Does using ChatGPT violate an NDA?

It can, and increasingly it does. Whether it breaches a given NDA depends on the language. A modern NDA with an AI-usage clause that prohibits public consumer tools makes the answer clear: pasting confidential information into free ChatGPT is a breach. An older NDA that says nothing about AI is murkier, because you would have to argue that the general use or disclosure restriction reaches the conduct, and you do not want to be litigating that question after the fact. The deeper risk goes beyond contract breach. Under Trinidad v. OpenAI (2026), disclosing confidential information to a public AI platform without contractual safeguards can extinguish trade-secret status entirely, which is a far worse outcome than a breach you can sue over.

Can I use ChatGPT with confidential work information?

Generally no, unless your employer has approved an enterprise version that contractually agrees not to retain or train on your inputs. The free and consumer tiers of most generative AI tools reserve the right to use submitted content to improve their models, which means your confidential input can leave the company's control. Most workplace AI policies and modern NDAs draw exactly this line: public consumer tools are off-limits for confidential material, while approved enterprise tools with the right contractual terms may be used. Check your company's NDA, its AI use policy, and any approved-tool list before you paste anything sensitive.

Do I lose trade secret protection if I disclose information to ChatGPT?

You can, and a 2026 court said as much. In Trinidad v. OpenAI, a federal court dismissed Defend Trade Secrets Act claims where the plaintiff had voluntarily shared proprietary frameworks with ChatGPT without contractual or structural safeguards, treating that as the legal equivalent of disclosing the information to the world. The reasoning traces to Ruckelshaus v. Monsanto Co., 467 U.S. 986: disclosure to a party under no obligation to keep the information confidential extinguishes the secret. A later confidentiality agreement does not bring it back. That is why the AI-usage clause is preventive, not curative.

What should an NDA prohibit regarding AI training?

At a minimum, it should bar the receiving party from using your confidential information to train, fine-tune, develop, test, validate, or improve any AI or machine-learning system, whether the model belongs to the recipient or a third party, without your prior written consent. Good drafting covers the functional pathways, including fine-tuning, embeddings, and retrieval-augmented systems, rather than relying on the single word 'training.' The Bonterms AI Standard Clauses frame this as a set of options ranging from an outright ban to permitted use of de-identified or aggregated data, so you can match the restriction to the sensitivity of the information.

What AI tools are safe to use with confidential information?

The market consensus is that enterprise-grade tools are acceptable if they contractually commit not to use inputs for training or product improvement, encrypt data in transit and at rest, permit deletion on request, and comply with applicable privacy law. Examples cited in industry guidance include business or enterprise tiers of major AI providers configured with these protections, as opposed to their free consumer versions. The contractual commitment is what carries the weight. A marketing claim that the tool is 'private' falls short; the vendor's actual terms must say, in writing, that they will not retain or train on your data, because the FTC has treated quiet reversals of such promises as deceptive practices.

Can an employer ban the use of AI tools under an NDA?

Yes. An employer can restrict or prohibit the use of AI tools with confidential information through the NDA, an employment agreement, or a workplace AI policy, and courts treat such restrictions as part of the reasonable measures that support trade-secret protection. A total ban on all AI is legally permissible but often impractical and routinely ignored, which undercuts its value as evidence of reasonable measures. The stronger approach is a targeted restriction: prohibit public consumer tools for confidential data while permitting approved enterprise tools. That is enforceable and far more likely to be followed.

What happens if an employee accidentally pastes confidential information into an AI tool?

Act fast, and treat it as a containment problem rather than a recoverable one. The information may already be embedded in the model, and there is often no reliable way to remove it, which is why this is described as a one-way door. Your NDA and AI policy should require immediate notice on suspected exposure, preservation of logs, and a request to the vendor to delete the input where deletion is technically possible. From a trade-secret standpoint, the exposure may weaken your protection, but documented reasonable measures and a prompt response strengthen your position that the disclosure was inadvertent and contained rather than a failure to safeguard the secret.

Is attorney-client privilege waived by using AI?

