AI and Trade Secrets: Protecting Your Model, Your Data, and Your Outputs

Patents take years and require public disclosure. Copyrights may not protect AI-generated outputs at all. For many companies building AI products, trade secret law is the most immediately available and practically powerful form of intellectual property protection — and also the one most commonly misunderstood and mismanaged.

A trade secret can protect your model architecture, your training data, your fine-tuning methodology, your prompt engineering, and in some cases your outputs. But trade secret protection is not automatic. It depends entirely on whether you have taken reasonable steps to keep the information secret. Companies that treat their AI systems as confidential without actually implementing the legal and operational structures that support a trade secret claim are building on a foundation that will not hold up when it matters.

This post explains what qualifies as a trade secret in the AI context, what protection it provides, and what your company needs to do to maintain it.

What trade secret law protects

Under the Defend Trade Secrets Act (DTSA), which governs federal trade secret claims in the US, a trade secret is information that derives independent economic value from not being generally known or readily ascertainable by others who could obtain economic value from its disclosure, and that is subject to reasonable measures to maintain its secrecy.

State trade secret laws, most of which are based on the Uniform Trade Secrets Act, use similar definitions. The two key elements are economic value from secrecy and reasonable protective measures. Both must be present for trade secret protection to apply.

The scope of what qualifies is broad. Trade secrets can include formulas, patterns, compilations, programs, devices, methods, techniques, and processes. In the AI context, this maps onto a significant range of assets.

What AI assets can be protected as trade secrets

Model architecture and weights

The design of a neural network — its architecture, layer structure, hyperparameters, and the trained weights that result from the training process — can qualify as a trade secret. Model weights in particular represent the distilled result of potentially millions of dollars of compute and years of data collection. They are not publicly disclosed, they derive substantial economic value from remaining confidential, and they can be protected as trade secrets if handled correctly.

This is precisely why the alleged theft of Google's model weights by a former engineer, the subject of a 2024 federal criminal indictment, received so much attention. The government charged that the weights constituted trade secrets and that taking them to a competitor constituted misappropriation under the DTSA.

Training data and datasets

Proprietary training datasets — particularly those that took significant effort, cost, or curation to assemble — can qualify as trade secrets. This applies both to raw data collections and to processed, labeled, or annotated datasets that required substantial human effort to create.

The economic value of a proprietary dataset comes precisely from the fact that competitors do not have access to it. A dataset that enables better model performance than anything trained on publicly available data is a competitive asset whose value depends on its secrecy. Trade secret law protects it as long as you treat it that way.

Fine-tuning methodology and training pipelines

The specific techniques your team developed to fine-tune a foundation model on your data, the curriculum used during training, the data augmentation strategies, and the evaluation frameworks you use to measure performance can all qualify as trade secrets. These are exactly the kind of "methods and techniques" that trade secret law was designed to protect.

Prompt engineering and system prompts

This is a newer and still-developing area of trade secret law, but system prompts and prompt engineering methodologies used in production AI systems are increasingly being asserted as trade secrets. A well-engineered system prompt that reliably produces a particular quality of output represents genuine competitive value, and there is no technical reason it cannot qualify for trade secret protection if handled appropriately.

Courts have not yet fully addressed the question of whether and how prompt engineering qualifies as a trade secret, but the legal framework supports the argument, and several cases are working through the system that will provide more clarity.

AI outputs in specific contexts

AI outputs themselves are generally not trade secrets because they are typically disclosed when the product is used. However, in certain contexts — internal research outputs, model evaluation results, performance benchmarks that are not publicly disclosed — outputs can qualify for trade secret protection if they are kept confidential and derive economic value from that secrecy.

The reasonable measures requirement: where most companies fail

Trade secret protection is lost the moment you fail to take reasonable measures to maintain secrecy. This is not a theoretical risk. It is the most common reason trade secret claims fail in litigation.

Reasonable measures are evaluated based on the totality of the circumstances, including the size and sophistication of the company, the nature of the information, and the industry context. Courts do not require perfect secrecy, but they do require a consistent, demonstrable effort to keep the information confidential.

For AI assets, reasonable measures include the following.

Access controls. Model weights, training data, and proprietary methodologies should be accessible only to employees and contractors who need them for their work. Role-based access controls, logging of access, and regular audits of who has access to what are baseline requirements.

Confidentiality agreements. Every employee, contractor, consultant, and vendor with access to AI trade secrets should have signed a confidentiality agreement before gaining access. For employees, this means a properly drafted employment agreement with confidentiality and IP assignment provisions. For contractors and vendors, it means NDAs and data processing agreements that specifically address the confidential nature of the AI assets they are working with.

Vendor and platform agreements. This is a critical and frequently overlooked area. If your team uses cloud AI platforms, API-based model providers, or third-party tools to develop or deploy your AI systems, you need to understand what those platforms do with your data and model information. Many standard AI platform terms of service include provisions allowing the platform to use inputs to improve their models. Sending your proprietary training data or model configurations to a platform under those terms may constitute a disclosure that undermines your trade secret claim.

Review every vendor agreement for provisions about data use, model training, and confidentiality. Negotiate enterprise agreements with appropriate confidentiality protections before sharing anything that qualifies as a trade secret.

Physical and technical security. Trade secret protection requires reasonable physical and technical security measures proportionate to the value of the information. For AI assets, this means encrypted storage, secure transmission, network segmentation for systems containing model weights or proprietary datasets, and incident response protocols for potential breaches.

Employee departure protocols. A significant proportion of AI trade secret misappropriation involves departing employees. When an employee with access to AI trade secrets leaves, you need a documented departure process: return of all company devices and access credentials, revocation of system access on the departure date, a reminder of ongoing confidentiality obligations, and in appropriate cases forensic review of data transfer activity in the period before departure.

The Google case mentioned above involved an engineer who allegedly transferred model weights to personal devices before resigning. A robust departure protocol that includes monitoring for unusual data transfers in the weeks before a departure notice is a meaningful protective measure.

Trade secrets versus patents for AI protection

The choice between trade secret protection and patent protection for AI innovations involves real tradeoffs that every company building AI products should think through deliberately.

Patents require disclosure. A patent application becomes public, typically 18 months after filing. Once your model architecture or training methodology is disclosed in a patent application, it is no longer a trade secret. You are trading secrecy for the exclusive right to use the patented method, which lasts 20 years from the filing date.

Trade secrets have no expiration date. As long as you maintain reasonable protective measures and the information remains secret, trade secret protection continues indefinitely. Coca-Cola's formula has been a trade secret for over a century. A proprietary AI model that remains competitive and is kept confidential can be protected indefinitely.

Patents require patentable subject matter. Software and AI methods face significant patentability challenges under current doctrine following the Supreme Court's Alice decision. Not all AI innovations can be patented even if you want to. Trade secret protection has no such limitation.

Trade secrets provide no protection against independent development. If a competitor independently develops the same model architecture or training methodology, they have every right to use it. A patent would give you the right to stop them. Trade secret law does not.

For most early-stage AI companies, trade secret protection is the right starting point because it is immediate, does not require disclosure, and does not require the cost and time of patent prosecution. As the company matures and identifies specific innovations worth the disclosure tradeoff, targeted patent filings can complement the trade secret portfolio.

What to do when trade secrets are misappropriated

If you discover that AI trade secrets have been taken — by a departing employee, a former vendor, or a third party who obtained access without authorization — the DTSA provides federal causes of action including injunctive relief, damages for actual loss, unjust enrichment, and in cases of willful misappropriation, exemplary damages up to two times actual damages and attorney fees.

Acting quickly is essential. If misappropriated trade secrets are used to develop a competing product or are shared with others, the window for effective injunctive relief narrows fast. The moment you discover or reasonably suspect misappropriation, engage counsel to assess your options and preserve your legal position.

Document everything. The strength of a trade secret claim depends heavily on your ability to demonstrate that the information was treated as confidential, that the misappropriation was unauthorized, and that you suffered harm as a result. Your existing records of access controls, confidentiality agreements, and security measures become your evidence.

Frequently asked questions

Does trade secret protection apply automatically when I develop something confidential?

No. Trade secret protection requires both that the information derive economic value from secrecy and that you have taken reasonable measures to maintain that secrecy. Simply treating something as internal or confidential in practice, without implementing legal and operational protective measures, is not sufficient.

Can a former employee use knowledge gained at my company to build a competing AI product?

General skills and knowledge an employee develops on the job are generally not protectable as trade secrets. Specific confidential information — model weights, proprietary datasets, specific methodologies — is protectable if properly secured. The line between general AI knowledge and specific trade secrets is one of the most frequently litigated questions in AI employment disputes. Non-compete agreements, where enforceable, provide additional protection but their enforceability varies significantly by state.

What happens if I share my AI model with a vendor and they use it without authorization?

If you had a confidentiality agreement in place and the vendor used your model in breach of that agreement, you have both a contract claim and potentially a trade secret misappropriation claim under the DTSA. If you shared the model without a confidentiality agreement, your trade secret claim is significantly weakened because sharing without confidentiality protections is itself evidence that you did not take reasonable measures to maintain secrecy.

Is reverse engineering a trade secret legal?

In general, yes. Trade secret law does not protect against reverse engineering of a product that is publicly available. If someone purchases your AI product and reverse engineers the model from its outputs, that is generally lawful. This is one important limitation of trade secret protection for AI models and is a reason some companies pursue patent protection for innovations that could be reverse engineered.

How does trade secret protection interact with open-source AI components?

Using open-source components in your AI system does not automatically undermine trade secret protection for the proprietary elements of your system. The key is that you maintain secrecy over your proprietary contributions — your fine-tuning, your training data, your system prompts — while complying with the license terms of the open-source components. Some open-source licenses, particularly copyleft licenses like GPL, impose conditions on derivative works that may affect how you can deploy your system, and those terms need to be reviewed by counsel.

Trade secret law is the most flexible and immediately available IP protection for AI companies, but it requires active management. The companies that successfully protect their AI assets are the ones that treat confidentiality as an operational discipline rather than a legal formality.

If you want to assess whether your AI assets are properly protected as trade secrets or build a protection strategy that covers your models, data, and methodologies, contact Ana Law to schedule a strategy session.