Is It Safe to Use AI for Consulting? (NDAs and Trade Secrets)
Yes for method, no with the client file: your NDA and engagement letter make the prompt a disclosure to a third party. Anonymise names and figures first.
The short answer: yes for method, no with the client file as it stands. A consumer AI is a third party. Your prompt is a disclosure to that third party. And the engagement letter and NDA you signed often forbid exactly that. So the first risk is not technical, it is contractual. Two more follow. Trade secret protection depends on reasonable steps to keep the information secret. And your org charts hold employee personal data. The fix is simple. Anonymise client names, figures and identifying details before the prompt. The model still works on the structure and the reasoning, which is what you actually want from it.
What consultants actually paste into AI
The job produces documents of very high value. They are also the client's most confidential material. Here is what regularly ends up in a chat window.
- Client strategy decks and plans that have not been announced.
- Financial models: margins, costs, forecasts, pricing grids.
- Org charts and interview notes taken with employees.
- M&A material: targets, valuations, deal timetables.
- Internal diagnostics, naming customers and suppliers.
Each of these documents mixes three distinct risks. A contract risk, a trade secret risk, a personal data risk. Let's take them in order.
Problem one: your contract, not the statute
An engagement letter frames what you may do with client material. An NDA (a confidentiality agreement) goes further. It typically bars you from disclosing that material to unauthorised third parties. From there, the reasoning closes on itself.
- 1A consumer AI service is an outside company, not part of your engagement.
- 2Pasting an extract of the file into it means handing that file over.
- 3That hand-over is a disclosure to a third party, in the contract's sense.
- 4If the contract forbids it, using the AI can be a breach.
This is not theory. It is precisely why lawyers now write AI clauses into consulting contracts. Some clauses regulate the use. Others ban it outright. So before anything else, reread your engagement letter and your NDA. The AI clause may already be there, unnoticed.
Problem two: the trade secret you weaken
WIPO, the World Intellectual Property Organization, makes a decisive point. A trade secret only exists while the information stays secret. To qualify, it must be commercially valuable because it is secret. It must be known only to a limited circle. And its holder must take reasonable steps to keep it secret.
WIPO explicitly names confidentiality agreements among those reasonable steps. It also lists financial information among the examples of protectable secrets. A financial model or a pricing grid lands squarely in that category.
WIPO adds a nuance that fits consulting perfectly. A trade secret can be a combination of elements that are each individually public. The secret combination is what gives the competitive edge. That is the definition of a strategy deck. Any single figure may look harmless; the assembly is not.
Be precise about the mechanism, because it is often misstated. You do not automatically lose the secret the second you paste the text. But protection rests on two conditions: secrecy, and reasonable steps. A careless disclosure to a third party attacks both. It can therefore weaken protection, or forfeit it. WIPO also states that disclosing secret information contrary to honest commercial practices is a violation. It counts breach of contract and breach of confidence among those unfair practices. In Europe, the reference instrument is the EU Trade Secrets Directive, Directive (EU) 2016/943.
Problem three: your documents contain people
An org chart is not a neutral diagram. It is names, job titles, reporting lines. Interview notes are statements attributed to identifiable employees. That is personal data under the GDPR, Regulation (EU) 2016/679.
The ICO, the UK data protection regulator, sets out the key distinction. Whoever determines the purposes and means of processing is the controller. The controller carries the legal accountability. Depending on the engagement, a consulting firm can be a controller, or a processor acting for the client. Either way there is no escape hatch. You are processing personal data in a defined legal role, with the duties that come with it.
What really happens to your prompt
Let's be accurate, because a myth circulates here. The NCSC, the UK National Cyber Security Centre, states that information included in a query is not automatically absorbed into the model for other users to retrieve. That matters, and on that narrow point it is reassuring.
What follows is far less so. Still per the NCSC, the query is visible to the organisation providing the model. It is stored. It will almost certainly be used at some point to develop the service or the model. Provider staff, partners or contractors may therefore be able to read it. The NCSC also warns that stored queries could be hacked, leaked, or accidentally made public.
The NCSC flags one last point, tailor-made for our subject. It warns about the aggregation of information across multiple queries made from the same account. Yet a consultant often runs a whole engagement through a single chat thread. Stitched together, those fragments redraw the entire file.
| What you tell yourself | What is actually true |
|---|---|
| “It's just a tool, not a third party” | It's an outside company; handing it the file is a disclosure |
| “The NDA only targets competitors” | It usually targets any disclosure to an unauthorised third party |
| “These figures are ordinary” | WIPO notes a secret combination of public elements can be protected |
| “My prompt vanishes after the answer” | The NCSC states the query is visible to the provider and stored |
| “An org chart isn't personal data” | Those are identifiable employees: it's GDPR, in a defined legal role |
The fix: anonymise before the prompt
Here is the good news. What you ask the AI for is almost never the client's name. It is a structure, a logic, an argument, a rewrite. The model reasons perfectly well over an anonymised file. Replace the client name, the employee names, the amounts and the identifying details with tokens. The quality of the answer holds; the exposure collapses.
- 1Read the AI clause in the engagement letter and the NDA first.
- 2Anonymise the client name, the employees, the amounts and the identifiers.
- 3Send only the anonymized text to the model.
- 4Restore the real values in the answer, locally.
- 5For regular use, insist on an enterprise tool with a signed DPA and no-training terms.
A word on tooling. The NCSC is firm: the terms of use and privacy policy must be understood before you ask sensitive questions. For a hosted model, those terms become the main control. The question to ask is simple. Who can view my queries, and under what conditions? That is the case for a professional tool, with a signed DPA (Data Processing Agreement) and a no-training commitment, rather than a consumer account.
And if the client forbids AI? Then the answer is no. A firm sells trust. A leak there is not a cosmetic incident, it is an existential one.
That is exactly what ONYRI Sanitize is for. The engine spots the sensitive data in a deck or a financial model. Company names, people's names, amounts, contact details. It replaces them with reversible tokens before you send. Detection and the mapping stay in your browser. Only anonymized text reaches the model. You keep the power of AI on structure and reasoning, without turning your prompt into a disclosure that breaches the NDA you signed.
Frequently asked questions
- Is it safe to use AI for consulting?
- Yes, as long as you don't paste the client file in the clear. A consumer AI is a third party, and your prompt is a disclosure to it. Your engagement letter and NDA often forbid that disclosure. Anonymise the client name, the amounts and the people before you send. The model still reasons over the structure, which is what you needed from it.
- Does pasting a client deck into ChatGPT breach the NDA?
- It can, yes. An NDA generally bars you from disclosing client material to unauthorised third parties. A consumer AI service is an outside company, and pasting an extract of the deck hands that material to it. Many contracts now carry an explicit AI clause, and some ban AI entirely. Read the clause before you use the tool.
- Is a financial model or a strategy a trade secret?
- Often, yes. WIPO explains that information is protected while it stays secret, draws value from that secrecy, and is kept secret by reasonable steps taken by its holder. Financial information is among the examples it lists. A careless disclosure to a third party undermines those conditions and can forfeit protection. In Europe, the framework is the EU Trade Secrets Directive (EU) 2016/943.
Sources & references
- Trade Secrets (what qualifies, reasonable steps, unauthorised disclosure as a violation) — World Intellectual Property Organization (WIPO)
- ChatGPT and large language models: what's the risk? (queries are visible to the provider and stored) — National Cyber Security Centre (NCSC), UK
- Controllers and processors (who is accountable for personal data) — Information Commissioner's Office (ICO), UK
Keep your sensitive data in your browser
ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.
Anonymize my prompt