By CrossBorder IP · Published May 19, 2026
Your team is using AI tools every day. ChatGPT to draft documents. GitHub Copilot to write code. Microsoft Copilot to summarise internal meetings. Each of these tools is genuinely useful. Each of them is also a potential trade secret risk — and most companies using them have not read the terms carefully enough to understand what rights they are giving away.
Companies are routinely sharing proprietary source code, client lists, internal financial data, product roadmaps, and unpublished research with AI vendors — sometimes knowingly, often not — under terms that give those vendors the right to use that information to train future models or improve their services.
This guide explains the specific risks, how to evaluate your AI vendor agreements, and the concrete steps to protect your trade secrets while still getting the productivity benefits of AI tools.
Why This Matters More Than You Think
Trade secret law protects confidential business information that has commercial value precisely because it is not publicly known. The protection only exists as long as you take reasonable steps to keep it secret.
The moment you share a trade secret with an AI vendor under terms that allow them to use it for model training, you have potentially compromised its protected status. If a future version of that AI model regurgitates your proprietary information in a response to a competitor’s query, your trade secret is gone — and your competitive advantage with it.
Courts are increasingly asking one question when a trade secret claim is challenged: what reasonable measures did the company take to protect secrecy? Routinely inputting confidential data into AI tools under permissive terms is not a reasonable measure — it is the opposite.
What the Major AI Vendors Actually Say About Your Data
Most companies have not read the data usage terms of the AI tools their teams use daily. Here is a summary of the key positions as of 2026:
| Vendor | Default (Consumer/Standard) | Enterprise/API Terms |
|---|---|---|
| OpenAI (ChatGPT) | Consumer accounts: content may be used to train models unless you opt out | API and Enterprise: data not used for training by default; stronger contractual protections available |
| Microsoft Copilot | Microsoft 365 Consumer: governed by Microsoft Services Agreement; training opt-outs available | Microsoft 365 Enterprise with appropriate licensing: customer data not used to train foundation models |
| Google Gemini | Consumer Google accounts: content may be reviewed by humans and used to improve services | Google Workspace Enterprise: customer data not used to train Google AI models |
| GitHub Copilot | Individual: code snippets may be used for model training (opt-out available) | Enterprise: code is not retained or used for training; additional privacy controls available |
The pattern is consistent: consumer and standard accounts carry higher data usage risk; enterprise accounts with appropriate licensing are significantly safer. Most companies are operating in the gap — using business AI tools on consumer or mid-tier accounts without enterprise protections.
PRO TIP: If your team is using any AI tool on a free, personal, or standard business account to process company data, you may be waiving trade secret protection without realising it.
The Specific Types of Data at Risk
High Risk — Should Not Be Shared Without Enterprise Protections
- Source code and proprietary algorithms
- Unpublished product roadmaps and technical specifications
- Client lists, customer data, and pricing information
- Internal financial data, projections, and M&A information
- Proprietary research, datasets, and AI training data
- Trade secret manufacturing processes, formulas, or methods
Medium Risk — Requires Policy Guidance
- Internal strategy documents and competitive analysis
- Employee performance data and HR information
- Legal correspondence and privileged communications
- Vendor contracts with confidential terms
Lower Risk — Generally Acceptable With Standard Precautions
- Publicly available information being used for research or analysis
- Generic content creation without proprietary specifics
- Non-confidential communications and documents
How AI Usage Can Destroy Trade Secret Protection
Mechanism 1: Vendor Training Rights
If the AI vendor’s terms allow them to use your inputs to improve or train their models, your proprietary information becomes part of a system that may be queried by anyone — including your competitors.
Mechanism 2: Loss of Reasonable Measures Defence
Trade secret protection requires that you take “reasonable measures” to maintain secrecy. A company that routinely inputs confidential information into AI systems without appropriate controls is failing that standard. If a trade secret dispute arises and opposing counsel asks what you did to keep this confidential — and the answer includes “our team inputted it into ChatGPT regularly” — you have a serious problem.
