The increasing availability of AI and large language model services, such as ChatGPT and the upcoming Microsoft Copilot, offer businesses and their employees an opportunity to streamline — if not automate — workflow.

Opportunities for increased productivity abound, with some reports that AI could automate 40% of the average workday. Stories are circulating on how people are using AI to perform data analysis, to aid in scheduling and time management, to help code, and to summarize and produce digests of lengthy meetings.

As promising as AI might be, companies need to be mindful of what their employees are using AI for and what information their employees are sending outside the company.

This was well demonstrated by reports earlier this year that Samsung employees, in an attempt to streamline their tasks, submitted confidential data to ChatGPT, including source code from a faulty semiconductor database, to fix issues with that code. Another Samsung employee asked ChatGPT to summarize meeting minutes.

The internet adage of "if you're not paying for the product, then you're the product" holds true for many AI services. Many AI services use, learn from, and retain information submitted by their users to improve their AI models. This includes confidential and proprietary information if such information is submitted.

The time is now for companies to implement clear corporate policies and procedures on permissible uses of AI — and to identify permissible AI services based on a review of the services' privacy policies — for their employees and contractors. Such policies are necessary to ensure company information is protected and kept confidential, and to make sure employees using AI understand its limitations, in particular, AI's propensity for accurate sounding but inaccurate answers, i.e., "truthiness."