Key takeaway: No. ChatGPT and Claude will remove an obvious client name from text you hand them, and they do that well. They cannot reliably sanitise a full consulting deck. The core problem is that they analyse text, and a consulting slide is a spatial, visual object: charts, logos, colour-coded shapes, harvey balls, a layout that carries meaning. Even with a structured pipeline built around them, they cannot reliably detect visual client identifiers, they cannot rewrite the chart XML or embedded workbooks travelling inside the file, and they do not produce the per-change audit trail a compliance team can sign off. Useful assistants for text. Not a sanitisation process for a deck.
Last updated: July 2026
This is one of the first things a consultant does when told to find a way to sanitise (also called redacting, blinding, scrubbing or anonymising) a batch of decks before they go into the firm's AI platform: ask an AI engine directly. Fair question. It deserves a fair answer, not a marketing one.
We've covered the wider landscape before, including keyword redaction tools and manual review, in Why Generic Tools Can't Sanitise Consulting Decks. This piece stays narrower and more direct: does the AI itself get the job done, on its own, when you hand it a deck.
What ChatGPT and Claude genuinely do well
Worth stating plainly, because the honest answer isn't "they're useless."
- Obvious identifiers, on request. Tell either model a client's name, and it will strip that string reliably from text you paste in, including reasonable variations and misspellings.
- Visible logos in an image. Both have vision. Point one at a screenshot of a slide and ask what's identifying on it, and it will usually spot an obvious logo or letterhead.
- Rewriting flagged text. Once a person has decided a sentence needs to go or needs softening, both are fast, capable editors. Ask for a generic replacement that keeps the sentence's shape and they'll produce one in seconds.
- A second pair of eyes on a single slide. Paste one slide's text in and ask "does anything here look client-specific?" and you'll often get a useful answer. The judgement is real. It just isn't complete, and it isn't consistent, and it doesn't reach the whole file.
That's a genuinely useful assistant for a human doing careful, slide-by-slide review. It is not a sanitisation process for a deck, let alone a project's worth of decks.
Why the gap matters at this scale
Nearly every consulting deliverable contains confidential content, many carry financials or M&A data, and cross-client contamination, meaning information tied to one client turning up in material associated with another, turns up more often than firms expect. That's spread across an entire proposal and project library. Checking a handful of slides in a chat window doesn't touch it.
Where they fail on a consulting deck
Five places, and they're the places that decide whether a "sanitised" deck is actually safe to reuse. To keep the test fair, assume a firm does this properly: not slides pasted into a chat window one at a time, but a structured skill or pipeline built around the model, with a consistent prompt, the file's contents extracted programmatically, and every deck processed the same way. The failures below survive that setup.
A slide is a spatial object, and these are text models. The first and biggest failure point. A consulting slide carries its meaning visually: the logo in the corner, the brand colours on the shapes, the harvey balls in a comparison matrix, the colour-coding on a workstream status, a chart whose shape an industry insider would recognise, a framework layout built for one client. Text extraction throws all of that away. Vision passes over slide images catch the obvious logo but are not reliable enough, slide after slide, to be the control a firm depends on. Reliable PPTX analysis needs spatial and visual understanding of the slide as an object, and that is precisely what a general-purpose language model does not have.
Charts and the numbers behind them. Ask an LLM to sanitise a chart and, at best, it can suggest new axis labels or a rewritten caption for what's rendered on screen. It can't touch what's underneath. A PowerPoint chart carries its source data inside the file, in an embedded workbook, independent of the picture on the slide. Changing the visible labels doesn't change the numbers travelling inside the file. Genuine chart sanitisation means obfuscating the underlying values while keeping the shape and the point the chart makes, at the file level. Even a pipeline that extracts the chart XML and hands it to the model doesn't get there: general-purpose models cannot reliably rewrite chart XML or embedded workbooks and return a file that still opens, recalculates and renders.
Qualitative client information with no name attached. Ask ChatGPT to flag anything confidential in a paragraph and it does reasonably well when a name or an obvious secret is attached. Most of what causes a breach isn't attached to a name. A client's margin, repeated as an "industry benchmark." A negotiating position, summarised as "observed market behaviour." An unpublished figure, dropped in as context. A general model has no way to know the number on slide 14 is one client's private data rather than a public statistic pulled from a report, because nothing in the sentence tells it so. It catches some of these. It misses more. And it can't tell you which is which.
Embedded objects and file metadata. The slides can look clean while the file isn't. A PowerPoint carries the original chart data in its embedded spreadsheets, the pasted client logo's source image with a URL pointing back to the client's own domain, and a file name like Project-Falcon-ClientCo-v14-final.pptx sitting in the metadata. A pipeline can extract this layer and show it to the model, but detection is only half the job. The fix is file-format surgery: rewriting embedded parts, relationships and metadata without corrupting the deck. That is not something a language model does by generating text, and this is exactly the layer that survives into an AI knowledge base and gets indexed.
Auditability. A model's output is not a change log. Even a well-built pipeline around a general-purpose model gives you free text, not a per-change record of what was found, what was changed, and why. No diff a security or compliance reviewer can check against the original. No way to demonstrate to an auditor that a specific category of risk was addressed consistently across a document, let alone a knowledge base. For a firm going through its own vendor risk assessment or SOC 2 review, "we ran it through ChatGPT" isn't evidence a compliance team can sign off. It isn't even a process. (More on what that evidence needs to look like: SOC 2 Compliance for Knowledge Management Systems.)
The pattern underneath all five
Pattern matching, whether it's a keyword tool or an LLM told to look for identifiers, catches roughly 20% of what's actually sensitive in a consulting deliverable. The other 80% is contextual: it depends on what a number means next to the numbers around it, what a client would recognise as their own even with the name removed, and what's sitting in the file underneath the slide. Context-aware redaction is the term for the alternative. An LLM prompted well is closer to that than a keyword tool is. It's still a long way short of it, because the judgement has to reach the visual layer of the slide and the inside of the file, and then act on both.
There's a sharper version of the same point. Manually sanitised decks are routinely still re-identifiable by AI: point a model at a deck a person has scrubbed and it will often name the client anyway. The same pattern-recognition ability that makes an LLM good at spotting what's left behind is not, on its own, matched by an equal ability to remove what's there in the first place. Detection and prevention aren't the same skill, and a general-purpose model is being asked to do the harder one.
The fair-test verdict
If you ask ChatGPT to remove a client's name from one slide, it will, reliably. That's not sanitising a deck. That's editing one line. A deck is sixty or a hundred slides, most of what's sensitive in it has no name attached, much of its client identity lives in the visual layer, some of it sits inside chart data and file metadata, and a security review afterwards will want a record of what was done and why. None of that is a prompting problem, and none of it goes away when a firm builds a proper pipeline around the model. It's a different job.
None of this is an argument against using ChatGPT or Claude at a firm. Keep using them for what they're good at: drafting, summarising, rewriting the parts a person has already identified as safe to touch. The gap sits specifically at sanitisation as a process, judgement over client-confidential information applied consistently across hundreds of pages, at the file level, with a record a reviewer can check. That's a narrower job than "AI" in general, and it's the job purpose-built sanitisation software exists to do: automated, at a consistent standard regardless of deck length, with the audit trail built in rather than reconstructed afterwards.
More on the alternatives: three approaches to reusing confidential decks, manual versus automated redaction, and the complete guide to consulting redaction.
Want to see how Knovari handles consulting deliverables?
Book a demo