Table of Contents >> Show >> Hide
- What an NDA still does well
- Why NDAs are weaker on their own in the generative AI era
- What generative AI specifically does to data risk
- So, can NDAs protect your data?
- What a modern NDA should include when AI is in the picture
- What companies should do beyond the NDA
- Specific examples that show the limits of NDAs
- The smartest legal position: NDA plus proof of reasonable protection
- Conclusion
- Experiences from the field: what this looks like in real life
If “Gen” means generative AI, then welcome to one of the most modern legal questions in business: can an old-school non-disclosure agreement still protect your data when employees can paste a secret into a chatbot faster than they can microwave lunch?
The honest answer is yesbut only partly.
Non-disclosure agreements, or NDAs, still matter. They define confidential information, create contractual duties, set rules for use and disclosure, and give businesses something to enforce when trust goes on vacation. But in the age of generative AI, an NDA is no longer a force field. It is a layer. A useful one. A necessary one. Just not the cape, shield, helmet, and emergency exit all by itself.
That is because modern data risk no longer comes only from a rogue employee emailing a spreadsheet to a competitor. It also comes from prompt-based tools, AI copilots, retrieval systems, model training terms, shadow AI, plugin ecosystems, and prompt injection attacks that can pull confidential information into places it never should have gone. In plain English: your secrets can now leak through convenience.
This is where many companies get tripped up. They assume an NDA solves the problem because it solved an earlier version of the problem. But generative AI changes the shape of the risk. The leak may not be malicious. The “recipient” may be a vendor platform. The exposure may happen through model logs, fine-tuning, retrieval, or a badly governed internal AI app. And if the company did not use reasonable steps to maintain secrecy, that creates a bigger problem than embarrassment. It can weaken trade secret protection too.
What an NDA still does well
Let’s give the NDA some credit before we send it into therapy.
A well-drafted NDA still performs several important jobs. It identifies what counts as confidential information. It limits how the receiving party can use that information. It restricts onward disclosure. It often requires return or destruction of materials. It can include injunctive relief language, audit rights, security obligations, and survival periods. In business deals, employment relationships, vendor contracts, and M&A diligence, that is real value.
In fact, if you care about trade secrets, confidentiality agreements still matter a lot. Trade secret law generally rewards companies that take reasonable steps to protect secrecy. An NDA is strong evidence that the company treated the information as valuable and confidential. Without one, a business may look like it guarded its crown jewels with the intensity of a beach towel.
So yes, NDAs still belong in the toolkit. They help establish expectations, create legal remedies, and support a broader claim that the business did not casually toss sensitive data into the wind.
Why NDAs are weaker on their own in the generative AI era
1. Generative AI changes how disclosure happens
The classic NDA scenario is fairly simple: one human gives confidential information to another human or company. Generative AI makes that picture messier. An employee might paste source code, product plans, customer lists, pricing assumptions, legal drafts, or internal strategy into an AI tool without fully understanding where that data goes next. Was it stored? Logged? Used for service improvement? Reviewed by humans? Sent to subprocessors? Retained for abuse monitoring? Used to train or improve a model?
Those questions are not academic. They are the difference between “we used a secure enterprise workflow” and “we accidentally donated part of the business playbook to the machine.”
2. A contract cannot stop technical exploits
An NDA can tell people not to disclose information. It cannot, by itself, stop prompt injection, data exfiltration, insecure integrations, overbroad permissions, or weak identity controls. If your internal AI assistant can access sensitive files and someone tricks it through poisoned content or a malicious prompt chain, your NDA will be a useful exhibit after the damage. It will not be a useful firewall before the damage.
That is the central mismatch. AI risk is partly legal, but it is also architectural.
3. Not every disclosure is a “breach” in the traditional sense
Suppose your employee uses a public AI tool to summarize a confidential customer complaint. They do not intend to leak anything. They think they are being efficient. No hacker, no spy, no trench coat, no dramatic violin music. Yet sensitive information may still leave the organization in a way the company did not authorize.
That kind of risk often sits in the gray area between bad judgment, bad policy, and bad tooling. NDAs help define prohibited behavior, but they do not substitute for training, access limits, or approved enterprise tools.
4. Overreaching NDA language can backfire
Here is an underappreciated twist: aggressive NDA language can create its own legal headache. In the United States, an NDA cannot lawfully block protected whistleblowing. If confidentiality language chills reporting to regulators, the company may be the one in trouble. That means the “strongest possible NDA” is not always the smartest NDA. Drafting with a flamethrower is rarely a compliance strategy.
