Employees at Ohio businesses — from Toledo manufacturers to Findlay office parks to Bowling Green school districts — use AI tools every day, often with no guidance, policy, or oversight. It happens in accounting, HR, marketing, and the executive suite. Usually nobody in leadership knows. There is no bad intent. People are just trying to work faster, and AI makes that easy. The question is what they are putting into those tools.
ChatGPT, Microsoft Copilot, Google Gemini, Claude, and dozens of other platforms get used to draft emails with client data, analyze spreadsheets with sensitive revenue figures, summarize HR documents full of employee details, and write proposals loaded with proprietary information. Often whole documents get pasted in, without much thought about where that data goes or who can reach it.
That data does not simply disappear. Depending on the tool and its settings, it can be used to train future models, stored on third-party servers, or accessed by the provider and its subprocessors. Most employees do not think about this. Most organizations have no policy that addresses it. And most IT teams have no clear view of which AI tools are even in use.
This is not hypothetical. In 2023, engineers at a major manufacturer leaked proprietary source code by pasting it into a public AI tool — an incident that made headlines and led the company to ban the tool outright. The same dynamic is playing out at Ohio businesses right now, on a smaller scale and with far less visibility. Any modern security program should include clear guidance on acceptable technology use, AI tools included. Skipping that leaves a real gap.