Protecting Trade Secrets in the Age of AI

May 30, 2025

Losing a trade secret can be devastating to your company. It can erode your market share, cripple innovation, and cost millions in legal battles and lost revenue. But protecting your trade secrets isn’t just a matter of declaring something a trade secret and calling it a day.   

In 2025 and beyond, you need a robust, adaptive defense strategy to protect your trade secrets. It requires you to understand and document what your trade secrets are and then implement a multilayered approach to protect them in ways that work for your business.  

In this post, we’ll help you understand what your trade secrets are and then dig into what you need to do to protect them.  

What is a Trade Secret?   

Many successful companies, from your local corner bakery with a legendary frosting recipe to those tech giants with groundbreaking algorithms, have something crucial to their business that they keep close to the vest. Those are trade secrets.   

The US Patent and Trademark Office defines a trade secret:    

  1. Information that has either actual or potential independent economic value by virtue of not being generally known, and   
  2. Has value to others who cannot legitimately obtain it; and   
  3. Is subject to reasonable efforts to maintain its secrecy.  

For a trade secret to exist, these above three factors must all be met. Let’s break them down further:  

  • The scope of information that is able to be a trade secret is intentionally broad. Your “secret sauce” could be a manufacturing process, a pricing strategy, a unique customer list, a marketing strategy, customer ordering data, proprietary software code, or even detailed financial information.    
  • It must offer a competitive advantage or other economic benefit.  
  • It must be a secret to start off with. That means it needs to be something not available to others in the public domain.   
  • It must be subject to reasonable measures to keep it a secret. It doesn’t need to be locked in a digital safe, encased in two feet of concrete and monitored 24/7, which is how KFC reportedly keeps its 11 herbs and spices recipe safe. But there should be reasonable measures appropriate to the subject matter and its value in place to protect it. While KFC’s famous 11 herbs and spices may justify two feet of concrete and 24/7 monitoring, most trade secrets can be effectively protected through more practical measures.     

Difference between a Trade Secret, a Patent, and a Trademark  

Here’s a very brief overview of some key differences between patents and trade secrets and trademarks:   

  • Patents grant limited-time legal protection, but in return they require public disclosure. They also are granted only following a formal registration procedure to ensure that they meet certain statutory requirements.   
  • Trade secrets can potentially last indefinitely, but only so long as the information remains secret. There are no formal registration procedures, but you are obligated to take reasonable steps to keep the trade secret confidential. If the secrecy is lost, the protection for the trade secret disappears.   
  • Don’t confuse trademarks with trade secrets. Trademarks are legal documents that help to protect branding marks, names, and designs.  They are inherently public, used to identify companies and their products. They have nothing to do with trade secrets. 

What is not a Trade Secret?  

First of all, a trade secret is a secret. That means that information that is public or easily ascertainable cannot be considered a trade secret. If important business information is included on your website in technical documents you share with your customers, for example, it will likely not be deemed a trade secret.   

Similarly, if a piece of technology can be easily reverse engineered by a competitor if they simply buy your product and take it apart or if they observe your public operations, it won’t remain a trade secret for long, because it won’t remain secret.    

Finally, broad skills and non-confidential knowledge acquired through experience with a company will not typically be treated as trade secrets, although specialized skills (often termed “know-how”) and their proprietary applications can qualify as trade secrets as long as their secrecy is protected.   

Anything else that doesn’t meet the second and third factors in the US Patent and Trademark Office’s definition also won’t qualify. So if it’s valuable to your business and it’s not subject to reasonable measures for protecting its secrecy, it won’t typically be a trade secret. These two factors come into play at different times. If you’re considering whether to protect something as a trade secret, first consider whether it’s valuable to your business. If not, the efforts to protect it as a trade secret might be all in vain.  

The “reasonable measures” factor comes into play all the time: during the entire lifespan of the trade secret, you have to be taking “reasonable measures” to keep it secret. If you let down your guard and the secret gets discovered, this  could preclude you from making a trade secret claim. These little slips can happen fairly easily, with lethal consequences to the trade secret status of the information. For example, if the information is stored on an unsecured system, not labelled as proprietary, or is shared without a confidentiality agreement, you may not be taking “reasonable steps” to protect it. If the secret is then discovered or revealed, you may not be able to claim that your trade secret has been misappropriated. And remember, once the secret is revealed, whether deliberately or accidentally, it loses its status as a trade secret. Thus we recommend a high level of vigilance along with systemic protections to ensure that trade secrets remain so. 

But here’s the challenge in 2025: those “reasonable steps” look a lot different than they did even a few years ago. The rise of remote work has scattered sensitive data across home offices and public networks. The increasing sophistication of cyberattacks means digital defenses need to be tougher than ever. And the accessibility of powerful AI tools introduces new, complex risks of inadvertent disclosure or malicious use of confidential information.  