It can be, when the AI tool is a public one not bound to keep the material confidential. In United States v. Heppner (S.D.N.Y. Feb. 2026), Judge Jed Rakoff held that documents created using a public generative AI platform lacked attorney-client privilege, because the platform was not contractually obligated to maintain secrecy and public tools may retain inputs for training. The court left room for a different result where counsel directs the AI use under proper safeguards. The takeaway in practice is to keep privileged communications out of public AI tools, and to route any AI-assisted legal work through tools that are contractually bound to confidentiality.

How is an NDA AI clause different from a regular confidentiality clause?

A regular confidentiality clause tells the recipient to keep the information secret and use it only for the permitted purpose, which was written for human disclosure. An AI clause adds the parts that machine ingestion requires: a ban on training models on your data, a line between prohibited public tools and permitted enterprise tools, audit rights to verify compliance, and a breach-notification trigger for suspected AI exposure. It also accounts for irreversibility, building in cooperation duties because a model that absorbed your data cannot reliably give it back the way a person told to forget might.

Do I need to update NDAs I already signed before 2024?

For active relationships where you are still sharing confidential information, yes, you should add AI provisions, and an addendum is usually the efficient way to do it without renegotiating the whole agreement. Most pre-2024 NDAs contain zero AI language, which leaves you arguing that a general use restriction covers AI tools, an argument you would rather not test in court. An AI addendum to a master service agreement or existing NDA can bolt on the training prohibition, tool restriction, audit rights, and notification trigger. Have counsel confirm the addendum is properly incorporated and that your governing-law choice still makes sense given the circuit split on reasonable measures.

NDA AI Usage Clause: Protect Trade Secrets from AI Training (2026)

Key Takeaways

•A standard NDA written before 2024 almost certainly says nothing about artificial intelligence. That silence is a problem, because a recipient who pastes your confidential information into a public AI tool may not be breaching a clause that does not exist.
•Feeding confidential information into a public generative AI model can extinguish trade-secret status permanently. In Trinidad v. OpenAI (2026) a court treated disclosure to a public AI platform, with no contractual safeguards, as the legal equivalent of disclosing it to the world.
•The Defend Trade Secrets Act, 18 U.S.C. section 1836, only protects information the owner kept secret through reasonable measures. A written AI-usage clause is one of the cleanest ways to show you took those measures.
•The approach that actually works is targeted rather than absolute. Ban public, consumer-grade models and any use of your data for training, while permitting enterprise tools that contractually agree not to retain or train on inputs.
•An AI-usage clause has four moving parts worth getting right: a training prohibition, an approved-tool restriction, audit and inspection rights, and a breach-notification trigger keyed to suspected AI exposure.
•The circuits do not agree on how much you must do. The Fourth Circuit accepted a confidentiality agreement alone at the pleading stage in Samuel Sherbrooke (2025); the Tenth Circuit in Snyder v. Beam (2025) demanded specific documented acts. Draft for the stricter standard.

Reviewed for accuracy by the document.com legal team. Educational information, not legal advice.

What Is NDA with AI-Usage Clause?

An NDA AI usage clause is a confidentiality provision that controls whether, and how, the receiving party may run your confidential information through artificial intelligence tools. It sits inside a non-disclosure agreement and does work that an ordinary confidentiality covenant cannot, because the old covenant was written for a world where disclosure meant a person reading a document, not a machine ingesting it into a model that never forgets.

The clause answers questions a traditional NDA leaves open. May the recipient summarize your confidential memo in ChatGPT? May they upload your customer database to an AI analytics tool that trains on the data it sees? May they fine-tune a model on your source code? A plain confidentiality covenant says the recipient must keep the information secret and use it only for the permitted purpose. It rarely says that pasting it into a public chatbot, where the provider may retain and train on the input, is itself a prohibited disclosure.

In practice the clause prohibits using your confidential information to train or improve any AI system. It also restricts which AI tools may touch the information at all, usually drawing a line between public consumer models and enterprise tools that contractually agree not to retain or train. And it gives you the ability to check compliance through audit rights and a duty to report suspected exposure.

