# Trade-secret leakage into public AI models[^about] How public and enterprise AI use affects trade-secret protection, including vendor terms, policies, containment steps, and model memorization. ## Can putting company secrets into public AI tools destroy trade-secret protection? {#public-ai-trade-secret-disclosure} **Short answer.** Public AI use can create bad secrecy facts because trade-secret protection still turns on reasonable measures and disclosure control. Courts have not adopted a broad AI rule, but consumer tools with training, review, or retention rights are the hardest record to defend. The federal baseline is still the DTSA. A trade secret exists only if "the owner thereof has taken reasonable measures to keep such information secret"[^18-u-s-c-1839-3-a] and the information derives value from not being generally known. [^18-u-s-c-1839-3-a] The remedial section matters too. Section 1836 authorizes seizure and injunction-style relief to prevent the propagation or dissemination of the trade secret and permits affirmative actions to be taken to protect the trade secret. [^18-u-s-c-1836-b-2-a-i] State trade-secret law mostly uses the same idea, usually through a UTSA formulation that asks whether secrecy efforts were reasonable under the circumstances. New Jersey is representative: information qualifies only if it "is the subject of efforts that are reasonable under the circumstances to maintain its secrecy"[^n-j-s-a-56-15-2]. [^n-j-s-a-56-15-2] That is why AI-era disputes will probably turn less on novel doctrine than on whether the company can show a sensible match between the sensitivity of the information and the way it allowed employees or agents to use AI. One useful recent example is *Snyder v. Beam Technologies, Inc.* The Tenth Circuit treated password protection and possession alone as inadequate where the claimant had not marked the material confidential and had not imposed downstream restrictions on recipients. [^snyder-v-beam-technologies-inc-no-24-1136-10th-c] That is not an AI case. But it is the right kind of case. It suggests that courts are looking for specificity, labeling, segregation, and recipient control rather than broad statements that information is proprietary. The employer-side bar is unusually aligned on the threshold point. Proskauer says that putting information into ChatGPT may weaken a company’s position that the information remained a trade secret. Goodwin says user inputs to many generative-AI systems are not protected as confidential. Winston says a simple confidentiality agreement may need reevaluation when AI inputs may be stored, reviewed, or used in later learning. Fisher Phillips reaches the same place more bluntly: the company’s most important data needs distance from public GenAI if later trade-secret protection is going to be credible. [^proskauer-rose-chatgpt-risks-and-the-need-for-co][^goodwin-what-employers-need-to-know-about-use-of][^winston-strawn-harnessing-generative-ai-best-pra][^fisher-phillips-the-10-things-all-employers-must] The 2026 privilege commentary sharpened the trade-secret analysis by giving firms a cleaner analogy. Goodwin says public generative-AI platforms are third parties. Proskauer says standard consumer offerings provide less confidentiality protection, while leaving open whether enterprise products with no-training and contractual confidentiality commitments could look different on different facts. Perkins adds that later handing AI-generated work to counsel does not retroactively restore protection. [^goodwin-ai-chatbots-privilege-and-pitfalls-lesso][^proskauer-rose-sdny-addresses-privilege-and-work][^perkins-coie-heppner-and-gilbarco-courts-apply-p] The second consequence is that public consumer tools create the worst record. OpenAI says individual services "may use your content to train our models"[^openai-help-center-how-your-data-is-used-to-impr] unless the user opts out, while Temporary Chat still may be retained for abuse monitoring for up to 30 days. [^openai-help-center-how-your-data-is-used-to-impr][^openai-help-center-temporary-chat-faq] Google’s consumer Gemini materials are even more direct: users are told not to enter confidential information or any data you wouldn't want a reviewer to see and reviewed chats may be retained for up to three years. [^google-gemini-apps-privacy-hub] If a later plaintiff says the company tolerated disclosure to a third party with its own review and retention rights, those terms supply the argument for free. The narrow reading is that consumer-chatbot development without confidentiality commitments is bad facts. The broader reading is that courts may start treating public AI use itself as inconsistent with secrecy. We think the narrow reading is safer for now. The case is early, and the stronger distinction in the commentary is still consumer versus enterprise, not AI versus non-AI. [^thompson-hine-trade-secret-quarterly-february-20][^ipwatchdog-navigating-recent-developments-in-gen] ## Does enterprise AI preserve trade-secret protection for confidential company data? {#enterprise-ai-trade-secret-protection} **Short answer.