What generative AI specifically does to data risk
Generative AI introduces several pressure points that make confidentiality harder to manage.
- Prompt risk: Users may paste in confidential information because the tool is fast, helpful, and deceptively casual.
- Training and improvement risk: Depending on the service tier and contract, inputs may be used to improve services or models unless restricted.
- Output risk: A system can produce sensitive details back to the wrong person if permissions and grounding are poorly designed.
- Retention risk: Prompts, outputs, logs, and telemetry may be stored longer than business users assume.
- Integration risk: AI assistants connected to email, file drives, chat, code repositories, and CRM systems expand the blast radius.
- Prompt injection risk: Attackers may manipulate AI-enabled systems through malicious content, causing the system to reveal data or take unsafe actions.
That is why the modern question is not just, “Do we have an NDA?” It is, “What happens to confidential data at every point where AI touches it?”
So, can NDAs protect your data?
Yes, but only if you treat them as one control in a stacked defense.
The best way to think about an NDA in the age of Gen AI is this: it is the legal wrapper around confidentiality, not the complete security system. It helps protect trade secrets, preserve claims, discipline misuse, shape vendor behavior, and set expectations with employees and partners. But it cannot do the work of data governance, identity management, secure AI architecture, vendor diligence, or employee training.
In other words, an NDA is excellent at saying, “You must not do this.” It is much less effective at preventing someone from doing it through a shiny new interface with a magical text box and a productivity promise.
What a modern NDA should include when AI is in the picture
If your NDA template still reads like it was drafted when fax machines were cutting-edge, it is time for a refresh.
Define AI-related prohibited uses
Spell out whether confidential information may be entered into generative AI systems at all, and if so, under what circumstances. Distinguish between public tools, consumer tools, approved enterprise tools, and internal systems.
Address model training and service improvement
Require clear restrictions on using your data, prompts, outputs, or metadata to train, fine-tune, benchmark, or improve models unless you expressly authorize it.
Cover subprocessors and onward transfers
Your data should not travel like a backpack on a gap year. Limit subcontractor use, require equivalent confidentiality obligations, and demand visibility into where data goes.
Set security and retention obligations
Include requirements for access controls, encryption, logging, deletion timelines, incident notification, and secure disposal. Confidentiality without operational detail is a wish.
Preserve whistleblower carve-outs and legal exceptions
Make sure the agreement protects lawful reporting rights. This reduces the risk that the NDA becomes a compliance boomerang.
Clarify ownership and output handling
State who owns inputs, outputs, derived materials, and feedback. AI blurs lines fast, and ambiguity is a generous gift to future litigation.
What companies should do beyond the NDA
This is where real protection lives.
Build an AI use policy that employees can actually understand
Do not bury the rules in a 47-page compliance manual that reads like it was written by a cautious committee trapped in a windowless room. Write a short, practical policy that answers the real questions employees have:
- What tools are approved?
- What data is never allowed in prompts?
- Can employees use AI for customer work, code, legal drafts, HR documents, or pricing analysis?
- Who reviews new tools?
- What happens if someone makes a mistake?
Classify data before AI touches it
Most businesses do not have an NDA problem. They have a “nobody labeled the data correctly” problem. If employees cannot tell what is confidential, regulated, or highly sensitive, they will guess. And in business, guessing is often just a slower form of leaking.
Use enterprise AI tools with contract controls
Approved enterprise services may offer stronger contractual protections, access controls, data segregation, and training restrictions than consumer-grade tools. That does not mean “trust blindly.” It means review terms carefully, negotiate when necessary, and understand exactly what the provider does with prompts, outputs, logs, and retained content.
Apply least-privilege access
An AI assistant should not be able to rummage through everything just because it can write nice emails. Limit system access based on role, need, and sensitivity. If your AI has universal access, congratulations: you have invented a very polite internal risk multiplier.
Deploy technical controls
Use data loss prevention, redaction, logging, approval workflows, secure connectors, and monitoring. For high-risk uses, consider pre-prompt filtering, human review, sandboxing, and segmented retrieval sources.
Train people with examples, not slogans
Employees remember stories. Show them what not to paste. Show them how a prompt can expose customer data. Show them how “just summarize this contract” can become “why is our confidential pricing model in a third-party system?” Make AI training practical, recurring, and role-based.
Specific examples that show the limits of NDAs
The business world has already seen why this matters. Samsung temporarily restricted employee use of generative AI tools after sensitive code was uploaded by an employee. That incident became one of the earliest mainstream reminders that confidential data can leak through AI adoption long before the legal department finishes polishing its talking points.
