Is ChatGPT Secure? 10 Prompts You Don’t Want Your Employees Trying with ChatGPT

Generative AI is great until someone pastes confidential data into a public model.

ChatGPT is fast, capable, and everywhere. It has embedded itself into your workforce faster than any enterprise technology in recent memory, and employees are using it for everything: drafting emails, summarizing meetings, debugging code, writing performance reviews. 

The problem is exactly how casual all of that is. 

Sitting down to prompt ChatGPT takes about four seconds. Thinking through what it means for your data takes considerably longer. That’s time most employees simply don’t spend.

Unlike Microsoft Copilot, which operates inside your security perimeter, ChatGPT sits on the public internet. And according to Concentric AI’s own Data Risk Report, the exposure is already happening. In a 30-day sample of financial services organizations, an average of 73% of employees were actively using public AI applications, with usage spiking to 48% of all employees on peak days. Those employees averaged 6.5 prompts per day, climbing to 20 prompts per user on peak days. Financial data led the categories being shared (48.6%), followed by legal (13.1%), operations (10.7%), and HR (6.9%).

ChatGPT was the dominant tool, used by 97% of those organizations, dwarfing every other platform combined.

That’s the actual exposure surface. Your employees are handing sensitive data to a system outside your environment, one prompt at a time, often without realizing it’s a problem.

Below are 10 real-world prompts you don’t want your people using with ChatGPT and what’s at risk when they do. 

Then we’ll cover the retention policies employees assume protect them (but often don’t), the underlying risks driving these exposures, and how to get ahead of the problem.

10 Risky ChatGPT Prompts (And What They Could Expose)

Once a prompt has been entered, it’s out of your hands. And most employees have no idea what happens to it after that.

There’s a persistent belief in the workforce that ChatGPT is “safe enough,” that the data goes nowhere and the conversation disappears. That belief is the core of the problem. The examples below reflect behaviors observed across industries where convenience routinely outpaces caution.

1. “Can you summarize this meeting transcript?” (uploaded file)

Risk: That all-hands recording from last week almost certainly contains discussions you’d classify as sensitive — layoffs under consideration, acquisition language, compliance concerns that haven’t gone through legal yet. This is the most common and most overlooked exposure vector, because uploading a meeting transcript feels like a productivity move, not a security decision.

2. “Help me write a performance review for my direct report.”

Risk: Now ChatGPT has access to HR notes, individual performance metrics, and internal development concerns tied to real people. Managers seeking help with tone or phrasing tend to paste far more detail than necessary, like employee names, ratings, specific incidents. None of that belongs outside your HR system.

3. “Here’s our product roadmap doc. Give me a customer-friendly version.”

Risk: Strategic plans, launch timelines, and competitive IP get ingested by the model with no data retention guarantees attached to the free or Plus tiers. One copy-paste and your go-to-market strategy exists on infrastructure you have no control over.

4. “Can you debug this Python script?” (includes environment variables or API keys)

Risk: Engineers moving quickly often forget to scrub credentials before seeking help. AWS keys, internal API tokens, database connection strings are easy to miss and catastrophic to expose. A quick debugging request can turn into a credential incident before anyone realizes what was in the code.

5. “Compare pricing between our tiers and those of competitor X.”

Risk: Internal pricing models, discount structures, and bundling logic don’t belong in a public AI session. Prompts framed as competitive analysis or sales enablement work can quietly pull proprietary commercial strategy into a conversation with no enterprise controls.

6. “I’m working on a contract. What’s a better way to phrase this NDA language?”

Risk: Legal documents, especially drafts, carry serious exposure risk. Indemnification language, MSA terms, NDA clauses, even partial contracts can reveal sensitive business relationships and negotiation positions. Your employees think they’re just polishing language but lawyers would be horrified. 

7. “What’s the best approach for handling this customer escalation?” (pastes email thread)

Risk: This is a newer and increasingly common behavior: pasting full customer communication threads into ChatGPT for drafting help. Private client conversations, support history, contract details, and relationship context can all surface in a single thread.

8. “What’s the best way to de-identify this customer data set?”

Risk: The irony here is sharp. Employees trying to be responsible with sensitive data end up exposing it further by uploading it for “sanitization help.” Even partially anonymized data can contain residual PII  and sharing it with ChatGPT can trigger violations under GDPR, HIPAA, or DPDP before the de-identification even starts.

9. “Take this spreadsheet and find errors in the financial forecast.”

Risk: Forecasts, revenue targets, pipeline data, and budget allocations are now outside your control. Even stripped of obvious identifiers, these spreadsheets can contain investor-sensitive projections, burn rates, and deal-stage details that should stay in your finance system.

10. “This RFP looks too long. Can you distill it down to key asks?”