** Enterprise AI can improve the confidentiality record, especially with no-training terms and retention controls. It is not a safe harbor because product settings, logging, safety review, connectors, and tenant boundaries still matter. Trade-secret law has not acquired an AI exception. It still asks whether the owner took reasonable measures. What changed is the factual record courts will examine. Public consumer models increasingly look like disclosure to an outside recipient that is not clearly bound to keep the material secret, especially where the provider may train on inputs, retain logs, permit human review, or preserve chats for other proceedings. [^openai-help-center-how-your-data-is-used-to-impr-2][^google-gemini-apps-privacy-hub-2][^goodwin-ai-chatbots-privilege-and-pitfalls-lesso-2] Enterprise AI improves those facts, but it does not make external processing disappear. The record still depends on which tenant, which endpoints, which retention settings, which connectors, and whether the company can show that sensitive material was classified, restricted, and preserved when leakage was suspected. [^openai-enterprise-privacy-at-openai][^openai-data-controls-in-the-openai-platform][^quinn-emanuel-urquhart-sullivan-preventing-detec] Enterprise terms materially improve the facts, but they do not create a safe harbor. OpenAI says business customers own and control their data and that it does not train on business data by default, yet its platform guide still says default abuse-monitoring logs may retain prompts and responses for up to 30 days absent stricter controls. [^openai-enterprise-privacy-at-openai][^openai-data-controls-in-the-openai-platform] Anthropic says it does not train on commercial inputs and outputs by default, but standard commercial retention still exists, zero-data-retention is limited to eligible products, and flagged chats can be retained for up to two years. [^anthropic-privacy-center-is-my-data-used-for-mod][^anthropic-privacy-center-how-long-do-you-store-m][^anthropic-privacy-center-i-have-a-zero-data-rete][^anthropic-privacy-center-does-anthropic-act-as-a] Google Workspace says it does not use Workspace customer data to train outside Workspace without permission, and licensed Workspace with Gemini submissions are not used to train models or reviewed by humans. [^google-workspace-generative-ai-security-complian][^google-workspace-help-google-workspace-with-gemi] Microsoft says Copilot prompts, responses, and Microsoft Graph data are not used to train foundation models, while also saying Copilot Chat prompts and responses are logged and stored in Exchange for auditing and eDiscovery. [^microsoft-learn-microsoft-365-copilot-chat-priva][^microsoft-learn-data-privacy-and-security-for-mi] So the legal question is not did we buy enterprise AI. It is which product, with which settings, on which path. The argument for preservation is familiar: trade-secret law has long tolerated disclosure to service providers acting under confidentiality restrictions. The counterargument is that provider-side logging, safety review, application-state storage, and third-party connectors mean the material still moved outside the owner’s exclusive control. Perhaps enterprise AI looks less like publication and more like outsourced processing. It probably does not look like no disclosure at all. [^openai-enterprise-privacy-at-openai][^openai-data-controls-in-the-openai-platform][^goodwin-ai-chatbots-privilege-and-pitfalls-lesso-2][^proskauer-rose-sdny-addresses-privilege-and-work-2] ## What AI-use policy helps show reasonable trade-secret protection measures? {#ai-use-policy-reasonable-measures} **Short answer.** A defensible AI-use policy should be tool-specific, data-specific, and enforceable in logs and access controls. Mandatory AI use makes those controls more important because approved tools and excluded data become part of the normal operating record. The more interesting agreement is about structure. Perkins Coie, Orrick, Fisher Phillips, and Goodwin do not describe the solution as an abstract AI policy. They describe tool-specific governance: rules for what may be entered, differentiated treatment by use case, approval and visibility for higher-risk deployments, and contractual restrictions when third parties touch the data or the model. [^perkins-coie-ten-considerations-for-developing-a][^orrick-protecting-trade-secrets-tips-for-ai-comp][^fisher-phillips-the-10-things-all-employers-must-2][^goodwin-what-employers-need-to-know-about-use-of-2] That is a small but important shift. The firms are not really talking about employee training as culture. They are talking about it as evidence. The first consequence is that AI governance is becoming part of the secrecy showing. A company that can only point to a handbook clause saying employees must protect confidential information has weaker facts than a company that can identify which information counts as