There is also a regulatory lesson. U.S. regulators have repeatedly signaled that confidentiality agreements cannot be used to impede protected whistleblowing. That matters because some companies respond to AI anxiety by tightening confidentiality language everywhere. But an NDA that overreaches can invite its own enforcement problems. Put differently, your confidentiality strategy should not become the plot twist in someone else’s press release.
And for companies relying on trade secret law, courts and practitioners keep returning to the same principle: secrecy is protected when businesses act like it is precious. That means contracts, yesbut also controlled access, careful handling, governance, and evidence of real safeguards.
The smartest legal position: NDA plus proof of reasonable protection
If a dispute happens, the strongest story a company can tell is not “we had everyone sign an NDA.” The strongest story is:
- We defined confidential information clearly.
- We limited where it could be used.
- We prohibited unsafe AI inputs unless expressly approved.
- We negotiated vendor restrictions on training and retention.
- We classified sensitive data.
- We used access controls and monitoring.
- We trained our workforce.
- We responded fast when issues appeared.
That is what “reasonable measures” looks like in the age of Gen AI. Not paranoia. Not panic. Just grown-up governance with fewer illusions.
Conclusion
Non-disclosure agreements can still protect your data in the age of Gen AI, but only as part of a broader protection strategy. They remain essential for defining confidentiality, supporting trade secret status, allocating vendor risk, and giving businesses legal leverage when misuse happens. What they cannot do is solve the new mechanics of AI exposure on their own.
Generative AI has turned confidentiality from a purely legal issue into a legal, technical, operational, and human one. A modern organization needs NDAs, but it also needs AI-specific policies, vendor controls, data classification, secure architecture, and employee training that keeps pace with how people actually work. Otherwise, the NDA becomes a beautifully drafted umbrella in a hurricane of prompts.
The companies that will handle this well are not the ones that ban every tool forever or blindly trust every shiny assistant. They are the ones that understand a simple truth: in the age of Gen AI, confidentiality is not protected by paperwork alone. It is protected by paperwork plus process plus technology plus discipline. That is less catchy than “just sign this,” but it is much more likely to keep your data where it belongs.
Experiences from the field: what this looks like in real life
Across legal, HR, security, and procurement teams, the same experience keeps surfacing. At first, the conversation starts with the NDA. Someone asks whether the company is covered because employees, vendors, and contractors already signed confidentiality agreements. On paper, that feels reassuring. Then the team takes a closer look at actual AI use, and the mood changes from “we’re protected” to “wait, people are doing what with prompts?” That moment is becoming a familiar rite of passage for modern businesses.
One common pattern is the accidental overshare. A marketing employee drops campaign strategy into a chatbot to tighten copy. A developer pastes proprietary code for debugging help. A sales manager asks an AI assistant to summarize a customer negotiation and includes discount history, objections, and renewal probability. Nobody is trying to steal anything. They are trying to save time. But that is exactly why the issue is so tricky: the risk shows up disguised as efficiency.
Another recurring experience happens during vendor review. A company assumes its procurement template covers confidentiality, only to discover that the AI product terms are spread across multiple documents: the master agreement, product terms, privacy notice, acceptable use policy, and service-specific addendum. Somewhere in that stack are the answers to the questions that really matter: whether prompts are retained, whether inputs can improve services, whether subprocessors are involved, whether logs are accessible, and whether deletion is immediate, delayed, or politely vague. This is usually the moment when legal and security teams stop skimming and start circling things in red.
Then there is the internal policy gap. Many organizations technically have rules, but the rules are too abstract to guide behavior. Employees are told not to share “confidential information,” yet nobody translates that into practical examples. Is a draft contract confidential? Yes. Is a bug report confidential? Usually. Is a customer name confidential? Sometimes. Is a spreadsheet with pricing logic confidential? Absolutely. The businesses that improve fastest are the ones that stop speaking in compliance poetry and start teaching through examples.
The most effective teams also learn that enforcement alone does not solve adoption. If the approved tools are clunky and the forbidden tools are easy, employees will drift toward convenience every time. Good governance is not just about saying no. It is about giving people a safe yes: approved enterprise tools, clear rules, role-based permissions, and workflows that do not make secure behavior feel like punishment.
In the end, the lived experience is pretty consistent. NDAs still matter. They are useful, important, and often indispensable. But the organizations that protect data best are the ones that stop treating confidentiality as a document and start treating it as a system. Once teams understand that, the conversation gets much betterand the prompts get a lot cleaner.
