What the Grok/ChatGPT Lawsuit Teaches Us About Insider Risk
0 min read

Lionel Menchaca
Last week, xAI, Elon Musk’s artificial intelligence startup sued a former engineer for allegedly stealing trade secrets from xAI and taking them to the ChatGPT parent company OpenAI.
This high-profile Grok/ChatGPT case is a recent example of insider risk. Insider risk can come in many forms. Employees put organizations at risk any time they expose sensitive data to the outside world.
Insider risk is often unintentional. It's often a result of an accident or simple negligence, like when someone accidentally sets the permissions on a link to a shared file to 'anyone with the link.'
By comparison, intentional insider risks like what this former engineer is alleged to have done often have much more dire consequences. As such, they are usually associated with much larger breaches of regulated data or targeted exfiltration of proprietary information or 'trade secrets.'
It’s no surprise that insider risk costs companies millions of dollars each year. In the 2025 Cost of Insider Risk Report, Ponemon Institute estimates that the average annual cost of insider incidents has increased to $17.4 million, up from $16.2 million in 2023.
The number of insider risk incidents also increases each year across many industries. Insider risk is a difficult problem to solve, in large part because finding and classifying data at scale seemed almost impossible even just a few years ago.
You can’t protect data you can’t see. That’s why data discovery and classification are such an important part of a modern data security strategy. In cases like this Grok lawsuit, clearly defining sensitive data is the starting point.
Preventing data exfiltration starts with identifying sensitive information
Stopping data exfiltration starts with visibility and control of your organization’s data. That’s why Data Security Posture Management (DSPM) is so important—it’s the key to discovering and classifying an organization’s most sensitive data at scale.
Forcepoint DSPM does just that. It scans your organization’s data whether it’s in the cloud or on-premises. From there, it uses AI Mesh technology to quickly and accurately classify that data.
Where DSPM focuses on scanning data at rest, Forcepoint Data Detection and Response (DDR) provides continuous monitoring of the files discovered from those scans. DDR also lets you see how people interact with and share those files (i.e. changing permissions settings, downloading, copying, sharing and more)
I’ve discussed the complementary relationship between Forcepoint DSPM and DDR in more detail in the past. But here’s a snapshot of how they play off each other:
Active data policy enforcement meets ongoing behavior monitoring
Forcepoint DLP is a tool we designed to prevent data exfiltration. It does this through data policy enforcement across all channels your organization works to protect, from user endpoints to email to cloud apps to data in GenAI tools or data that resides in on-prem data stores. Forcepoint can protect sensitive data from being copied onto personal devices, storage drives or into GenAI tools like ChatGPT.
Forcepoint Risk-Adaptive Protection (RAP) allows security professionals to respond to insider risk in real time through policy automation. RAP examines how specific users interact with critical data through 100+ indicators of behavior. Dynamic risk scores increase as individuals engage in more risky activities. RAP can adjust policies at the individual level based upon that risk score.
Prevent data exfitration and miminize its impact
It’s still early days in terms of this xAI insider risk allegation. But this lawsuit makes it clear that CISOs need to arm themselves with tools that:
- Identify an organization’s most sensitive data
- Provide a clear picture of who has access to that data
- Provide visibility into what those employees are doing with the data
- And most importantly, to prevent that sensitive data from leaving the company
From a Forcepoint perspective, protecting against data exfiltration starts with understanding where your organization’s most sensitive data resides, then combining that knowledge with dynamic protection of that data everywhere.
Learn more about how Forcepoint helps you detect, prioritize and eliminate data risk. Talk to an expert today.
Lionel Menchaca
Read more articles by Lionel MenchacaAs the Content Marketing and Technical Writing Specialist, Lionel leads Forcepoint's blogging efforts. He's responsible for the company's global editorial strategy and is part of a core team responsible for content strategy and execution on behalf of the company.
Before Forcepoint, Lionel founded and ran Dell's blogging and social media efforts for seven years. He has a degree from the University of Texas at Austin in Archaeological Studies.
- Forrester: Securing Generative AI
In the Article
- Forrester: Securing Generative AIView the Report
X-Labs
Get insight, analysis & news straight to your inbox

To the Point
Cybersecurity
A Podcast covering latest trends and topics in the world of cybersecurity
Listen Now