secret, which tools are approved, which categories cannot be pasted into them, and which logs exist if something goes wrong. [^snyder-v-beam-technologies-inc-no-24-1136-10th-c-2][^perkins-coie-ten-considerations-for-developing-a][^quinn-emanuel-urquhart-sullivan-preventing-detec-2] Mandatory AI adoption raises the burden again. Once AI use becomes a baseline expectation, the company loses the easy story that any AI use was rogue behavior at the edge of the organization. Shopify’s public posture matters for that reason. It ties AI use to hiring, review, and resource allocation, which means the controls around approved tools and excluded data become part of the company’s basic operating record. [^first-round-review-from-memo-to-movement-shopify][^the-verge-shopify-ceo-says-no-new-hires-without] The opposite extreme is not obviously cleaner. Samsung’s temporary restriction on employee use after sensitive code was uploaded shows the other problem: once a real leak occurs, later litigation will care not just about the preexisting rule but about the speed and completeness of containment. [^reuters-chatgpt-fever-spreads-to-us-workplace-so] Perhaps reasonableness under the circumstances does not require perfect prevention if the company classified secrets, trained workers, restricted exports, and forced work into approved tenants. The harder line is that downstream recipient control still matters, so a company that blocks ChatGPT on the corporate network but tolerates copying into personal accounts may have worse facts than it assumes. [^snyder-v-beam-technologies-inc-no-24-1136-10th-c-2][^quinn-emanuel-urquhart-sullivan-preventing-detec-2][^orrick-protecting-trade-secrets-tips-for-ai-comp] ## How should a company contain suspected trade-secret leakage through AI prompts? {#ai-prompt-leak-containment} **Short answer.** Containment should start before evidence disappears by preserving prompts, outputs, accounts, connectors, exports, and provider-side logs where available. The faster the company can reconstruct the AI path, the better its secrecy and remedy record. An early 2026 district-court decision, *Trinidad v. OpenAI, Inc.*, has been described in commentary as treating consumer-chatbot development of the claimed secret as voluntary disclosure inconsistent with secrecy. If later courts read it the same way, it could become the first direct AI-era statement on the point. For now it looks more like a signal than settled doctrine. [^thompson-hine-trade-secret-quarterly-february-20-2][^ipwatchdog-navigating-recent-developments-in-gen-2] Quinn Emanuel pushes the operational point furthest. In its telling, AI changes the mechanics of theft. The leak can happen in a conversation rather than a file transfer. That makes chat histories, memory features, export functions, and prompt logs part of the trade-secret story rather than peripheral eDiscovery debris. [^quinn-emanuel-urquhart-sullivan-preventing-detec-3] The final consequence is about time. Suspected leakage now becomes a preservation problem very quickly. Consumer chats may be reviewed or retained elsewhere. Enterprise logs may be short-lived, or separated across the AI provider, the identity stack, the browser, and the device. Companies that can reconstruct prompts, outputs, accounts, connectors, and export paths have materially better facts than companies that discover the leak after the retention window closed. [^quinn-emanuel-urquhart-sullivan-preventing-detec-3][^18-u-s-c-1836-b-2-a-i-2] ## Does AI model memorization make training on trade secrets a disclosure risk? {#ai-model-memorization-trade-secrets} **Short answer.** Model memorization does not yet support a categorical rule that any training equals publication. It does make training, fine-tuning, repetition, and extraction risk relevant to the secrecy analysis. The technical literature makes it hard to say the risk is imaginary. Carlini and later work show that training data can sometimes be extracted, especially under adversarial prompting or after fine-tuning on repeated sensitive data. Later work also argues that some common leakage measures overstate genuine memorization. So there is not yet a clean basis for the categorical claim that any training equals publication. But there is enough evidence to make training and fine-tuning choices part of the secrecy analysis. [^nicholas-carlini-et-al-extracting-training-data][^extracting-memorized-training-data-via-decomposi][^do-llms-really-memorize-personally-identifiable] [^about]: By Steven Obiajulu, J.D. Published by [openagreements.org](https://openagreements.org). Last reviewed 2026-04-20. License: CC BY 4.0. Steven Obiajulu, J.D. edits this topic article for Federal + multi-state coverage. It synthesizes legal sources and is not legal advice. This article is for informational purposes only and does not create an attorney-client relationship. [^18-u-s-c-1839-3-a]: **18 U.S.C. § 1839(3)(A)** — "the owner thereof has taken reasonable measures to keep such information secret" *18 U.S.C. § 1839(3)(A).