In March, a Delaware judge read into the record what the CEO of Krafton had typed into ChatGPT. It wasn’t a leak. It wasn’t a hack. It was evidence admitted in court. And it cost the company the case.

That’s the news your legal team hasn’t forwarded to you yet, and your operations team doesn’t even know it exists. What anyone at your company types into a consumer AI tool (ChatGPT, Claude, Gemini) is a discoverable business record. It isn’t private. It isn’t protected. And two courts just proved it in under two months.

The thesis of this post is short and uncomfortable: using AI was never the mistake. It was having no policy on which data goes into which tool, who sees it, and what should never leave a trail. That governance layer is the one almost nobody builds before deploying, and it’s the first piece of what we do in AI Maestro. The second piece is Tech Partner: a named person who answers for how all of this gets configured. The rest of this post is about why those two stopped being optional this spring.

Two rulings, one principle

I’ll start with the one an executive feels in the gut.

In Fortis Advisors, LLC v. Krafton, Inc., decided in the Delaware Court of Chancery on March 9, 2026, the setup is M&A textbook. Krafton, the South Korean game publisher, acquired the studio Unknown Worlds (the makers of Subnautica) in a $500 million deal with a $250 million earnout tied to revenue targets through December 2025.

Krafton’s problem was that the studio was going to hit those targets. Hitting them meant paying the $250 million. So the CEO of Krafton opened ChatGPT and asked how to avoid it.

The court inferred nothing. It quoted the conversations. The AI suggested strategies to block product launches and stall the studio before it reached its numbers, and the judge found the CEO “followed most of” the tool’s recommendations over the following month, including locking down distribution channels. Those chat logs were the proof that the breach was deliberate rather than a legitimate business judgment. Krafton lost: the court reinstated the studio’s CEO and extended the earnout window by more than eight months.

Read that again. The “it was a business decision” defense collapses when there’s a log of the executive asking an AI for the plan to breach. Intent stopped being something the other side has to reconstruct from circumstantial dots. It was written down, with a timestamp.

The second ruling is older and broader. In United States v. Heppner (Southern District of New York, February 2026), Judge Jed Rakoff resolved what he called a nationwide matter of first impression. A defendant had used Claude to research his legal exposure and fed in information that came from his own lawyer. The judge ruled those conversations are protected by neither attorney-client privilege nor the work product doctrine. For three reasons: the AI is not a lawyer and can’t form that relationship, the platform’s privacy policy already warns that it reuses and shares the data, and the defendant wasn’t writing there to obtain legal advice.

The Rakoff line worth keeping: AI’s novelty, he wrote, does not exempt its use from “longstanding legal principles.”

Translated to your operation: privilege doesn’t appear because you used an expensive tool. It appears because you talked to a lawyer. ChatGPT is not your lawyer, and a court has now said so in black and white.

The mistake was never AI. It was having no policy.

This is where most write-ups go wrong. The easy takeaway is “don’t use AI for sensitive matters” and call it a day. That advice is for individuals. For a company it’s useless, because your people already use it, whether you sanctioned it or not.

The number that matters here isn’t legal, it’s behavioral. Consumer ChatGPT and Claude accounts (the free one, the twenty-dollar one) train on your conversations unless you opt out by hand. Claude changed its policy in October 2025 and defaulted anyone who didn’t answer the prompt into five years of retention. And the proof that those logs exist and can be compelled is in yet another docket: a federal court affirmed an order for OpenAI to produce 20 million de-identified chat logs.

Put the three pieces together. Your people paste contracts, numbers, strategy, and personnel matters into a consumer account. That account stores all of it and trains on it. And a judge can order it handed over. That isn’t an AI risk. It’s the 78% of your employees using AI without permission turned into a discovery surface.

The way out isn’t a ban. It’s the account tier. The Enterprise, Team, and API versions of Claude and ChatGPT don’t train on your data by default and can run with zero data retention. The difference from a consumer account isn’t comfort or support: when a preservation order lands, the zero-retention customer has nothing to hand over, because nothing was stored. The same order that forces millions of consumer logs into discovery walks right past the place where there’s no log.

That distinction, which account tier each team uses for each type of data, is a governance decision almost nobody makes explicitly. It gets made by default, which is the worst way to make it.

Not every AI in your company should see everything

There’s one more layer, and Eric Siu named it well this week while describing how he builds his company’s “brain.” Among the things an internal AI system needs, he listed one almost nobody includes: workflow-level permissions. The marketing agent doesn’t need to see client financials. The content agent shouldn’t touch what’s internal-only. Some sources are live truth, some are historical context, and some should never be used in anything that faces outward.

Siu says it so the system doesn’t lie with confidence. I underline it for a different reason, the one that falls out of the two rulings above: every place a confidential piece of data enters an AI with no wall around it is a place that data can become evidence. A company brain with no permissions isn’t an advantage. It’s a legal liability with a nice interface.

The question almost no mid-sized B2B company asks before wiring its tools together isn’t “what can the AI do?” It’s “what should it never see, and who answers if it does?” The same six questions Siu proposes for auditing a workflow before automating it (which sources it uses, which one wins when they conflict, what context it always needs, what context it must never see) are, word for word, the questions of a serious discovery process. If you can’t answer them, you’re not ready to automate. You’ll just make the mess faster, and now discoverable too.

This isn’t theory for me. At IQ Source we run our own company brain, and we wrote a whole post about it. It holds the most sensitive things we have: client transcripts, pricing precedent, legal documents. Which is why the layer the “second brain” chorus skips, encryption at rest and access permissions, was the first one we built, not the last. A business brain in plaintext, or worse, in a consumer AI account, is that leak waiting to happen. We decided this before the Krafton ruling existed. Now there’s one that puts a price on it.

What IQ Source does about this

The two pieces this needs are the two we work on, and neither is “install the AI.”

AI Maestro is the discovery that comes first. Two months mapping the real processes of your operation, and inside that map sits a layer most people skip: where confidential data flows into AI tools, in which account tier, and with what permissions. We score each process with an AI Opportunity Score, and at the end there’s a Go/No-Go gate that decides, process by process, what gets deployed and under what rules. The process that pastes contracts or personnel data into a consumer account doesn’t clear the gate. Full stop.

We deploy on Claude in Team or Enterprise, not on consumer accounts, precisely because those tiers don’t train on your data and leave none of the trail that sank Krafton. We chose this before there was a Delaware ruling to justify it; now there are two.

Tech Partner is the role that answers for how all of that stays configured, and why, when someone asks. An AI policy isn’t a PDF you sign and file. It’s a decision a named person revisits when a model changes, when a privacy policy changes, or when a new tool slips in through the back door. That role isn’t covered by a committee or an Enterprise license. It’s covered by a person.

Before the week is out, ask your team one question. If a prosecutor or the other side of a lawsuit demanded tomorrow everything the company typed into AI over the last year, would you know what they’d find, and which account tier it was stored in? If the answer is “no idea,” your problem isn’t AI. It’s that you never decided the policy, and the silence is already a decision. You’re making it right now, every time someone opens a tab.

Map where your AI becomes legal risk