Mechanism 3: Employee-Created IP Complications
When an employee uses an AI tool to create content, code, or analysis, the question of who owns the output becomes complex. Without a clear AI usage policy, you are operating with undefined IP ownership over a growing body of AI-generated work product.
Step-by-Step: How to Protect Your Trade Secrets While Using AI
Step 1: Audit Your Current AI Tool Usage
- Survey all departments to identify AI tools currently in use
- Categorise by account type: consumer, standard business, enterprise
- Review data usage terms for each tool at its current subscription level
- Identify which tools are being used to process confidential or proprietary data
- Flag gaps where tool usage does not match your data protection requirements
Step 2: Upgrade to Enterprise Accounts for Business-Critical Tools
For any AI tool your team regularly uses to process proprietary data, upgrade to an enterprise account. When evaluating enterprise AI agreements, look for:
- Explicit commitment that customer data is not used for model training
- Data residency commitments — where your data is stored and processed
- Data retention limits — how long the vendor retains your inputs
- Sub-processor disclosure — which third parties the vendor shares data with
- Security certifications (SOC 2, ISO 27001)
- Breach notification obligations
Step 3: Implement an AI Acceptable Use Policy
Every company using AI tools in 2026 needs a written AI Acceptable Use Policy covering:
- Which AI tools are approved for business use
- Which categories of data may and may not be inputted into AI tools
- Which account types are required for different data sensitivity levels
- Employee obligations to maintain confidentiality when using AI tools
- Ownership of AI-generated work product created by employees
- Reporting requirements for accidental confidential data disclosure
An AI Acceptable Use Policy is now a standard component of trade secret protection for any technology company. Courts will ask whether you had one. If you did not, your “reasonable measures” argument is significantly weakened.
Step 4: Update Employment and Contractor Agreements
Your employment and contractor agreements need to address AI usage: employees must agree not to input confidential information into non-approved AI tools; IP ownership provisions must address AI-assisted work product; and departing employees should be reminded of their confidentiality obligations as they relate to AI tools used during employment.
Step 5: Negotiate AI Vendor Contracts Carefully
For enterprise AI agreements, the following provisions are worth negotiating: zero data retention, explicit prohibition on using your data for any purpose other than the contracted service, right to audit, indemnification for data breaches, and most-favoured-customer terms.
Step 6: Train Your Team
Policy without training is decoration. Your team needs to understand why AI data inputs are a trade secret risk, which tools are approved, what types of data they must not input, and what to do if they accidentally share confidential information. A 30-minute workshop plus a written policy that employees sign is significantly better than nothing — and significantly better in court.
Your AI Trade Secret Protection Checklist
- ✓AI tool audit completed across all departments
- ✓All AI tools used for proprietary data upgraded to enterprise accounts
- ✓Data usage terms reviewed and confirmed for all enterprise AI vendors
- ✓AI Acceptable Use Policy drafted and distributed to all employees
- ✓Employment and contractor agreements updated to address AI usage
- ✓IP ownership of AI-generated work product addressed in agreements
- ✓Employee training conducted on AI data security
- ✓Confidential documents marked and access controls implemented
- ✓Incident response process in place for accidental AI data disclosure
Ready to protect your IP?
Book a free 15-minute strategy call with Cameron Reid.
Book a Free Strategy CallAbout the Author
Cameron Reid is the cofounder of CrossBorder IP, where he advises SaaS companies, tech startups, e-commerce brands, and in-house legal teams on international IP strategy. With over 20 years of experience spanning Big Law, in-house counsel roles, and startup advisory, Cameron specialises in helping businesses protect and scale their IP globally — particularly across the US, Europe, and Asia-Pacific markets.
Disclaimer: This article provides general information about international IP strategy and should not be relied upon as legal advice. IP laws vary significantly by jurisdiction and every business situation is unique. For specific guidance on your IP protection needs, please consult with a qualified attorney in your jurisdiction.