After Sam Altman’s recent comment that ChatGPT does not provide legal privilege or “legal confidentiality,” has anyone revisited ChatGPT usage guidelines or shifted from ChatGPT Free/Plus to Enterprise or API?

After Sam Altman's comments on legal privilege and confidentiality, many companies have indeed reviewed their policies on using AI tools like ChatGPT.

* Most organizations have either updated or are in the process of updating their acceptable use policies to specifically address generative AI. The key focus is on preventing employees from inputting any proprietary or sensitive company data into public AI models.

* The shift from public models to Enterprise or API-based versions is a significant trend. These paid versions often come with stronger security and confidentiality agreements, as they typically don't use a company's data for training.

* It's not enough to just have a policy. Clear communication and training are vital. Employees need to understand what constitutes confidential information and the risks of using public AI platforms for work. Some companies are even building their own internal, secure AI environments using API access to provide employees with the power of these tools without the risk.

ChatGPT cannot manage any confidentiality as again they cannot survive with out data, so they need to feed to others, so they should go for free someday.

That is an excellent and important question. As a security leader, I would highlight a few key points:

1. Legal privilege and confidentiality
Sam Altman’s comment is a reminder that ChatGPT, regardless of plan, is not a system of record for privileged communication. Unlike attorney–client privilege, nothing shared with the model gains legal protection. Organizations must make this distinction explicit in their acceptable use guidelines.

2. Differences across Free, Plus, Enterprise, and API
• Free/Plus: Consumer-grade, may use inputs for model improvement unless settings are adjusted. Not suitable for sensitive or regulated data.
• Enterprise: Provides stronger data handling guarantees. Inputs and outputs are not used to train models, enterprise-grade security controls are in place, and organizations gain admin visibility and governance features.
• API: Offers similar assurances to Enterprise, but with more developer control. Data submitted through the API is not used for training, which is crucial for teams embedding AI into workflows.

3. Practical guidance for enterprises
• Update internal AI usage policies to prohibit sharing regulated, customer, or legal data in Free/Plus accounts.
• Prefer Enterprise or API for any business-critical or sensitive use cases where data handling, compliance, and security posture can be validated.
• Train employees to treat ChatGPT the way they treat cloud storage or collaboration tools: safe when enterprise-approved, risky if they default to consumer versions without controls.

4. Broader governance
This is a great moment for tech and security leaders to revisit AI governance frameworks. Shadow AI risk (employees adopting Free/Plus without approval) can expose the organization to legal, compliance, and reputational harm. Offering a sanctioned, enterprise-ready alternative is the best way to both reduce risk and keep innovation flowing.

In short: organizations should not assume “legal confidentiality” in any ChatGPT tier. The right approach is to align usage with risk tolerance: Enterprise or API for sanctioned, governed use; strict policy and awareness for Free/Plus.