What the Grok/ChatGPT Lawsuit Teaches Us About Insider Risk

Last week, xAI, Elon Musk’s artificial intelligence startup sued a former engineer for allegedly stealing trade secrets from xAI and taking them to the ChatGPT parent company OpenAI.

This high-profile Grok/ChatGPT case is a recent example of insider risk. Insider risk can come in many forms. Employees put organizations at risk any time they expose sensitive data to the outside world.  

Insider risk is often unintentional. It's often a result of an accident or simple negligence, like when someone accidentally sets the permissions on a link to a shared file to 'anyone with the link.'  

By comparison, intentional insider risks like what this former engineer is alleged to have done often have much more dire consequences. As such, they are usually associated with much larger breaches of regulated data or targeted exfiltration of proprietary information or 'trade secrets.'

It’s no surprise that insider risk costs companies millions of dollars each year. In the 2025 Cost of Insider Risk Report, Ponemon Institute estimates that the average annual cost of insider incidents has increased to $17.4 million, up from $16.2 million in 2023.  

The number of insider risk incidents also increases each year across many industries. Insider risk is a difficult problem to solve, in large part because finding and classifying data at scale seemed almost impossible even just a few years ago.  

You can’t protect data you can’t see. That’s why data discovery and classification are such an important part of a modern data security strategy. In cases like this Grok lawsuit, clearly defining sensitive data is the starting point.  

Preventing data exfiltration starts with identifying sensitive information

Stopping data exfiltration starts with visibility and control of your organization’s data. That’s why Data Security Posture Management (DSPM) is so important—it’s the key to discovering and classifying an organization’s most sensitive data at scale.  

Forcepoint DSPM does just that. It scans your organization’s data whether it’s in the cloud or on-premises. From there, it uses AI Mesh technology to quickly and accurately classify that data.

Where DSPM focuses on scanning data at rest, Forcepoint Data Detection and Response (DDR) provides continuous monitoring of the files discovered from those scans. DDR also lets you see how people interact with and share those files (i.e. changing permissions settings, downloading, copying, sharing and more)

I’ve discussed the complementary relationship between Forcepoint DSPM and DDR in more detail in the past. But here’s a snapshot of how they play off each other: