Does Engineering AI Train on My CAD Models? The Truth About Data Privacy

CoLab’s AI — including AutoReview, its AI peer checker — does not train on your CAD data for anyone else’s benefit. When you bring your standards, guidelines, and lessons learned into CoLab, that knowledge makes your reviews smarter, your feedback more consistent, and your institutional memory more accessible. This data remains secure with your organization. It never improves the platform for another customer.

That’s the honest answer. But the question itself is worth taking seriously, because AI software vendors haven’t always been transparent about how they handle proprietary design data — and engineering leaders are right to be skeptical. With 95% viewing AI adoption as essential over the next two years, understanding exactly what happens to your data has never mattered more.

‍

Why CAD Data Is Some of the Most Sensitive IP Your Company Owns

A CAD assembly file is a compressed record that contains years of R&D decisions. It’s the geometry your team iterated on, the tolerances your manufacturing process can hold, the material choices your engineers fought over, the supplier relationships baked into the BOM. Because of that, some companies treat CAD transfers as a security event in their own right.

Before adopting CoLab, Hyundai Mobis — a Tier 1 automotive supplier to OEMs including Ford, GM, and Tesla — had internal processes so locked down that moving a file between systems required a dedicated FTP server or an internally-approved USB drive. As Igor Beric, their Global OE Engineering Manager, succinctly put it: “We’re extremely focused on our document security.”

That stance is far from unusual. Rather, it’s the norm for any company that designs products competitors would pay to see. Therefore, when AI tools enter the picture — tools that ingest CAD geometry, read drawings, and analyze design patterns at scale — the question of what happens to that data isn’t a case of paranoia. In fact, it’s the first question a responsible engineering leader should ask.

How AI Training Actually Works (And Why It Creates Real Risk)

Large language models and general-purpose AI tools improve over time by learning from data. In practice, a general-purpose AI tool built on a shared model that ingests your drawings could use patterns from your designs to improve its outputs for every customer on the platform — including, theoretically, your direct competitors.

The risk is even more acute with specialized engineering AI vendors than with general-purpose tools. Most engineers already know not to paste proprietary geometry into ChatGPT. The harder question is what happens with the purpose-built engineering AI tool they are actively evaluating.

These vendors are less scrutinized, their data practices are less publicized, and the data they are asking for — including native CAD files, drawing packages, and internal standards — is far more sensitive than anything a general LLM typically sees. A vendor that isn’t explicit about whether customer data feeds their training pipeline is a vendor worth pressing hard before you share anything.

Does CoLab’s AI Train on My CAD Data?

Our position at CoLab is explicit: customer data is used only to improve AutoReview for your organization. It is never pooled across customers, fed into a shared model, or used to make the product better for anyone else.

When you run AutoReview on a drawing or CAD model, the AI analyzes that file against your company’s own standards, guidelines, and historical review data, and returns feedback. Any learning that happens stays inside your organization.

CoLab’s security architecture reflects this commitment. The platform is certified to SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 standards, and is registered in the Government of Canada’s Controlled Goods Program. Access controls are granular: you decide who sees what, who can download files, and how external parties interact with your designs. You always know exactly who accessed your files, and when.

This matters in practice because CoLab is built for collaboration, sharing CAD with suppliers, customers, and cross-functional reviewers who sit outside the engineering team. The platform is designed to give you that reach without surrendering control of your IP.

What to Ask Any AI Vendor Before You Share CAD Data

If you are evaluating AI tools for design review, DFM analysis, or drawing automation, these are the questions worth asking before you share a single file. And because we think every vendor should be held to the same standard, here is how CoLab answers each one.

• Is my data used to train your AI models? 

Get a direct yes or no. “We take security seriously” is not a serious answer to this question. 

CoLab’s answer: Data such as your standards, guidelines, and internal lessons learned is used only to fine-tune and improve AutoReview for your organization. It is never used to train a shared model or improve the product for any other customer.

• Is my data stored separately from other customers? 

Ask specifically whether the architecture is multi-tenant or single-tenant, and what that means for how your data is stored and accessed alongside other customers. 

CoLab’s answer: Yes. CoLab uses logical separation for all customer data, with folder-level separation in AWS S3 and separate encryption keys per customer.

• Who has access to my data within your organization? 

Ask about the full data chain, not just the view from the front door. Many AI products are built on top of third-party model providers, and it's worth understanding where your data travels. 

CoLab's answer: CoLab leverages AWS, Anthropic, OpenAI, Microsoft Azure, Google Cloud, Cloudflare, and Datadog to power its AI features. CoLab has zero data retention agreements with all AI service providers, meaning customer data exists only in memory to process a request and is not retained by those providers.

• What happens to my data if I stop using your product? 

Ask specifically about data retention policies. This question is rarely asked until it's too late. 

CoLab’s answer: Detailed retention policies are available in CoLab's Terms and Conditions. We're happy to walk through them with you before you sign anything.

• What certifications does your security program hold? 

SOC 2 Type II is the baseline expectation. ISO 27001 adds international rigor. Industry-specific certifications — TISAX for automotive and controlled goods programs for defense — should be non-negotiable requirements for regulated sectors.

CoLab's answer: CoLab is certified to SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018, is TISAX certified, and is registered in Canada’s Controlled Goods Program. CoLab completed its SOC 2 Type II audit with zero findings.

If an engineering AI vendor can’t answer these questions clearly and in writing, keep looking. For a deeper dive on this topic, see our full guide: 5 Security Questions Every Engineering Manager Must Ask AI Vendors.

The Right AI Tools Don’t Require a Security Tradeoff

Implementing AI in engineering workflows doesn’t require trading IP security for capability. As our survey report shows, nearly half of engineering leaders already view AI adoption as a matter of survival. The fundamental question is how you choose which engineering tools to trust with your most sensitive data.

CoLab was built on the premise that your design data belongs to you — and that hasn’t changed as our AI capabilities have grown. AutoReview learns from your standards, your history, and your feedback, with every insight it surfaces staying exactly where it belongs: inside your organization.That’s not a footnote in our terms of service; it’s the foundation we continue to build on.

If you want to see how AutoReview works on your own drawings, without sending your files somewhere you can't track, book a demo with a CoLab engineer today.

‍