What Could Go Wrong? Common Situations That Put Trade Secrets at Risk  

Scenario 1: Your Employee Is Leaving 

A well-known risk to trade secrets is when your employees are leaving and taking with them the trade secrets that reside in their heads. One recent, high-profile case shows how this can happen In Insulet Corp v EOFlow Co., Ltd. a swath of employees moved from Insulet Corp to EOFlow. Then, two years later, EOFlow announced an insulin pump that looked nothing like its previous iterations and very similar to the device Insulet had previously created. The jury found that EOFlow and many of the former Insulet employees who now worked for EOFlow had misappropriated Insulet’s trade secrets, awarding total damages of $452 million to Insulet.   

In some situations, there’s a fine line between general skills and knowledge and trade secrets when it comes to your employees. Some information, like trends in customer preferences the employee noticed while working with your company, may not be deemed trade secrets. But, there’s no doubt that when employees leave, your trade secrets are at risk.   

Scenario 2: Risks with Third-Party Relationships  

When you share confidential information with a third party – be it a manufacturer, a software provider, a marketing agency, or a joint venture partner – you are extending the circle of people who know your secrets. Despite documents that are intended to prevent disclosure of confidential information, the more people that have access to your trade secrets, the more risk you face.   

We often see litigation arise in circumstances where trade secrets are discussed during joint venture discussions, even with appropriate documentation in place. Litigation often arises around technologies that were discussed as part of the JV, and that are then developed elsewhere, outside the JV. This is especially problematic if the JV has gone bad, and one of the parties continues to exploit the other party’s technology after their relationship has terminated. Manufacturing also attracts disputes, when third-party factories are contracted to produce goods for a customer, and then misappropriate the customer’s proprietary manufacturing processes to use for their own purposes.   

How to protect yourself? Think carefully about what you share with a JV partner or an outside manufacturer. You want to give them what they need for the purposes of your collaboration, but nothing more. And if you give them something that’s crucial to your business, keep track of it and watch the partner carefully for future misappropriation. If you catch such transgressions early, you can institute legal action to lessen their impact on your business. Your trade secret may be lost, but you can restrict how your competitor will be able to use it. 

These caveats are even more important in the cybereconomy. The increasing reliance on cloud services and outsourced IT in 2025 further highlights this risk. Granting a third-party vendor access to your network or data storage requires significant trust and robust security measures on both sides.  

Scenario 3: Cyber Attacks and Data Breaches  

Cybercrime has never just been about stealing consumer data. There’s an entire realm of threat actors who target confidential information and trade secrets for their economic advantage. 

You may remember the very high profile theft of Volvo’s R&D during a cyberattack in 2021. That’s an example of how cyber attacks and data breaches can impact your trade secrets. Remember, once a trade secret is no longer secret, you’ve lost your protection for it – it’s open for anyone to use. The consequences of misappropriation thus expand far beyond the initial attack: revealing the trade secret deprives you of any future commercial advantage that its secrecy could have provided.   

Developing robust cyber protections for your trade secrets is essential today, and training your team on the importance of cybersecurity is important too. We’ve said it before, but multifactor authentication should be non-negotiable when it comes to protecting your company’s important data. It’s affordable (especially when compared to the costs of a breach) and is still surprisingly underutilized.  

We’ve shortened this guidance into a PDF downloadable. You can grab it here to save the information for later or to share with someone you know who may be facing this challenge.

A Framework For Maintaining Trade Secrets  

We’ve outlined a three step framework for maintaining your trade secrets:   

Step 1: Identify and Clearly Define Your Trade Secrets  

You can’t protect what you haven’t identified as a trade secret. So step one requires you to conduct a thorough audit. Consider and document:   

  • What information gives you a competitive edge? Be specific. Is it the precise temperature and timing for a chemical process? The algorithm that powers your recommendation engine? The detailed demographic data of your most profitable customers?  
  • How important it it? Is it mission-critical, nice-to-have, or readily replaceable? You may find that some of what you’re keeping secret isn’t sufficiently valuable to justify the effort needed to protect it. 
  • Where is this information located? Is it in documents, databases, code repositories, physical blueprints, or someone’s head?  

Defining your trade secrets precisely is crucial for legal protection, as we saw recently in Double Eagle Alloys, Inc. v. Hooper. In this case, the United States District Court for the Northern District of Oklahoma granted summary judgment to a former employee (Michael Hooper) and his new employer even after he took 2,660 digital files with him when he left the company (Double Eagle Alloys, Inc.). Why? Because the court found that Double Eagle Alloys didn’t “identify its alleged trade secrets with sufficient particularity”.    

The takeaway: Clearly document what your trade secrets are, how they provide value, and your efforts to keep them secret.  

Step 2: Introduce Adequate Protections  

Once you know what you’re protecting, you need to put up defenses. This may involve legal, physical, technical, or procedural safeguards, or a combination of two or more mechanisms.  

