If you comment guide and connect with me, I will shoot it over to you. No form, no sales funnel. I'll just send you the guide. This has been Cybercrime Junkies. Try and be a moving target.
[00:15:45] Hey everyone, David Mauro, creator and host of Cybercrime Junkies and author of the new nonfiction moving target book series. If you're a leader in an organization, curious how to roll out AI safely, or if you have questions on your incident response plan, how to run tabletop exercises, or looking for 24-7 eyes on glass to protect you and keep you growing without interruption,
[00:16:11] then I invite you to sit down with me and my team at NetGain Technologies. We've been around since 1984 before cybersecurity even existed. A simple conversation, absolutely no pressure and no salesy fluff, and you will walk away with a great roadmap no matter what. So if improving your IT, bolstering your security, or rolling out AI interests you, contact me directly today at dmorrow at netgainit.com.
[00:16:39] That's d-m-a-u-r-o at netgainit.com. Find out more on our website at netgainit. That's netgainit.