Samsung Source Code Leaked Into ChatGPT
By Satwik ยท April 18, 2026
In early 2023, Korean outlet Economist reported that engineers at Samsung's semiconductor division pasted confidential material into ChatGPT on at least three separate occasions within weeks of the company permitting its use. Reported incidents included submitting proprietary source code to debug it, sharing code related to equipment for identifying defects, and pasting the contents of an internal meeting to generate minutes.
The problem is structural. When an employee submits text to a third-party assistant, that text leaves the corporate boundary and, depending on the provider's terms at the time, could be retained or used to improve models. There was no hack and no malicious actor, just well-meaning staff using a helpful tool with sensitive inputs. Samsung reportedly responded by restricting prompt sizes and, later, by moving to ban or heavily limit external generative AI tools while exploring internal alternatives.
Why it matters: this became the canonical example of "shadow AI," the unsanctioned use of public AI services with confidential data. The exposure is silent, leaves little audit trail, and scales with how useful the tool is.
The defensive lesson is that access policy and data governance must precede adoption, not trail it. Practical controls include clear acceptable-use rules, enterprise agreements that contractually forbid training on submitted data, data-loss-prevention tooling that inspects prompts, and, where confidentiality is paramount, self-hosted or private-endpoint models. Banning tools outright often just drives usage further underground, so sanctioned safe paths matter more than prohibitions.