I want you to think about something. You can run a VPN, use Signal, degoogle your phone, pay cash at the grocery store. You can do everything right. And then your employer’s HR outsourcing vendor quietly starts running your benefits data through a large language model to save time on quarterly reports. Your name, your dependents, your salary band, your health conditions, all processed by a system trained on the entire internet, hosted on servers you’ll never know about, governed by terms of service written to protect the company that built it. Not you.

This is not a hypothetical scenario. This is the new normal.

In 2023, Samsung engineers pasted proprietary semiconductor source code and full internal meeting transcripts into ChatGPT. Three separate incidents in less than three weeks. OpenAI’s own documentation at the time confirmed that user inputs could be reviewed by trainers and used to improve the model. Samsung’s big fix was limiting prompts to 1,024 bytes. That was the corporate response to feeding trade secrets into a public AI…. yeah.

In August 2025, the acting director of CISA, the agency responsible for protecting America’s critical infrastructure from cyber threats, uploaded documents marked “For Official Use Only” into public ChatGPT. The Department of Homeland Security opened an investigation. Let that settle for a moment…. the person running the country’s top cybersecurity agency couldn’t resist the convenience of a chatbot, so you think you can? And he had actually requested special permission to use it months before most DHS employees were even allowed access.

These are the incidents we know about because they got caught. Now think about the ones that didn’t.

Cyberhaven’s 2026 AI Adoption & Risk Report found that organizations in the top adoption tier use over 300 different GenAI tools. Three hundred!!

LayerX Security reported that 77% of employees have pasted corporate data into AI services, and 82% of those used personal accounts that bypass any enterprise control. IBM’s 2025 breach report put a number on the damage: organizations with high shadow AI usage pay an extra $670,000 per breach.

In Australia, a government contractor uploaded a spreadsheet with personal data from 3,000 flood victims into ChatGPT to speed up disaster recovery reviews. Names, addresses, health conditions, over 12k rows, sent to OpenAI’s servers without anyone’s consent.

But here’s the part that really gets me. All of those examples involve employees inside the organization. What about the vendors?

Your company probably did some form of due diligence when it hired that benefits consultant, that accounting firm, that legal services provider. Maybe you checked a SOC 2 report… yes, maybe… or maybe someone reviewed a privacy policy. That was two years ago. Since then, the vendor’s team discovered that if they paste your employee data into an AI tool, what used to take a week takes an afternoon. They didn’t update your contract. They didn’t send you a notification. They didn’t even think of it as a privacy event. To them, it was just a new way to get work done faster.

And this isn’t limited to small vendors cutting corners my dear reader... LinkedIn updated its terms in late 2024 to allow user data to be used for AI training, opting everyone in by default. Zoom tried the same thing in 2023 with a terms-of-service update that would have let them use customer content, including video calls, to train AI and ML models. They walked it back after a public backlash, but the fact that they tried tells you everything about how companies think about your data when AI is involved. Meta has been using public posts and photos to train its models, and the opt-out mechanism, where it even exists, is buried deep enough that most people will never find it.

Now connect the dots, it’s not a hard task. If the platforms themselves treat user data as training material by default, what makes you think your mid-sized payroll vendor is being more careful?

The European Data Protection Supervisor published the “Guidance for Risk Management of Artificial Intelligence Systems” in November 2025. It’s aimed at EU institutions, but the framework is universal. The document makes a point I’ve been making for years: when AI is introduced into an existing data processing operation, the risk assessment becomes outdated instantly. I need to quote that:

The guidance specifically warns about the risk of training data leakage, where a model’s outputs can inadvertently reveal data from its training set. It also flags the risk of violating data minimization, because AI models are hungry by design. They want more data, not less. And it emphasizes that procurement and third-party relationships are exactly where these risks tend to hide.

I co-founded Privacy Tools, a platform that helps companies manage third-party risks with structured assessments. But even without specialized tools, the first step is absurdly simple and almost nobody takes it. Ask your vendors: are you using AI to process our data? Which tools? Where are the servers? Is any of our data being used to train models? What happens to it after processing? If your vendor can’t answer those questions clearly, you have a problem. If they never expected you to ask, you have a bigger one.

The real issue here isn’t that AI exists. It’s that an entire layer of data processing was added to your supply chain without your knowledge or consent. You spent years locking down your own systems, and meanwhile, your data walked out the side door through a vendor’s Claude session. The surveillance infrastructure doesn’t need to spy on you directly anymore. It just needs to sit downstream from someone who has your data and wants to finish their report before lunch.

Welcome to third-party risk in the age of AI. Nobody told you because nobody thought they had to.