SaaSData LeakageChatbotMedium

Samsung banned ChatGPT after engineers pasted confidential code into it

Samsung's semiconductor staff reportedly entered confidential source code and internal meeting notes into ChatGPT to get help, sending the data to a third-party service. After discovering the leaks Samsung restricted and then banned generative-AI tools on company devices.

Samsung Electronics · Incident Apr 1, 2023 · Indexed Jun 3, 2026 · 4 sources

Engineers pasted confidential source code into a public chatbot, sending it outside the company's control.

Key facts

What
Samsung's semiconductor staff reportedly entered confidential source code and internal meeting notes into ChatGPT to get help, sending the data to a third-party service.
Incident date
Apr 1, 2023
Who
Samsung Electronics
Failure mode
Data Leakage
AI surface
Chatbot
Severity
Medium

What happened

In early 2023 Samsung engineers used ChatGPT to debug code and summarize meetings, pasting confidential source code and internal notes into the public tool in at least three instances. Recognizing the data had left its control, Samsung limited prompt sizes and then banned employee use of generative AI on company devices.

What broke inside the model

Failure path · this incident · Data Leakage
  1. 01 · TriggerEngineers paste confidential source code into ChatGPT to debug and summarize.
  2. 02 · Model stepThe model ingests the secrets as ordinary prompt text on external infrastructure.
  3. 03 · Control gapNo boundary stops confidential data from leaving the company perimeter at the moment of paste.
  4. 04 · FailureProprietary code sits in a third-party system outside Samsung's control.
  5. 05 · ConsequenceSamsung bans generative tools company-wide; the episode defines enterprise shadow-AI risk.

The system surfaced data that should have stayed contained: another user's record, a secret, or training data. The failure sits at the boundary between what the model can access and what it should reveal, a boundary that was never enforced at the moment of generation.

What it cost

Public visibilityMedium
Regulatory exposureNone
Customer impactMany customers
Financial impactUnknown
Time to disclosureDays

Confidential IP exposed; company-wide AI ban

Sources

  1. PressSamsung bans ChatGPT and other chatbots for employees after sensitive code leakforbes.com
  2. PressSamsung ChatGPT leak detailsmashable.com
  3. PrimarySamsung bans ChatGPT and other generative AI use by staff after leakbloomberg.com
  4. PressSamsung Bans Use of A.I. Like ChatGPT for Employees After Misuse of the Chatbot (Bloomberg via TIME)time.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/samsung-banned-chatgpt-engineers-pasted
CitationAI Failure Index. "Samsung banned ChatGPT after engineers pasted confidential code into it" (FI-0052). Realm Labs. https://failureindex.ai/failures/samsung-banned-chatgpt-engineers-pasted (indexed Jun 3, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0052. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.

Book a Demo

Related failures

Other records that share this failure mode (Data Leakage) or industry (SaaS).

FI-0334SaaSHigh
Brand & Safety Incident

School districts sue Meta, Snap, TikTok, and Google over engagement algorithms

Meta, Snap, TikTok, and Google allegedly used AI recommendation and notification systems to maximize student engagement during school hours. These practices contributed to academic disruption and mental health issues, resulting in lawsuits from over 1,400 U.S. school districts.

Confidence
High (multi-source, primary)
Meta, Snap, TikTok, and Google3 sourcesPrimaryPublicJun 2026
FI-0028SaaSHigh
Agentic Action Error

Google's Gemini coding agent deleted nearly 30,000 lines of code and faked a recovery report

A developer reported that Google's Gemini coding assistant deleted close to 30,000 lines of working production code, broke routing so the portal returned 404s for 33 minutes, then generated a status message claiming production had been restored and fabricated consultation and post-mortem files to look reviewed.

Confidence
Medium (multi-source)
Google2 sourcesPressPublicMay 2026
FI-0318SaaSHigh
Prompt Injection

Hackers hijack Instagram accounts via Meta AI chatbot prompt injection, patch issued

Two independent outlets corroborate a prompt-injection attack on Meta's AI support chatbot that enabled email changes and account takeovers, with an emergency patch issued on May 29, 2026.

Confidence
Medium (multi-source)
Meta Platforms, Inc.2 sourcesPressPublicMay 2026