Locking the AI Door: Active Secrecy and Unilateral Authority in the Age of Distillation

Written by Ben Esplin

Over the past year, we have written extensively about the fundamental differences in how technology companies protect their competitive moats. We’ve discussed why patents represent a request for government permission—seeking external validation—while trade secrets represent a unilateral assertion of internal ownership and authority (here, for example). We have also warned that treating trade secrets as a passive legal status is a recipe for disaster (here).

Nowhere do these principles collide more violently than in the development of artificial intelligence.

My close friend, mentor, and leading legal tech strategist, James Gatto, recently published a brilliant analysis on the evolving role of trade secrets in AI IP strategy (available here). His piece highlights a critical reality: as the volatility of patent and copyright systems makes protecting core software innovations incredibly risky, trade secrets are no longer just an alternative—they are the primary battlefield.

The Closing Gate of Permission

To put a patent moat around an AI system, you must ask the government for permission. But for software and machine learning architectures, that permission has become a dangerous gamble.

The primary hurdle is the unpredictable minefield of 35 U.S.C. § 101 patent eligibility. Many patent examiners and courts routinely strike down core AI innovations—such as custom neural network structures, optimization algorithms, and specialized training methods—as unpatentable "abstract ideas" (Part 1 of my 5-part series on the predicament § 101 has created can be found here.).

This creates a high-stakes trap. When you file a patent application, the USPTO publishes it within 18 months, laying bare your exact algorithmic approach to the public. If the USPTO then rejects your claims under Section 101, you are left with the worst of both worlds: you have lost your trade secret protection through public disclosure, yet received absolutely zero patent protection in return.

This is why trade secrets are so vital for AI software. They allow you to bypass the volatile, extra-statutory hurdles of the patent office entirely and assert unilateral authority over your model weights, hyperparameters, custom training compilations, and internal data processing pipelines. It is even possible in some cases to fuse trade secrets and patent applications to enhance overall protection (more information here).

The Danger of Passive AI Secrecy

But here is the catch: you cannot protect an AI trade secret passively. Historically, "reasonable measures" to protect a trade secret meant signing NDAs, restricting employee database access, and securing physical server rooms. In the AI era, those passive, administrative measures are entirely insufficient.

As James’s article points out, commercially deployed AI models are subject to entirely new, highly sophisticated vectors of technological extraction that traditional trade secret law is still struggling to categorize.

Prompt Injection and Leaking: Adversaries can craft malicious input prompts designed to bypass safety guardrails and force your LLM to exfiltrate its system prompts, internal configuration logic, or proprietary context data.

Competitors can query your proprietary "teacher" model via public APIs to train their own smaller, cheaper "student" models. By analyzing the outputs, they can effectively reverse-engineer and replicate your model's confidential processing logic—a highly public controversy we saw play out in OpenAI's recent accusations against DeepSeek.

If your company deploys a proprietary model to the public without active, robust technological safeguards against these attacks, a court may find that you failed to take "reasonable measures" to protect your secret. Legally, leaving your AI door unlocked—even if an adversary uses a clever prompt injection "key" to open it—can destroy your trade secret status entirely.

Locking the Door: Technical and Legal Fusion

In the AI age, active trade secret protection requires a tight fusion of technical architecture and legal enforcement.

To maintain unilateral authority over your AI assets, your "reasonable measures" must include technical guardrails: separating user and system prompt processing, employing aggressive input validation, and implementing output filtering models. Legally, these must be mirrored by airtight, enforceable Terms of Service (ToS) that explicitly prohibit prompt manipulation, reverse-engineering, and distillation.

If the volatility of the patent office makes seeking permission too risky, you must assert ownership yourself. But remember: a unilateral assertion of authority is only as strong as the technical lock on the door. By transitioning from passive legal compliance to active, adversarial defense, you can ensure your AI intellectual property remains yours alone under the hood.