Ask HN: Is it safe to send my work code to ChatGPT?
Is there some licensing/NDA aspects I should be aware of before I send the code from work to ChatGPT? Can there be any consequences? Absolutely not. If you work for a company that's even semi-serious about security and has to be audited, you could be fired. Honestly the fact that you're asking this means your company has utterly failed at basic security training. Don't send your code to any cloud you don't own, and especially don't send it to a service that's explicit about using your submissions in new training sets. This. A subtle issue is that your company may use saas services in the dev process like github or gitlab or various supply chain/security providers, since they have private source access, what's different about using ChatGPT? The difference is that your company has legal contracts with those other providers that require those providers to maintain confidentiality with your company's private intellectual property. If you share said intellectual property with any person, organization, or service with whom your company does not have such an agreement, you yourself have breached the terms of your employment and can be fired. My work NDA is pretty clear on sending internal code to third parties without explicit approval. Can't imagine very many aren't? I think the interesting question is "What are the actual risks of pasting my code into ChatGPT?" If you work for a company of any significant size, the answer from the legal team / outside counsel is almost certainly going to be "Do not share IP". While this is probably the correct answer, these teams are trained to be risk averse. However, say you are a small startup or a solo dev. I am not certain there are significant risks beyond your code possibly showing up in future revisions of the model. In that scenario, one would think the risk of that code being possibly be made public could be evaluated on a case by case basis. But possibly there are other risks? My company has a very strict no-gpt/no-copilot policy. Check with your legal/security/compliance teams before sending your codebase to another company. Not unless you want a promotion to customer. At my work if you send code from a BU to gpt or any AI they will more than likely vacuum seal you in a test tube. Check with your company's legal team. In most cases, I would imagine that giving company intellectual property to a third-party is not allowed. more explanation how such need or situation arose ?