* [^18-u-s-c-1836-b-2-a-i]: **18 U.S.C. § 1836(b)(2)(A)(i)** — "The district courts of the United States shall have exclusive original jurisdiction of civil actions under this section." *18 U.S.C. § 1836(b)(2)(A)(i).* [^n-j-s-a-56-15-2]: **N.J.S.A. 56:15-2** — "is the subject of efforts that are reasonable under the circumstances to maintain its secrecy" *N.J.S.A. 56:15-2.* [^snyder-v-beam-technologies-inc-no-24-1136-10th-c]: **Snyder v. Beam Technologies, Inc., No. 24-1136 (10th Cir. Aug. 5, 2025)** — "The district court granted summary judgment on Snyder’s two trade secret claims. It held that Snyder offered insufficient evidence to show that he ‘owned’ the alleged trade secret, a customer list." *Snyder v. Beam Technologies, Inc., No. 24-1136 (10th Cir. Aug. 5, 2025).* [^proskauer-rose-chatgpt-risks-and-the-need-for-co]: **Proskauer Rose commentary** — "businesses are well advised to evaluate the issues and risks to determine what policies or technical guardrails, if any, should be imposed on GAI’s use in the workplace." *Proskauer Rose, ChatGPT Risks and the Need for Corporate Policies.* [^goodwin-what-employers-need-to-know-about-use-of]: **Goodwin commentary** — "In most cases, employees and contractors that input company information, including confidential or sensitive information, are essentially putting it in the public domain." *Goodwin, What Employers Need to Know About Use of Generative AI at Work.* [^winston-strawn-harnessing-generative-ai-best-pra]: **Winston & Strawn commentary** — "Inputs that are comprised of trade secrets may also be used to further train the tool, and thus be disclosed to users not affiliated with the company that owns the trade secrets." *Winston & Strawn, Harnessing Generative AI: Best Practices for Trade Secret Protection.* [^fisher-phillips-the-10-things-all-employers-must]: **Fisher Phillips, The 10 Things All Employers Must Include in Any Workplace AI Policy** — "A first step is developing a workplace GenAI policy." *Fisher Phillips, The 10 Things All Employers Must Include in Any Workplace AI Policy.* [^goodwin-ai-chatbots-privilege-and-pitfalls-lesso]: **Goodwin, AI Chatbots, Privilege, and Pitfalls: Lessons for Keeping Generative AI Exchanges Out of the Hands of Legal Adversaries** — "Disclosing attorney-client communications or privileged work product to a public AI platform may constitute a waiver of applicable legal privilege in connection with the underlying material, similar to other disclosures to unrelated third parties." *Goodwin, AI Chatbots, Privilege, and Pitfalls: Lessons for Keeping Generative AI Exchanges Out of the Hands of Legal Adversaries.* [^proskauer-rose-sdny-addresses-privilege-and-work]: **Proskauer Rose commentary** — "disclosure of privileged communications to a third party in circumstances that undermine confidentiality (here, the corporation operating the AI tool) may result in waiver." *Proskauer Rose, SDNY Addresses Privilege and Work Product Implications of Using Unsecured Public AI Tools.* [^perkins-coie-heppner-and-gilbarco-courts-apply-p]: **Perkins Coie, Heppner and Gilbarco: Courts Apply Privilege and Work Product Protection to Generative AI Tools** — "generative AI programs[] are tools, not persons, even if they may have administrators somewhere in the background." *Perkins Coie, Heppner and Gilbarco: Courts Apply Privilege and Work Product Protection to Generative AI Tools.* [^openai-help-center-how-your-data-is-used-to-impr]: **OpenAI Help Center, How your data is used to improve model performance** — "may use your content to train our models" *OpenAI Help Center, How your data is used to improve model performance.* [^openai-help-center-temporary-chat-faq]: **OpenAI Help Center, Temporary Chat FAQ** — "Temporary Chats won’t appear in your history, and ChatGPT won’t remember anything you talk about." *OpenAI Help Center, Temporary Chat FAQ.* [^google-gemini-apps-privacy-hub]: **Google, Gemini Apps Privacy Hub** — "Human reviewers (including trained reviewers from our service providers) review some of the data we collect for these purposes." *Google, Gemini Apps Privacy Hub.* [^thompson-hine-trade-secret-quarterly-february-20]: **Thompson Hine, Trade Secret Quarterly, February 2026** — "There is a growing split among federal circuit courts regarding how particularly plaintiffs must describe the trade secrets at issue, and at which point in the litigation this particularity is required." *Thompson Hine, Trade Secret Quarterly, February 2026.* [^ipwatchdog-navigating-recent-developments-in-gen]: **IPWatchdog, Navigating Recent Developments in Generative AI and Trade Secret Protection** — "Taken together, Trinidad and Heppner are among the first decisions to establish that confidential information shared with a public AI platform is not legally protected." *IPWatchdog, Navigating Recent Developments in Generative AI and Trade Secret Protection.* [^openai-help-center-how-your-data-is-used-to-impr-2]: **OpenAI Help Center, How your data is used to improve model performance** — "may use your content to train our models" *OpenAI Help Center, How your data is used to improve model performance.