Last month, a popular AI chat application exposed over 300 million messages tied to roughly 25 million users. What stands out is not just the scale of the leak but the nature of the data itself, which included full conversations, timestamps, model selections, and in many cases deeply personal or sensitive content that users clearly assumed would remain private.

The root cause was not a sophisticated attack or some novel vulnerability, but a misconfigured database. That is both unsurprising and deeply concerning because it highlights how fragile the current AI application stack really is.

This is not a future problem that might emerge as adoption grows. It is a present reality that is already playing out across the industry.

read more

Enterprise security teams have spent more than a decade refining data loss prevention. We built policies around file movement. We tuned alerts around email exfiltration. We monitored endpoints, USB devices, cloud storage, and outbound gateways. The assumption was consistent. Sensitive data moves in recognizable ways, through defined channels, and can be inspected before it leaves the organization.

Large language models break that assumption.

The conversation around enterprise AI risk tends to focus on outputs. Hallucinations. Bias. Toxicity. Model safety. These are real issues, especially in customer facing systems. But inside the enterprise, the more immediate risk sits on the input side. What employees are feeding into these systems matters far more than what the model generates in return.

read more