90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-028
Technology · South Korea · 2023 · Data exposure & egress

Samsung engineers pasted confidential source code into ChatGPT three times in twenty days, and the company could not get it back

By Ellie Harris · Filed March 2023

Alleged: Samsung Electronics developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Samsung engineers pasted confidential source code into ChatGPT three times in twenty days, and the company could not get it back

What happened

In March 2023, Samsung’s semiconductor division allowed engineers to use ChatGPT to help with their work. Within about twenty days, sensitive company data left the building three separate times, each through an ordinary, well-intentioned request.

In one case, an engineer pasted source code from an internal semiconductor database into ChatGPT to ask for help fixing an error. In another, an employee submitted code related to equipment used on the production line. In a third, someone fed in a recording of a confidential internal meeting, converted to text, and asked the chatbot to turn it into minutes. None of these were malicious. They were the kind of small efficiency that an AI assistant invites. But each one sent proprietary information to a third party’s servers, where, by Samsung’s own concern, it could be retained and might surface in future answers to other users.

The problem with submitting data to a service like this is that you cannot un-submit it. There is no recall. By May 2023, Samsung had banned the use of external generative AI tools on company-owned devices and internal networks, and warned that staff who breached the policy could be dismissed. The leaked material stayed where it had gone.

What an auditable version would have shown

After an incident like this, leadership needs to answer a specific question: what, exactly, left, and how much of it. Samsung knew of three incidents because they came to light internally. What it could not easily know was whether those three were the only three, because nothing was systematically recording what staff were sending out and where.

An auditable version would record, at the point data leaves the organisation, what category of information it was, where it was going, and on whose action. The aim is not to read over everyone’s shoulder, but to make the boundary itself legible: to be able to say, with evidence, how many times sensitive code or confidential documents were sent to an external model, and to catch the pattern as it happens rather than after the third time it makes the news.

Where the gap was

The gap was that confidential information could leave the trust boundary with nothing standing in its way and nothing keeping a record that it had.

An EgressGate is the control for precisely this: it runs where data would leave, classifies whether the content is sensitive, and checks whether the destination is inside the trust boundary. Source code from an internal database, bound for a public chatbot, is sensitive data crossing the boundary, and the gate’s job is to stop it, or at least to record and flag it. A ConductRecord then preserves each of those decisions, so the organisation can measure the exposure instead of discovering it.

Samsung had a policy written in words, arrived at after the fact. What it lacked beforehand was a control at the boundary and a record of what crossed it.

What governance should have looked like

The lesson of Samsung is not “ban the tools”. Banning generative AI outright is a blunt response that mostly drives the same behaviour onto personal phones, where there is even less oversight. The better answer is to govern the boundary.

Sensitive categories of data, source code, customer records, confidential documents, should be recognised at the point they would leave, and either blocked from going to external models or allowed only through sanctioned, recorded channels. The crossings that do happen should be logged, so the organisation can see its own exposure and act on it early. A company that governs egress this way can let its engineers use AI assistants safely and still answer, with evidence, what has left and what has not. A company that relies on a policy memo finds out the limits of memos the next time someone pastes in the wrong thing.

The reference implementation of EgressGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Samsung Electronics could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →