1. Sora’s Death Ushers in the Era of Enterprise AI

OpenAI recently announced that they were sunsetting Sora, their groundbreaking consumer oriented AI video app. Sora’s latest models proved capable of generating highly realistic videos with very simple text prompts. While Sora had a variety of guardrails in place, and enforced content watermarking, videos it generated were implicated in at least 19 incidents, and may have likely been used in many other deep fake related incidents. OpenAI cited a desire to focus more on enterprise applications, especially as competition from Anthropic and their breakout Claude Code system recently overtook OpenAI’s ChatGPT amongst new users and in the Apple App Store.

We think this is just the beginning of a strategic pivot of many AI companies away from consumer applications of AI, over to enterprise related uses. The consumer world is rife with legal issues, and regulators are starting to take notice. Even the most conservative AI legislative proposals in the US have strong protections against non-consensual sexual content, and age restrictions for many AI systems. In addition to regulatory pressures, businesses are finding Agentic AI to be more useful than simple chat-based interfaces, and Anthropic’s focus on coding, and on business safe AI has forced OpenAI to declare a ‘code red’ to stay competitive. Finally, the costs of AI are still being heavily subsidized, and geopolitical events are likely to exacerbate the situation making consumer oriented apps highly unprofitable in the short term. B2B opportunities will be seen as less risky from a legal and regulatory perspective, and will be easier to prove value and align the ‘real’ costs of AI to its enterprise value. Other OpenAI projects may get cancelled, such as their efforts of creating an ‘adult’ version of ChatGPT.

Key Takeaway: When it comes to choosing an AI partner in the B2B world, reputation and principles will matter. Ethics aside, choosing a model provider that invests heavily in preventing illicit content, simply reduces risk, and choosing that company isn’t performative ethics, but rather just risk reduction.

2. Tech Explainer: Promises and Pitfalls of Distillation

In a new partnership, Apple is using Gemini models to train effective smaller models that can be run directly on phones through a process called distillation. In addition to creating effective smaller models, the process can also be used by adversarial parties to reverse engineer models (Anthropic recently wrote a report on three chinese labs using this process to attack their models). The process works by having a smaller ‘student’ model learn to mimic the outputs of a larger ‘teacher’ model, rather than training from scratch on raw data. With LLMs, the smaller model is typically trained on input+reasoning traces from the larger models. This process works, because the reasoning traces give the model the most important pieces of information needed to function properly. The result is a smaller model that can run locally, without sending data to an external API, which can reduce latency and alleviate some privacy-concerns.

Distillation comes with risks. Because the smaller model has fewer parameters, it can’t capture as much nuance and may lead to performance degradation - in general, it may be best to use the smaller model for more specialized tasks. For example, Apple may only need Gemini to be good at question-answering inside Siri, so they can skip teaching the student model coding capabilities. Deployers need to run fresh evaluations calibrated to the distilled model’s narrower scope, not just port over benchmarks from the original. In addition, recent research showed that knowledge distillation may lead to systematic degradation of safety alignment and increase susceptibility to jailbreaks.

Key Takeaway: On the surface, distillation may be appealing because it can create smaller models that encapsulate key abilities of larger models without relying on external APIs. However, in practice, they require additional safety post-training, strong guardrails and new evaluations, which can make the whole process more time and resource intensive.

3. Incident Spotlight: DOGE’s ChatGPT Grant Review (Incident 1402)

What Happened: DOGE fed grant descriptions into ChatGPT, asking it to determine whether each was “DEI,” then logged the chatbot’s yes/no responses in a spreadsheet that replaced a list previously compiled by NEH staffers as the operative document for terminating grants. Of 1,163 grant proposals analyzed this way, 1,057 were flagged and just 42 were kept. The process was ad hoc by design: the DOGE staffer behind the methodology had assembled his own “Detection List” of identity-based traits before running grant descriptions through the model. Depositions later confirmed that the NEH’s acting chair hadn’t known ChatGPT was used in the selection process at all.

Why It Matters: Setting aside the political element, there are a number of issues here. Firstly, there’s no strong evidence that the team deploying ChatGPT had proper training on AI systems. Their prompt seems notably simplistic, and arguably gave enormous authority to the AI system to interpret DEI, and process the grants accordingly. Even small limitations in tools, such as poor text extraction, context window lengths, or hallucinations could have caused massive impacts. In addition, the DOGE team did not seem to have a firm grasp of the documents they were working with, and therefore could not act as qualified ‘humans in the loop’. The automated decision making nature of their request would likely be qualified as ‘high impact AI’ under the Trump admin’s latest guidance for AI use in non-classified settings, although this was published after the DOGE work was supposedly done.

How to Mitigate: This is fundamentally a process design failure. Any organization using AI for consequential screening decisions should define and document classification criteria before deployment, not derive them post hoc from a vague policy directive. AI-generated classifications should be treated as inputs to human review, not substitutes for it, with clear audit trails that distinguish model output from final decision.

Key Takeaway: If your organization is using AI to screen or classify anything with legal or financial consequence, someone with both domain expertise and working knowledge of the model’s limitations needs to own the classification logic. Deploying a general-purpose chatbot as a compliance filter without either is a massive liability.

4. IAPP Recap

Earlier this week at the IAPP Global Privacy Summit, we co-hosted a panel that focused on what AI governance looks like after Year One. The room assumed policies were written, intake processes established, and governance committees defined. The conversation was about what comes next.

CTO Andrew Gamino-Cheong moderated with Kimberly Zink (Chief Privacy Officer, Korn Ferry) and Derek Han (AI, Cyber and Privacy Partner, Grant Thornton). Four scenarios drove the discussion.

On Model Changes: Every use case should have a documented set of evaluations before a deprecation notice arrives, not assembled under pressure. What counts as a “substantial modification” needs to be defined in advance.

On Periodic Reviews: Governance intensity should scale with risk level, not apply uniformly. Model drift doesn’t announce itself. Sampling actual outputs against deployment guardrails matters more than a calendar reminder.

On Regulatory Updates: Nearly 7 in 10 businesses report difficulty understanding EU AI Act obligations. The root cause is inventory quality. If your AI inventory doesn’t capture use case category, PII usage, automated decision-making, and deployment geography, you can’t answer a scope question quickly.

On Program Iteration: Track the metrics that tell you whether governance is actually working: volume reviewed, high-risk flags, cycle time, risk mitigated. The harder conversation is agentic AI. Manual governance workflows weren’t built for systems that act autonomously, chain decisions, and scale faster than any review queue. Organizations need to start building AI-assisted governance now.

—

As always, we welcome your feedback on content! Have suggestions? Drop us a line at newsletter@trustible.ai.

AI Responsibly,

- Trustible Team