This page explains the law behind the clause, walks through the language field by field, and points you to the related agreements that should travel with it: your workplace AI policy, your employment and work-for-hire agreements, and the master NDA itself. Nothing here is legal advice. AI law is moving fast, the federal circuits are split on the underlying trade-secret standard, and you should confirm the current rule in your jurisdiction with counsel before you rely on any specific provision.

Why This Matters Now

Roughly 23.8 million confidential items were exposed through AI tools in 2024, by the count of security researchers tracking enterprise AI use, and one study estimated that 11 percent of the ChatGPT inputs it examined contained confidential information. Most of that leakage happens outside any formal data pipeline, through ordinary employees pasting things into a chat window to save time.

The damage is hard to undo. Once information enters a large language model it can become embedded in model parameters, embeddings, and memory structures, with no reliable mechanism to pull it back out. The exposure happens at the moment of incorporation, not at some later training milestone. Bloomberg Law described this as a one-way door, and the metaphor is accurate: a single paste of proprietary code can ripple through model outputs, downstream tools, and later prompts.

Courts have started to treat public AI disclosure as fatal to trade-secret protection. In Trinidad v. OpenAI (2026) a federal court dismissed Defend Trade Secrets Act claims where the plaintiff had shared proprietary frameworks with ChatGPT without contractual or structural safeguards, applying the longstanding rule from Ruckelshaus v. Monsanto Co., 467 U.S. 986, that disclosure to a party under no duty of confidentiality extinguishes the secret.

Privilege is exposed too. In United States v. Heppner (S.D.N.Y. Feb. 2026), Judge Jed Rakoff held that documents created with a public generative AI tool were not protected by attorney-client privilege, because a platform that is not contractually bound to keep the material secret breaks the confidentiality that privilege requires. The Harvard Law Review treated the ruling as a first-impression standard for AI and privilege.

Regulators are moving in parallel. The FTC warned in January 2024 that AI companies which fail to honor their privacy and confidentiality commitments may violate the FTC Act. California's Automated Decision-Making Technology regulations and its Generative AI Training Data Transparency Act, AB 2013, both took effect January 1, 2026. The compliance floor is rising, and contracts that ignore AI now look negligent rather than merely old.

The Legal Backbone

Defend Trade Secrets Act, 18 U.S.C. section 1836

The DTSA, enacted in 2016, gives trade-secret owners a federal civil cause of action for misappropriation. To qualify as a trade secret, information must derive independent economic value from not being generally known, and the owner must have taken reasonable measures to keep it secret. That second requirement is where AI bites. If your confidential information sits in a public model because a recipient pasted it there, and you had nothing in your NDA preventing that, a court can find you failed to take reasonable measures and deny protection. A well-drafted AI-usage clause is direct evidence that you did take them.

DTSA whistleblower immunity notice, 18 U.S.C. section 1833

Section 1833(b) grants immunity to anyone who discloses a trade secret in confidence to a government official or attorney solely to report or investigate a suspected violation of law. The statute also requires employers to include notice of this immunity in any contract that governs the use of trade secrets or confidential information, including NDAs. Skip the notice and you lose the ability to recover exemplary damages and attorney fees against an employee under the DTSA. Any NDA you build, with or without an AI clause, should carry this notice.

Uniform Trade Secrets Act (state law)

Adopted in some form by 48 states plus the District of Columbia, the UTSA is the state-law foundation that predates the DTSA and uses the same reasonable-measures standard. Because most trade-secret claims travel under both the federal DTSA and a state UTSA statute, your AI clause needs to satisfy both. The good news is that the reasonable-measures inquiry is largely parallel, so a clause drafted for the DTSA generally serves the state claim as well. Confirm the specifics of your governing-law state, because details such as the definition of misappropriation and the statute of limitations vary.

California ADMT regulations and AB 2013 (effective Jan. 1, 2026)

California's Privacy Protection Agency finalized regulations on Automated Decision-Making Technology that require risk assessments before businesses use AI to process consumer personal information in certain ways. Separately, AB 2013, the Generative AI Training Data Transparency Act, requires developers of generative AI systems to publish disclosures about the datasets used to train them. If your confidential information includes California consumer personal data, your NDA's AI clause should coordinate with these obligations and with the CCPA as amended by the CPRA. California is the strictest jurisdiction, so drafting to its standard tends to cover the rest.

