How are you handling sensitive data in AI products?

I'm curious how other SaaS founders are thinking about this, especially those selling AI-powered products to larger companies.

AI adoption seems to be accelerating everywhere, but I still wonder how much of a blocker data privacy and prompt security are in practice.

A few years ago there was the Samsung incident where employees reportedly pasted sensitive source code and internal information into ChatGPT, which raised concerns about data leakage and AI governance. Since then, enterprise AI offerings have matured a lot, but the underlying concern seems to remain: people inevitably paste sensitive information into AI systems.

For those of you building AI-powered SaaS products:

• Do prospects or customers ask questions about what data gets sent to LLM providers?
• Have security reviews become more demanding because of AI?
• Do customers require data anonymization, redaction, self-hosted models, or specific AI governance controls?
• Have you ever lost a deal because of concerns around sensitive data and AI?
• If you're serving enterprise customers, what are the most common objections or requirements you see?

And for those using AI internally:

• Are employees allowed to paste customer data into ChatGPT/Claude/etc.?
• Do you have policies around this?
• Are you relying on training and policies, or technical controls as well?

I'm trying to understand whether this is still a major pain point in 2026 or if the market has largely become comfortable with the current state of things.

Would love to hear real-world experiences, especially from founders selling into enterprise.

Author: NerveAltruistic3639