Risk: RFPs routinely contain confidential partner information, internal capability disclosures, and pricing thresholds your organization is willing to accept. A time-saving summary can inadvertently breach NDA obligations or damage future deal viability with a single paste.

What ChatGPT’s Retention Policies Actually Say (And What They Don’t Cover)

This is the section most organizations skip, and it’s the one that matters most for your security argument.

Employees tend to assume ChatGPT handles their data responsibly regardless of which plan they’re on. The reality is more complicated, and the distinction between consumer and enterprise tiers is where most organizations have a dangerous gap.

Consumer accounts (Free, Plus, Pro, Team): According to OpenAI’s own retention documentation, conversations are saved to the user’s account automatically and sit there indefinitely until deleted. Once deleted, data isn’t actually removed from OpenAI’s servers for another 30 days… and that’s under normal circumstances. 

ChatGPT also uses conversations to improve its models by default; users can turn this off in settings, but most never do. Standard consumer plans carry no Business Associate Agreement, which means using them with protected health information is a HIPAA violation. For GDPR, OpenAI offers a Data Processing Addendum only for Team, Enterprise, and API customers — consumer accounts are on their own.

Enterprise accounts: OpenAI’s enterprise privacy commitments confirm that the company does not use business customer content to train its models by default, and Enterprise workspace owners can set a custom data retention policy with a minimum retention period of 90 days. Deleted conversations are removed from OpenAI systems within 30 days unless legal obligations apply. These are meaningful protections — but they only apply to organizations that have actually purchased enterprise licenses and configured them correctly.

The litigation wrinkle: In May 2025, a federal judge ordered OpenAI to preserve every ChatGPT conversation — including ones users had deleted — indefinitely, pending litigation brought by The New York Times and other publishers. Most users had no idea this happened. The preservation order was lifted in late September 2025, and OpenAI resumed standard deletion practices — but conversations from the April–September 2025 window remain in secure storage pending the outcome of ongoing litigation.

Ultimately, the plan your employees are using determines what actually happens to your data. 

Four Security Risks Behind Those Prompts

ChatGPT doesn’t breach your network. Your employees hand it the data directly. These are the conditions that make that possible:

1. Unlabeled data has no friction

If sensitive files aren’t classified and labeled internally, employees have no signal that a document requires protection before it gets pasted into a prompt. Remember that data security starts with knowing what sensitive data you have.

2. No access controls, no audit trail

Consumer ChatGPT has no native access management tied to your organization. There’s no mechanism to restrict what employees upload, no log of what got shared, and no alert when something sensitive leaves the building. IBM’s 2025 Cost of a Data Breach Report found that one in five companies has suffered a breach tied to shadow AI, with 97% lacking proper AI access controls.

3. ChatGPT has no business context

The model can’t distinguish between a public press release and a confidential internal draft. It has no awareness of your compliance requirements, your industry regulations, or your data classification policies. It processes what it receives and produces output with no judgment applied to the sensitivity of what it was given.

4. The output problem

Even a prompt that seems harmless can produce output that isn’t. AI-generated summaries, rewrites, and analyses can carry sensitive context forward into decks, emails, or client-facing materials. The data doesn’t stop moving when the chat window closes.

The ChatGPT-Readiness Checklist

Here’s what organizations should consider before giving generative AI tools like ChatGPT the green light.

✅ Have you educated employees on what not to share?

Assume they’re using ChatGPT. Training is your first line of defense.

✅ Do you have visibility into AI tool usage across the organization?

Shadow AI is the new shadow IT, and it’s even harder to track.

✅ Is sensitive data consistently classified?

If your data isn’t labeled correctly, employees won’t know what they shouldn’t share.

✅ Do you apply DLP or CASB policies to browser-based tools?

You need controls at the edge, not just in your email or cloud apps.

✅ Are you monitoring downstream use of AI-generated content?

That summary pasted into a customer-facing deck might contain more than you think.

✅ Do you offer safer, approved alternatives for common ChatGPT use cases?

If employees need help drafting, summarizing, or rewriting, give them secure tools (where available) that don’t compromise data.

Are You Ready for GenAI?

ChatGPT isn’t the enemy. Neither are your employees. But ungoverned use of any GenAI is the enemy hiding in plain sight.

Make sure your security strategy includes protections for AI-generated risk, because your users aren’t going to stop pasting and prompting. The question is whether you’re ready for what happens next.

Want to See ChatGPT Security in Action?

Concentric AI makes it easy to get ChatGPT-ready.

✅ Discover your data

✅ Monitor your data for risks

✅ Classify your data

✅  Fix permissions

✅  Block or mask sensitive data from being shared with ChatGPT

✅  Protect ChatGPT’s outputs

Book a demo and we’ll show you how to keep ChatGPT from becoming your biggest security liability.

What you should do next...