FTC enforcement posture on AI and confidentiality

The FTC's January 2024 statement put AI companies on notice that quietly changing terms to use customers' confidential data for model training, after promising not to, can be an unfair or deceptive practice under Section 5 of the FTC Act. The agency has backed this with enforcement, including orders such as FTC v. Everalbum, which required deletion of both improperly obtained data and the models trained on it. For NDA drafters, the lesson is to require that any approved AI vendor's own terms actually commit, in writing, not to train on or retain your inputs, rather than relying on a marketing promise.

The reasonable-measures circuit split

The federal circuits disagree about how much effort the DTSA's reasonable-measures element demands. In Samuel Sherbrooke Corporate, Ltd. v. Mayer (4th Cir., Nov. 18, 2025), the court held that a confidentiality agreement in an employment contract was enough, at the motion-to-dismiss stage, to plead reasonable measures. The Tenth Circuit went the other way in Snyder v. Beam Technologies, Inc., 147 F.4th 1246 (Aug. 5, 2025), finding that no reasonable jury could find reasonable measures where the owner failed to mark documents confidential, restrict access, password-protect files, or notify anyone. The safe path is to draft and operate for the Tenth Circuit's stricter view, treating the contract as the floor and documented technical controls as the rest of the structure.

What an AI-usage clause actually controls

Start with the training prohibition, because it is the provision a generic NDA most clearly lacks. The language bars the receiving party from using any of your confidential information to train, develop, fine-tune, test, validate, or improve any AI system, machine-learning model, neural network, or large language model, whether the model is the recipient's own or a third party's, absent your prior written consent. The breadth matters. Training is not the only way data gets absorbed; retrieval-augmented systems, embeddings, and fine-tuning all incorporate your material, and the clause should sweep them in by function rather than by buzzword.

Next is the approved-tool restriction, the provision that draws the most redlines. A blanket no-AI rule sounds protective and is usually unworkable, because the recipient's lawyers, analysts, and engineers now use AI for routine work and will either refuse the deal or quietly ignore the ban. The market has settled on a targeted line instead. Public or consumer-grade tools, free ChatGPT and the like, are prohibited for confidential information. Enterprise tools are permitted if they contractually commit not to use inputs for training or product improvement, encrypt data in transit and at rest, allow deletion on request, and comply with applicable privacy law. This mirrors how sophisticated platforms write their own terms and how the Bonterms AI Standard Clauses, version 1.0, frame the training question as a menu of options rather than a single rule.

The third part is verification. A prohibition you cannot check is a prohibition the other side may not honor. Audit rights let the disclosing party inspect system logs, retention policies, and AI-platform configurations on reasonable notice, often capped at twice a year or triggered by reasonable suspicion of a breach. Pair this with a representation that the recipient maintains controls limiting which employees can route confidential information through AI tools at all. The Tenth Circuit's Snyder opinion is the reason this matters: courts increasingly want to see specific protective acts, not a policy gathering dust.

The fourth part is breach notification keyed to AI. A traditional NDA breach notice assumes a discrete event, a lost laptop or a forwarded email. AI exposure is messier, because the recipient may not know whether a given tool retained an input or fed it into training. The clause should require prompt notice on suspected, not just confirmed, AI exposure, and obligate the recipient to cooperate in attempting deletion, knowing that deletion may be impossible once data is embedded in a model. That cooperation duty preserves your remedies even when the underlying secret cannot be recovered.

Two structural points round it out. First, define your trade secret with particularity. The Federal Circuit's reversal of a 64 million dollar verdict in Coda Development v. Goodyear (Dec. 8, 2025) turned on the plaintiff's failure to identify the specific architecture, training-data composition, and hyperparameter configurations at issue; functional outcomes were not enough. If your confidential material is itself an AI asset, name its components. Second, remember that access controls protect the secret rather than being the secret. The Third Circuit made that explicit in NRA Group v. Durenleau (Oct. 7, 2025): passwords have no independent economic value and cannot themselves be a trade secret, so the clause should treat them as one of your reasonable measures while keeping the protected asset clearly identified as the underlying methodology or data.

