What about really sensitive stuff like if possibly private tickets that have all kinds of stuff like customer data, embargoed CVE fixes or even sensitive health related data, are they just cobble that all into a model so it can leak out to random people ?

There is a bunch of manufacturing related investigation reports written up in jira tickets or confluence pages at the pharma company I work for.