In terms of legal protections, you’ll want to employ confidentiality agreements as well as clear company policies.   

Confidentiality agreements (also known as Non-Disclosure Agreements/NDAs) should be signed by every employee, contractor and consultant who could be encountering proprietary information, as well as business partners and vendors – even during the preliminary phases of a business relationship if you might need to share trade secrets with them down the line.  

These agreements must identify with particularity what is to be considered confidential information that’s within the scope of the agreement. They can be standardized for your company, but be aware that they may cover different types of information and could impose differing obligations on one set of parties vs others. Don’t rely on templates and cutting and pasting: think through what you’re trying to protect, with whom, and under what constraints.  

Be aware, though, that NDAs alone may not suffice. NDAs involve people, and people may need specific education about their responsibilities under certain circumstances.You should also consider offering ongoing employee training and education and adopting clear company policies regarding the use of company devices, personal devices for work, and accepted uses of company information.   

A best practice is to mark or otherwise tag documents and digital files as confidential to help your employees and third parties identify it. This can help to reduce the risk of inadvertent disclosures.  

When you’re creating and implementing these measures, it’s important to remember that you will need to prove to a court that you took reasonable measures to protect your trade secret. Records and documentation about your efforts can help you to demonstrate this point.   

One quick tip: A place we are seeing confidentiality issues arise regularly is employees cutting and pasting company information into large language models (LLMs), like Gemini or ChatGPT, to work more efficiently. What is the fate of this information after it is ingested by the LLM? It’s certainly no longer in the company’s control. What happens to information we upload to a LLM isn’t entirely clear at present, but this uncertainty raises a concern about the impact of these practices on the confidentiality of information that we provide to the LLMs, even for the best of business purposes. If you haven’t developed and introduced policies and training around this risk, it’s time to do so.  

Also worth noting is that an NDA alone may not be sufficient to prove that reasonable measures were taken. It’s worth considering:   

  • Physical Security: For tangible trade secrets (like KFC’s recipe card or a prototype), this usually means locked cabinets, secure labs, and restricted access areas. Security cameras and sign-in logs can also be part of this layer, though most companies don’t have secrets that have to be entombed in two feet of concrete to preserve their confidential status.  
  • Technical Security: Remember, the technical measures you adopt need to be appropriate if you want to claim information is a trade secret. Consider access controls, encryption, network security, and data loss prevention measures.    
  • Procedural Safeguards: Encourage secure disposal and a clean desk policy, amongst other procedural safeguards.  
  • New Technology Training: As the LLM situation demonstrates, new technologies bring with them new risks to confidential information. Management should become familiar with these new technologies, with an eye towards their risks and benefits. That way, policies can be devised regarding the use of these new technologies in the workplace, and training programs can be instituted to let employees know best practices.  

Step 3: Monitor and Detect  

Security provisions aren’t enough. You must also have measures in place to detect (and ideally prevent) potential theft or disclosure in a timely manner. Consider:   

  • Network Monitoring: Monitor network traffic for unusual activity, such as large data transfers to external storage devices or personal cloud accounts, access to sensitive files by employees who don’t typically need them, or access at strange hours.  
  • Endpoint Monitoring: Tools can monitor activity on employee computers, including file access, downloads, and attempts to print or email sensitive documents.  
  • Insider Threat Programs: Develop a program to identify potential insider threats. This involves behavioral analysis, monitoring access patterns, and creating a culture where employees feel comfortable reporting suspicious activity (with appropriate whistleblower protections).  
  • Monitoring Public Sources: Keep an eye on public information, competitor activities, and online forums for any signs that your trade secrets may have been disclosed.  

Conclusion  

Your trade secrets often represent the culmination of years of innovation, investment, and hard work. As such, they make your business work more productively, efficiently, and successfully. They’re worth protecting.   

By using this three-step framework, you should be well placed to prevent many instances of trade secret misappropriation and misuse, and to defend your company’s control over its confidential information in case it is misappropriated.   

If you need assistance managing your company’s IP assets and agreements, reach out. Our team of intellectual property attorneys is ready to work with you.  

Disclaimer

The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.

Other Articles

Stack of folders labelled trademarks on an office boardroom table Oct 17,2019 FAQs about Trademark Protection
Read More
Illustration of a lightbulb with a padlock in the centre of it showing the concept of intellectual property rights and patents vs trade secrets Jul 27,2021 Patents vs Trade Secrets: Which IP Approach is Right for You?
Read More
Illustration of business person conducting competitor analysis using a computer and a world map Dec 17,2021 5 Things You Need to Know About Your Competitors to Manage Risk
Read More

    Ready to Talk?
    Contact Us

    We would to hear from you

    Please take a moment to tell us a few things about your needs and someone from our team will reach out to you as soon as possible.

    We would to hear from you

    Thank you for reaching out!

    Someone from our team will get back to you shortly

    We would to hear from you