One blunt word of advice. If you are sending confidential information out under an old NDA that says nothing about AI, do not assume the general confidentiality covenant covers AI tools. It might, depending on how a court reads the use restriction, but you do not want to litigate that. Paper an addendum before the next disclosure, not after the leak.

When You Need This

You are sharing confidential information with a vendor, contractor, or partner whose team uses AI tools in their normal workflow, which now describes most consulting, software, marketing, and professional-services firms.

You are entering due diligence for a financing, acquisition, or partnership and will hand over a data room of sensitive material that the other side's advisors may want to summarize or analyze with AI.

Your confidential information is itself an AI or data asset, such as a model architecture, training dataset, prompt library, or proprietary algorithm, where ingestion into someone else's system is the precise risk.

You are onboarding employees or contractors who will touch trade secrets, source code, customer data, or regulated information, and you want the AI restriction inside the confidentiality agreement they sign rather than buried in a policy they skim.

You operate in or share data touching California, where the ADMT regulations and AB 2013 took effect on January 1, 2026, or you handle EU personal data subject to the GDPR, and you need the NDA to coordinate with those regimes.

You already have NDAs in force that predate 2024 and want to bolt on an AI addendum without renegotiating the whole agreement, a common and sensible move for master service agreements with active counterparties.

How to Fill Out NDA with AI-Usage Clause

1. Confirm the DTSA whistleblower notice is present
Before adding anything about AI, make sure the NDA already carries the immunity notice required by 18 U.S.C. section 1833(b). It tells the signer they cannot be held liable for disclosing a trade secret in confidence to a government official or attorney to report a suspected legal violation. Omitting it forfeits your ability to recover exemplary damages and attorney fees against an employee under the DTSA. This is unglamorous and easy to miss, so handle it first.
2. Identify and define the confidential information with particularity
List the categories of information the NDA protects, and where any item is itself an AI or data asset, name its components. Coda Development v. Goodyear (Fed. Cir. 2025) threw out a large verdict because the plaintiff described functional outcomes rather than the specific model architecture, training-data composition, and hyperparameter settings. Vague definitions invite the argument that there was no protectable secret in the first place.
3. Set the training prohibition
State plainly that the receiving party may not use confidential information to train, fine-tune, develop, test, validate, or improve any AI or machine-learning system, whether proprietary or third-party, without your prior written consent. Cover the functional pathways, including fine-tuning, embeddings, and retrieval systems, rather than relying on the word 'training' to carry the whole load. This is the provision a pre-2024 NDA almost never contains.
4. Choose the tool-use posture and write the approved-tool line
Decide where you sit on the spectrum from permissive to aggressive. The middle ground that holds up prohibits public, consumer-grade models for confidential information while permitting enterprise tools that contractually agree not to retain or train on inputs, that encrypt data in transit and at rest, that allow deletion on request, and that comply with applicable privacy law. If you want, attach an approved-tool list or whitelist so there is no ambiguity about which configurations qualify. Free ChatGPT and the consumer tier of similar tools should be named as prohibited.
5. Add audit and inspection rights
Give yourself the right to verify compliance: inspection of system logs, retention policies, and AI-platform configurations, on reasonable notice such as 10 business days, capped at a sensible frequency like twice per year or on reasonable suspicion of breach. This is what turns a paper promise into a reasonable measure the courts will credit, and it answers the Tenth Circuit's demand in Snyder v. Beam for specific protective acts rather than a bare policy.
6. Write an AI-specific breach-notification trigger
Require prompt written notice on suspected exposure of confidential information to any AI system, not only on confirmed breaches, and obligate the recipient to cooperate in attempting deletion while acknowledging that deletion may be technically impossible once data is embedded in a model. Specify a notice window, a contact, and the recipient's duty to preserve logs. This keeps your remedies alive even when the secret itself cannot be clawed back.
7. Coordinate remedies, survival, and governing law
Spell out remedies for breach, which may include injunctive relief and, in aggressive postures, liquidated damages. State that the AI obligations survive termination, because a model that ingested your data still holds it when the contract ends. Pick a governing-law state with eyes open, because the reasonable-measures standard differs across circuits; the Fourth Circuit accepted a contract alone at the pleading stage in Samuel Sherbrooke, while the Tenth required documented acts in Snyder.
8. Have counsel review against your jurisdiction and align the rest of your stack
AI law is changing month to month and the circuits are split, so confirm the current rule in your governing-law state with a lawyer before you rely on the clause. While you are at it, make sure the NDA agrees with your workplace AI use policy, your employment and work-for-hire agreements, and any data processing agreement, so a recipient is not told one thing in the NDA and another in the policy.

