Private Inference vs Cloud AI: What Enterprises Actually Lose When They Send Data to OpenAI

In June 2025, OpenAI informed customers that data presumed deleted was actually preserved due to a court order, highlighting the discrepancy between data retention assumptions and reality in cloud AI services. This revelation underscores the default data retention policies in cloud-based AI platforms, where data often resides longer than expected unless enterprise contracts specify otherwise, and legal obligations can override these settings. The concept of Zero Data Retention (ZDR) offers limited assurance as it is a policy rather than a technical guarantee, meaning data could still be accessed under certain circumstances. Compounding these issues is the threat of prompt injection, which exploits the way large language models (LLMs) interpret inputs, posing security risks as demonstrated by the EchoLeak vulnerability in Microsoft's 365 Copilot. Additionally, shadow AI, where employees use consumer AI tools with work data, has led to costly breaches, revealing the complexities and risks associated with sending sensitive information to external services. Despite technical and policy controls by cloud providers, the potential for unauthorized access remains, emphasizing the need for critical assessment of whether data should ever leave controlled infrastructure. Private inference offers architectural guarantees, ensuring data remains within an organization’s infrastructure, providing verifiable compliance and security, particularly for sensitive information, although it requires significant operational expertise and resources. The decision between cloud and private AI should therefore be guided by the sensitivity of the data and the level of control an organization requires.