LUMP Depot
A coworker told me the other day that he had some personal AI tokens to use up and was thinking about trying RAG on a book he wants to self-publish. Cool idea. But he hesitated, because he was worried the model would steal from him.
Then he stopped and thought about it. He'd already given the whole manuscript to beta readers. Any one of them could just upload it to ChatGPT right now. Some of them probably would. "Beta read this for me and give him feedback."
He said it was humbling and depressing. I haven't stopped thinking about it since.
The old trust model
Before AI, sharing a draft with five trusted friends meant five people had it. The risk was manageable. Nobody was going to retype your manuscript. Nobody was going to photocopy 300 pages and hand them out. The friction of copying was your real protection, even if you never thought of it that way.
Same story in software. You'd share an API key with a colleague over Slack and it would scroll off the screen, which was sort of fine. Source code lived in private repos. Internal docs stayed internal because extracting and reusing them took more effort than it was worth.
Friction was the invisible security layer. We never gave it enough credit.
Every inbox is an upload button
Now everybody has a chat window that accepts paste. That's the whole problem in one sentence.
Your beta reader pastes a chapter into ChatGPT to help write feedback. Your coworker drops your internal architecture doc into Claude to summarize it for a presentation. Your contractor feeds your proprietary codebase into an AI editor to move faster. Nobody thinks they're leaking anything. They're just being productive.
But the data leaves your control the moment they hit enter. And it's not even malicious. That's what makes it so hard to fight. People are doing exactly what the tools are designed to do: process whatever you give them.
The professional version is worse
In the creative space, you lose a manuscript. That's bad enough. In the professional space, you lose trade secrets, customer data, architecture decisions, security configurations. The blast radius is bigger and nobody is tracking it.
Think about how many people have access to your private repos. Your Slack channels. Your internal wikis. Every one of those people has an AI assistant that they paste things into without a second thought. Your "need-to-know" list just became "need-to-know, plus whatever model they're subscribed to."
Companies are writing AI acceptable use policies. Policies don't patch human behavior. People paste first and think about policy never.
Every new hire is a potential leak
It used to be that when you hired someone, the trust question was simple: will this person sell our secrets to a competitor? That was a character judgment. Most people passed it easily because most people aren't corporate spies.
Now the question is different. It's not whether they'll intentionally leak your data. It's whether their personal AI workflow will do it for them. Does your new contractor paste code into a free-tier chatbot with no data retention guarantees? Does your new hire use a browser extension that sends page content to a third-party model? You don't know. You probably can't know.
You can put it in the employee handbook. You can make them sign something. But the person you just onboarded and gave access to your private repos has their own tools, their own subscriptions, their own habits. Your NDA covers what they do on purpose. It doesn't cover what their AI assistant ingests by default.
Hiring has always been a trust exercise. The difference now is that the person you trust comes with an entourage of models you never agreed to.
You can't uninvent the paste buffer
The unsatisfying answer is that there's no clean fix. You can't tell beta readers not to use AI. You can't monitor every employee's chat window. You can't put the toothpaste back in the tube.
What you can do: assume that anything you share with a human is one paste away from a model. Design your trust boundaries with that in mind. Share less. Compartmentalize more. Watermark when you can. And accept that the old model, where you could hand someone a document and trust it stayed between you, is over.
My coworker's moment hit hard because it was so mundane. He wasn't worried about a nation-state attacker or a sophisticated breach. He was worried about a friend being helpful.
That's the new threat model. Helpful people with paste buffers.