The Case for Local AI

Every prompt you send to the cloud is data you no longer control.

Lawsuits & enforcement actions

2023

P.M. v. OpenAI — CIPA wiretapping class action alleging billions in damages for using chat data to train models without consent. Called "potentially the biggest class action in history."

National Law Review
Dec 2023

NYT v. OpenAI & Microsoft — billions sought for training on copyrighted content. Court ordered OpenAI to produce 20 million ChatGPT conversation logs for discovery.

National Law Review
Apr 2023

Samsung engineers paste proprietary chip source code into ChatGPT. Data ingested into training pipeline. Samsung bans all GenAI company-wide.

Bloomberg
Dec 2024

Italy fines OpenAI €15M — first GenAI-specific GDPR penalty. Training on personal data without legal basis, failure to report 2023 breach.

Euronews
Nov 2025

Thele v. Google — class action alleges Gemini silently enabled scanning of all Gmail, Chat, and Meet content. $5,000 per violation under CIPA.

ClassAction.org
Mar 2026

Perplexity AI class action — user prompts, AI responses, and personal data shared with Meta and Google for ad targeting, even in "Incognito mode."

Bloomberg
Mar 2025

Clearview AI settles BIPA class action for $51.75M over biometric data collection from billions of photos without consent.

Regulatory Oversight
Ongoing

FTC investigation of OpenAI for deceptive data privacy practices. Expanded Sept 2025 to seven major AI companies over data collection and child safety.

Washington Post

By the numbers

40%

of companies have experienced an AI privacy event

Stanford 2025 AI Index
91%

say they need to do more to reassure customers on AI data handling

Cisco 2024
22%

of files uploaded to GenAI contain sensitive data

Stanford 2025
53%

cite privacy as #1 obstacle to AI adoption

Stanford 2025
$4B+

in financial sector supervision penalties in 2024

FINRA 24-09
59

U.S. federal AI regulations in 2024, 2x from 2023

Stanford 2025

What you're agreeing to

OpenAI trains on all ChatGPT Free/Plus/Pro inputs by default. Users must manually opt out. Even API tier retains inputs for 30 days.

Zoom granted itself a “perpetual, worldwide, royalty-free license” to customer content for AI training in 2023. Reversed after backlash.

GitHub Copilot uses interaction data for training by default on Free/Pro/Pro+ plans as of March 2026.

When your data goes to the cloud, you're trusting that today's terms are tomorrow's terms. History says they aren't.

Regulatory exposure

HIPAA: 71% of healthcare workers use personal AI accounts for work. HHS proposed first major Security Rule update in 20 years (Jan 2025) adding AI-specific requirements.

FINRA/SEC: Notice 24-09 — firms are liable for customer data sent to third-party AI. AI governance is a 2025 exam priority.

GDPR: €4B+ cumulative fines. Italy banned ChatGPT in 2023, fined OpenAI €15M in 2024. EU data sent to U.S. AI providers faces Schrems II scrutiny.

SOX: Ungovern AI use creates internal control deficiencies auditors will flag.

The technical case

For focused tasks, small models match the big ones.

Microsoft Research: fine-tuned 13B models hit ~95% of GPT-4 on specific benchmarks. Google's 7B Gemma matches GPT-3.5 on domain tasks.

Local inference: 30-80 tokens/sec on modern GPUs. No rate limits, no shared capacity, no round-trip latency.

Gartner: by 2027, 50%+ of enterprise GenAI models will be domain-specific (up from ~1% in 2023).

Being honest

When cloud is the right call.

Prototyping — proving a concept before investing in hardware.

General reasoning — diverse domains needing frontier capability.

Non-sensitive, low volume — public data where privacy isn't a factor.

Local wins where it matters most: high-volume automation on data you can't afford to have anywhere else.

Want to understand your exposure?

We'll audit what data your team is sending to cloud AI and assess whether on-premise makes sense.

Book a free assessment