Key Terms Defined

Reasonable measures: The effort a trade-secret owner must take to keep information secret in order to qualify for protection under the Defend Trade Secrets Act and the Uniform Trade Secrets Act. The bar varies by circuit. A written AI-usage clause, access controls, confidential markings, and documented restrictions all count toward it.
Training prohibition: The NDA provision barring the receiving party from using confidential information to train, fine-tune, or otherwise improve an AI or machine-learning model. It is the core AI-specific covenant and the one most missing from agreements written before 2024.
Enterprise-grade AI tool: An AI service offered under business terms that contractually commit not to use customer inputs for model training or product improvement, with encryption, deletion-on-request, and privacy-law compliance. NDAs increasingly permit these while banning public consumer tools such as free ChatGPT.
Irreversible disclosure: The problem that confidential information fed into a large language model becomes embedded in model parameters and embeddings with no reliable way to remove it. Courts treat the moment of incorporation, not later training, as the point of exposure, which is why notice and cooperation duties matter more than promises to delete.
Misappropriation: Under the DTSA and UTSA, the acquisition, disclosure, or use of a trade secret by improper means or in breach of a duty to maintain secrecy. Routing confidential information through a prohibited AI tool can constitute a disclosure that both breaches the NDA and supports a misappropriation claim.
Whistleblower immunity notice: The statement required by 18 U.S.C. section 1833(b) in any contract governing trade secrets, telling signers they are immune from liability for confidential disclosures made to report suspected legal violations to a government official or attorney. Omitting it forfeits exemplary damages and attorney fees under the DTSA.

Legal Authorities & Sources

This page is grounded in primary law. The statutes and official resources below are the authorities behind the guidance above. Verify the current text of any statute before relying on it.

Frequently Asked Questions

Ready when you are

Create your NDA with AI-Usage Clause in minutes.

Answer a few questions and download a clear, attorney-drafted document that cites the controlling law and is ready to sign.

Create NDA with AI-Usage Clause

No account · Free to preview

NDA with AI-Usage Clause

Key Takeaways

What Is NDA with AI-Usage Clause?

Why This Matters Now

The Legal Backbone

Defend Trade Secrets Act, 18 U.S.C. section 1836

DTSA whistleblower immunity notice, 18 U.S.C. section 1833

Uniform Trade Secrets Act (state law)

California ADMT regulations and AB 2013 (effective Jan. 1, 2026)

FTC enforcement posture on AI and confidentiality

The reasonable-measures circuit split

What an AI-usage clause actually controls

When You Need This

How to Fill Out NDA with AI-Usage Clause

1. Confirm the DTSA whistleblower notice is present

2. Identify and define the confidential information with particularity

3. Set the training prohibition

4. Choose the tool-use posture and write the approved-tool line

5. Add audit and inspection rights

6. Write an AI-specific breach-notification trigger

7. Coordinate remedies, survival, and governing law

8. Have counsel review against your jurisdiction and align the rest of your stack

Key Terms Defined

Related Documents

NDA with AI-usage clause vs. a standard NDA

NDA AI clause vs. workplace AI use policy

NDA AI clause vs. data processing agreement (DPA)

AI addendum vs. redrafting the whole NDA

Legal Authorities & Sources

Frequently Asked Questions

Create your NDA with AI-Usage Clause in minutes.