Gong | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Gong discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

1 detection across 1 site

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN

They Claim

“Unknown”

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Sales teams using Gong gain conversation insights but inherit catastrophic liabilities: (1) Forecasting corruption as AI-generated predictions create false precision in pipeline management, (2) Sales methodology leakage as conversation patterns feed platform AI models shared across customers including competitors, (3) Extreme confidentiality exposure as recordings capture trade secrets, pricing strategies, and competitive intelligence that become data breach targets. Behavioral biometrics from video calls create special category data processing without adequate legal basis.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Gong

→Immediately audit all Gong recordings for confidential information and trade secret exposure
→Implement strict data retention policy with automatic deletion after deal closure
→Require explicit participant consent before all recordings with documented consent mechanism
→Configure CRM integration to prevent sync of confidential deal fields to Gong platform

If You're Evaluating Gong

→Request contractual prohibition on conversation data use for AI model training across customers
→Evaluate conversation intelligence alternatives with on-premise deployment to eliminate cloud storage risk
→Consider whether AI insights justify sales methodology leakage and confidentiality exposure
→Assess data breach liability from indefinite conversation storage with customer legal and security teams

Negotiation Leverage

→Gong VRS 80 = Broker (100) + Counselor (90) maximum threat. Conversation data feeds AI models shared across competitors. This is existential risk.
→Session recording (BTI-C07) captures trade secrets and pricing strategies. One data breach exposes years of confidential negotiations. Demand storage limits.
→Behavioral biometrics (BTI-C06) from video calls = special category data processing. Require explicit legal basis documentation or disable video analysis.
→Persistence (BTI-C13) violates GDPR storage limitation principle. Recordings maintained indefinitely create ongoing liability. Negotiate automatic deletion SLAs.
→Cross-domain sync (BTI-C08) aggregates email, calls, and meetings into comprehensive surveillance. Prospects are tracked without consent. Require notification mechanism.
→Ask: What conversation data is used for AI training? How are trade secrets protected? What is the data breach history? Expect evasive answers.
→Recommendation: If competitors use Gong, your sales methodology is already compromised. Negotiate exclusive data processing or seek alternatives with on-premise deployment.

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Recording notification behavior varies based on meeting platform detection, presenting different consent flows to avoid participant awareness.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Facial expression analysis, voice stress detection, and speaking pattern capture from video calls creates sensitive biometric profiles used for seller coaching.

BTI-C07Session Recording

Full session replay

Impact: Full conversation capture including off-script discussions, pricing negotiations, and competitive intelligence creates extreme confidentiality exposure.

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Email and calendar integration enables conversation tracking across multiple communication channels, creating comprehensive surveillance of sales interactions.

BTI-C10Fingerprinting

Device identification

Impact: Prospect identification across multiple touchpoints enables long-term relationship tracking and intent scoring without explicit consent.

BTI-C13Persistence Mechanisms

Long-lived identifiers

Impact: Conversation recordings maintained indefinitely create ongoing data breach liability and GDPR storage limitation violations (Article 5).

IOC Manifest

70 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/webpack-*.js*

Tracking script

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/app/layout-*.js*

Tracking script

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/*-*.js*

Tracking script

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/*.*.js*

Tracking script

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/app/%5Blang%5D/%5B%5B...slug%5D%5D/page-*.js*

Tracking script

TRACK

*www.gong.io/marketing-assets/_next/static/chunks/main-app-*.js*

Tracking script

TRACK

*www.gong.io/_vercel/speed-insights/script.js*

Tracking script

TRACK

app.gong.io

Tracking script

TRACK

www.gong.io/marketing-assets/_next/static/chunks/webpack-791459bf4f929612.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/e2676d9c-1f609c29105c2f35.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/9560-fa42642f9becc142.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/main-app-f638f2c4ae9bf20a.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/7617-e5bf1a2ef794666c.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/9172-4c600a7feb15051a.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/5215-d5f7f93176d0727a.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/app/layout-5b659d11356876d2.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/e2468bb2-8cdc6839fbf060fa.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/2d1400c4-660f46b5158f4d17.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/a83482b9-cdaa554132309245.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/5039-37d14491cf5a642a.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/2796-47be4b1245d735d8.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/app/%5Blang%5D/%5B%5B...slug%5D%5D/page-3de9d8baabc73c2f.js

Auto-extracted from scan

TRACK

www.gong.io/marketing-assets/_next/static/chunks/8762.2c6144a9f1ebc97e.js

Auto-extracted from scan

TRACK

www.gong.io/_vercel/speed-insights/script.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Gong operates within the revenue intelligence ecosystem alongside Chorus.ai (ZoomInfo), Clari, and Salesloft. The platform integrates with CRM systems, communication platforms (Zoom, Teams, Gmail), and sales engagement tools to create comprehensive conversation capture. AI model training using aggregated conversation data means sales methodologies, objection handling, and competitive positioning from one customer inform insights delivered to competitors.

Loads (1)

Marketo

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

71 detection signatures across scripts, domains, cookies, and network endpoints