AI Systems and Trade Secret Law in the United States

Trade secret law in the United States sits at an increasingly contested intersection with artificial intelligence development, deployment, and competitive intelligence gathering. This page covers how federal and state trade secret frameworks apply to AI systems — both as tools that can misappropriate protected information and as subjects of protection themselves. The analysis spans the Defend Trade Secrets Act, the Uniform Trade Secrets Act, and the regulatory positions of agencies including the Federal Trade Commission.

Definition and scope

A trade secret, under the Defend Trade Secrets Act of 2016 (DTSA, 18 U.S.C. § 1839), is any form of financial, business, scientific, technical, economic, or engineering information that the owner has taken reasonable measures to keep secret and that derives independent economic value from not being generally known. The DTSA is the primary federal civil remedy framework, creating a private right of action in federal court for the first time in U.S. history when enacted in 2016.

At the state level, most states and the District of Columbia have adopted versions of the Uniform Trade Secrets Act (UTSA), which preceded the DTSA and provides substantially parallel protections with some variation in remedies and definitions. New York and North Carolina remain outside full UTSA adoption, relying on common law trade secret doctrines.

Within the AI context, trade secret law governs two distinct categories of protected assets:

1. AI systems as trade secrets — Training datasets, model weights, architecture configurations, hyperparameter settings, and proprietary training pipelines that derive competitive value from secrecy.
2. AI systems as misappropriation instruments — AI-powered tools used to extract, reverse-engineer, or replicate protected information belonging to third parties.

The scope question is non-trivial. Model weights for large commercial AI systems represent billions of parameters and are among the most commercially valuable technical assets in the U.S. economy. Whether such weights constitute a "trade secret" under the DTSA depends on the owner satisfying the reasonable-measures and independent-economic-value prongs, not on the technical complexity alone.

For a broader view of how AI intersects with property rights frameworks, see AI and Intellectual Property Law.

How it works

Trade secret protection under the DTSA does not require registration. Protection attaches automatically when the owner takes reasonable measures to maintain secrecy and the information qualifies under the statutory definition. The misappropriation trigger — not mere possession — is what creates legal liability.

Misappropriation under 18 U.S.C. § 1839(5) occurs through one of two routes:

1. Acquisition by improper means — Theft, bribery, misrepresentation, breach of duty to maintain secrecy, espionage, or unauthorized computer access.
2. Disclosure or use without consent — Communicating or using a trade secret with knowledge that the information was acquired through improper means or in violation of a duty to maintain secrecy.

In the AI context, misappropriation analysis proceeds through the following structured phases:

1. Identification — Establishing that a specific, identifiable piece of information qualifies as a trade secret at the time of the alleged misappropriation.
2. Reasonable measures assessment — Evaluating whether the owner implemented access controls, non-disclosure agreements, encryption, compartmentalization, or other concrete security practices. Vague policies without enforcement generally do not satisfy this prong.
3. Improper means or duty analysis — Determining whether the defendant used unauthorized computer access, violated contractual obligations, or exploited a confidential relationship.
4. Independent economic value — Demonstrating that the secrecy itself provides competitive advantage — a showing that becomes more straightforward when the information is the basis of a commercial product.
5. Damages or injunctive relief — The DTSA allows exemplary damages up to two times the compensatory damages amount for willful and malicious misappropriation (18 U.S.C. § 1836(b)(3)(C)), plus attorney fees in exceptional cases.

The Federal Trade Commission has separately addressed trade secret concerns in its scrutiny of AI competitive practices, particularly in merger review and unfair competition proceedings. See FTC AI Enforcement and Legal Implications for the agency's enforcement posture.

Common scenarios

Four factual patterns dominate trade secret litigation involving AI systems:

Employee departure with model artifacts. Engineers leaving AI companies and taking model weights, training code, or proprietary datasets to competitors represent the most frequently litigated scenario. Courts apply the DTSA's definition of "improper means" to include unauthorized copying before departure, even absent a specific theft of physical media.

Web scraping and training data extraction. AI developers using automated scraping tools to collect data that includes trade secrets — such as proprietary pricing algorithms, customer databases, or internal technical documents inadvertently accessible via misconfigured servers — raise complex misappropriation questions. Courts have examined whether the scraping itself constitutes unauthorized computer access under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), which can serve as an independent predicate for DTSA improper-means liability.

Reverse engineering via model outputs. An actor who systematically queries a proprietary AI model and uses the outputs to reconstruct the underlying model — a practice known as model extraction — presents a contested misappropriation question. Whether this constitutes improper means depends heavily on the platform's terms of service and any applicable duty analysis, not on the technical act alone.

Vendor and API access misuse. Enterprise customers who gain access to AI systems through licensing agreements and then use those systems to build competing products may face both trade secret claims and breach of contract claims. These cases often proceed on parallel tracks. For related contract review dynamics, see AI Contract Review Under U.S. Law.

AI-generated competitive intelligence. AI tools used to aggregate and synthesize publicly available information can, in some configurations, produce outputs that incorporate protected trade secrets — particularly when the training data included improperly obtained proprietary materials. This creates downstream liability risk for the tool's operators.

Decision boundaries

Several classification questions define whether trade secret protection applies or fails in AI-specific contexts:

Trade secret vs. patent protection. These two frameworks are mutually exclusive in a practical sense: a patent application requires public disclosure, which destroys trade secret status. An AI developer choosing to patent a novel model architecture forfeits trade secret protection for the disclosed elements. Choosing trade secret protection means accepting the risk of independent discovery or reverse engineering, neither of which constitutes misappropriation under the DTSA. See AI Patent Inventorship in the U.S. for the patent-side analysis.

Publicly available information boundary. Information that is "generally known" or "readily ascertainable" to persons in the relevant industry falls outside trade secret protection under both the DTSA and UTSA. Courts have consistently held that this is an objective standard, not a subjective one. An AI model trained exclusively on publicly available data, with architecture details published in academic literature, would not satisfy the secrecy requirement even if the owner considers it proprietary.

Reasonable measures — threshold vs. failure. Courts apply a fact-specific reasonableness standard, not a perfection standard. A company that uses role-based access controls, employee NDAs, and encrypted storage has generally satisfied reasonable measures. A company that stores model weights on an unprotected internal server with no access logging has typically not. The distinction matters because failure to take reasonable measures is an affirmative defense for defendants — not merely a damages-reduction argument.

Independent economic value — latent vs. active. Some AI system components derive value from secrecy only if actively exploited commercially. Courts have distinguished between information with demonstrated market value (active) and information whose value is speculative or theoretical (latent). Speculative value arguments tend to fail at the identification stage.

Duration of protection. Unlike patents, which expire after a fixed statutory term, trade secret protection lasts as long as the secrecy and economic value conditions are maintained. However, once a trade secret is publicly disclosed — by the owner, by a misappropriator, or through independent discovery — protection is extinguished and cannot be revived.

For context on how AI regulatory frameworks interact with these protections at the federal level, the AI Regulatory Framework in the U.S. page maps the agency landscape. Trade secret considerations also arise in AI Data Privacy Law when training datasets include personally identifiable information subject to overlapping federal and state privacy obligations.

References

• Defend Trade Secrets Act of 2016, 18 U.S.C. § 1836–1839 — U.S. House Office of the Law Revision Counsel
• Uniform Trade Secrets Act — Uniform Law Commission — Uniform Law Commission
• Computer Fraud and Abuse Act, 18 U.S.C. § 1030 — U.S. House Office of the Law Revision Counsel
• [Federal Trade Commission — Competition and AI](https://www.ftc.gov/competition