OpenAI has a leak problem. Over the past 18 months, unauthorized disclosures about product roadmaps, safety protocols, finances, and executive departures have surfaced in the press with metronomic regularity. Leaks about Q*. Leaks about Project Strawberry. Leaks about restrictive NDAs that clawed back vested equity from departing employees who spoke publicly. Each one landed during a fundraising round or a competitive moment.
So OpenAI built a tool to find the leakers. The tool is a custom version of ChatGPT.
How It Works
According to The Information, OpenAI's security team feeds published news articles into a specialized ChatGPT instance that has access to internal Slack messages, emails, and document repositories. The system cross-references the article's content — specific phrasing, data points, project codenames — against internal communications and access logs. It identifies which files contain the leaked information, which employees had access, and who used similar language in private chats. The AI produces a shortlist of suspects in minutes. Manual investigation used to take weeks.
The system was deployed in late 2024. It is unclear whether it has caught anyone.
The Company That Builds Trust Machines Doesn't Trust Its Own People
The irony writes itself, but it's worth stating plainly: the company selling ChatGPT as a productivity tool for the world's workforce is using the same technology as a corporate surveillance apparatus aimed at its own employees.
OpenAI is not the first company to monitor workplace communications. California employers can legally scan corporate Slack and email with adequate notice. But employment lawyers and the Electronic Frontier Foundation have flagged that using sophisticated AI for deep linguistic analysis — pattern-matching authorship across thousands of messages — ventures into territory that privacy law hasn't fully addressed.
The chilling effect is the point. If you know an AI is reading your Slack messages and comparing them to every tech news article published that week, you think twice before messaging a reporter. You think twice before messaging a colleague about something that concerns you. You think twice, period.
Whistleblowers Sacrificed Millions
The surveillance tool exists in a specific context. OpenAI previously required departing employees to sign non-disparagement agreements that threatened forfeiture of vested equity — in some cases worth millions of dollars — if they spoke publicly about the company. After public backlash in mid-2024, OpenAI said it would stop enforcing those provisions.
But the pattern is clear: equity clawbacks for speech, then restrictive NDAs, then AI-powered surveillance of internal communications. Each response to the leak problem has escalated.
Federal and state whistleblower protections shield employees who report illegal conduct or safety violations. In AI development, where the potential consequences of misaligned systems are existential by the company's own admission, the ability of employees to raise alarms — including through the press — carries heightened legal and moral weight.
OpenAI's own safety researchers have quit over concerns about the company's direction. Ilya Sutskever left. Jan Leike left. Daniel Kokotajlo left and forfeited equity estimated at over $1 million rather than sign a non-disparagement agreement. These were not disgruntled employees leaking for sport. They were senior researchers who believed the company was moving too fast on safety-critical decisions.
No Other AI Company Does This
Google, Meta, Anthropic, and other major AI developers have not been publicly reported using their own AI products for internal leak detection. The practice is unique to OpenAI — the company that simultaneously argues its technology should be trusted with medical advice, legal reasoning, and financial planning.
The market for AI-powered employee surveillance tools is growing. Products that analyze email, chat, and video to flag policy violations and insider threats are proliferating across enterprise software. But there is a difference between buying a third-party monitoring tool and building a bespoke version of your flagship product to scan your own employees' messages.
OpenAI didn't outsource this. It dogfooded surveillance.
What It Means
The leak-hunting tool is a small thing. A security team using available technology to solve a business problem. Every company protects trade secrets. Every company investigates leaks.
But it reveals something about the relationship between AI companies and the technology they build. OpenAI tells the world that ChatGPT is a helpful assistant. Internally, it's also a detective pointed at the people who built it.
The 83 percent of organizations that reported insider attacks in 2025 would understand the impulse. The employees at 1,700-person OpenAI who now know their Slack messages are being fed into a language model might understand something else: the first people surveilled by AI at scale won't be citizens or consumers. They'll be the engineers who made the AI possible.
If you found this useful, check out my AI prompt packs on Polar.sh — battle-tested prompts for developers.
Top comments (0)