AI data breach · Incident response DACH

Trade secrets in the AI model. Now what?

A prompt with customer data. An upload to the wrong cloud. A tool that trains in the background. When internal data has leaked into an AI, the first 72 hours count. Here you get a clear head and a plan – without panic, without a compliance monologue.

Free · No login · Not legal advice, but clear orientation

The starting point

Most AI incidents are not hacks. They are everyday life.

No attacker needed – a helpful team and a convenient tool are enough. Do you recognise one of these situations?

Prompt with plain data

An employee pastes a contract, a customer list or source code into ChatGPT and the like – to get done faster.

Unintended training

A free AI tool uses inputs for model training under its terms. Your data is now part of something you no longer control.

Transfer to the US cloud

Data ends up on a US provider’s servers – without a checked data processing agreement and without a transfer basis.

Shadow AI

Nobody approved it, everybody uses it. You learn about the tool only when something goes wrong.

Free lead magnet

The instant checklist: what to do in an AI incident?

A clearly prioritised checklist for the first hours. No jargon – the concrete steps in the right order.

  • Stop & secure: contain access immediately, document evidence.
  • Classify: personal data, trade secret or both? Reporting duty yes/no.
  • 72-hour clock: when to involve the data protection authority (GDPR Art. 33).
  • Contain: revoke API keys, request deletion & training opt-out.
  • Prevent: so the same incident does not happen again in two weeks.

Request the checklist

Enter your email – you will receive the checklist directly.

Prefer it now? Download the checklist as PDF

Opens your email program with a ready-made message.

Interactive wizard

Data leak to US & AI clouds: how to proceed.

Five short questions. At the end you get a recommendation tailored to your situation – including an assessment of the 72-hour reporting duty.

Step 1 of 520%

What kind of data leaked?

This determines which rules apply.

Orientation aid, not legal advice. When in doubt, involve your data protection officer or a lawyer.

Personal incident help

You don’t want to guess. You want someone who has seen this before.

I am an AI architect, not an agency type. In a focused conversation we classify the incident, stop the data leak and define what happens next technically and organisationally – so you are able to act instead of paralysed.

30 min
Initial assessment
DACH
SME focus
EU/on-prem
Sovereign
In development · Waitlist open

Shadow AI Radar: see which AI your team really uses.

Today’s incident is yesterday’s blind spot. The radar makes visible which AI tools are in use, rates them by data risk – and warns before sensitive data flows into the wrong cloud.

01 · Discover

Inventory, not gut feeling

Captures the AI services in use – via browser signal, log import or a short team self-check. Result: an honest list.

02 · Assess

GDPR traffic light per tool

Each tool gets a traffic light: server location, training use of inputs, DPA available, EU alternative present.

03 · Act

Guardrails, not bans

A clear recommendation per tool: approve, secure or replace – plus a lean AI policy the team accepts.

Join the waitlist

Early access, a say in the features and a preferential launch price. No spam – just one message when it starts.

Note: This page, the checklist and the wizard are a general orientation aid and do not replace individual legal or data protection advice. For binding assessments – in particular on notification duties under GDPR Art. 33/34 and the requirements of the EU AI Act – please involve your data protection officer or a lawyer. As of: July 2026.