* [^google-gemini-apps-privacy-hub-2]: **Google, Gemini Apps Privacy Hub** — "Human reviewers (including trained reviewers from our service providers) review some of the data we collect for these purposes." *Google, Gemini Apps Privacy Hub.* [^goodwin-ai-chatbots-privilege-and-pitfalls-lesso-2]: **Goodwin, AI Chatbots, Privilege, and Pitfalls: Lessons for Keeping Generative AI Exchanges Out of the Hands of Legal Adversaries** — "Disclosing attorney-client communications or privileged work product to a public AI platform may constitute a waiver of applicable legal privilege in connection with the underlying material, similar to other disclosures to unrelated third parties." *Goodwin, AI Chatbots, Privilege, and Pitfalls: Lessons for Keeping Generative AI Exchanges Out of the Hands of Legal Adversaries.* [^openai-enterprise-privacy-at-openai]: **OpenAI, Enterprise privacy at OpenAI** — "We do not train our models on your data by default" *OpenAI, Enterprise privacy at OpenAI.* [^openai-data-controls-in-the-openai-platform]: **OpenAI, Data controls in the OpenAI platform** — "As of March 1, 2023, data sent to the OpenAI API is not used to train or improve OpenAI models (unless you explicitly opt in to share data with us)." *OpenAI, Data controls in the OpenAI platform.* [^quinn-emanuel-urquhart-sullivan-preventing-detec]: **Quinn Emanuel Urquhart & Sullivan commentary** — "AI-specific provisions may serve as deterrents and, where a dispute arises, as evidence bearing on willfulness under the Defend Trade Secrets Act (‘DTSA’)." *Quinn Emanuel Urquhart & Sullivan, Preventing, Detecting, and Litigating Trade Secret Theft in the Age of AI.* [^anthropic-privacy-center-is-my-data-used-for-mod]: **Anthropic Privacy Center, Is my data used for model training?** — "By default, we will not use your inputs or outputs from our commercial products (e.g. Claude for Work, Anthropic API, Claude Gov, etc.) to train our models." *Anthropic Privacy Center, Is my data used for model training?.* [^anthropic-privacy-center-how-long-do-you-store-m]: **Anthropic Privacy Center, How long do you store my organization's data?** — "For Anthropic API users, we automatically delete inputs and outputs on our backend within 30 days of receipt or generation" *Anthropic Privacy Center, How long do you store my organization's data?.* [^anthropic-privacy-center-i-have-a-zero-data-rete]: **Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?** — "the only products to which zero data retention applies are eligible Anthropic APIs, and Anthropic products that use your Commercial organization API key (including Claude Code)." *Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?.* [^anthropic-privacy-center-does-anthropic-act-as-a]: **Anthropic Privacy Center, Does Anthropic Act as a Data Processor or Controller?** — "When a commercial customer creates a Claude for Work account (Team or Enterprise plan), under our Commercial Terms of Service the customer is the ‘Controller’ of the data submitted by its Users." *Anthropic Privacy Center, Does Anthropic Act as a Data Processor or Controller?.* [^google-workspace-generative-ai-security-complian]: **Google Workspace, Generative AI Security, Compliance and Privacy** — "Google does not use customersâ Workspace data to train or improve the underlying generative AI and large language models (LLMs) that power Gemini, Search, and other systems outside of Workspace without permission." *Google Workspace, Generative AI Security, Compliance and Privacy.* [^google-workspace-help-google-workspace-with-gemi]: **Google Workspace Help, Google Workspace with Gemini FAQ** — "Users with a Google Workspace with Gemini license get enterprise-grade data protections when they use Gemini app. Submissions aren't used to train models and are never reviewed by humans." *Google Workspace Help, Google Workspace with Gemini FAQ.* [^microsoft-learn-microsoft-365-copilot-chat-priva]: **Microsoft Learn, Microsoft 365 Copilot Chat Privacy and Protections** — "Prompts and responses aren't used to train the underlying foundation models." *Microsoft Learn, Microsoft 365 Copilot Chat Privacy and Protections.* [^microsoft-learn-data-privacy-and-security-for-mi]: **Microsoft Learn, Data, Privacy, and Security for Microsoft 365 Copilot** — "Prompts, responses, and data accessed through Microsoft Graph aren't used to train foundation LLMs, including those used by Microsoft 365 Copilot." *Microsoft Learn, Data, Privacy, and Security for Microsoft 365 Copilot.* [^proskauer-rose-sdny-addresses-privilege-and-work-2]: **Proskauer Rose commentary** — "disclosure of privileged communications to a third party in circumstances that undermine confidentiality (here, the corporation operating the AI tool) may result in waiver." *Proskauer Rose, SDNY Addresses Privilege and Work Product Implications of Using Unsecured Public AI Tools.* [^perkins-coie-ten-considerations-for-developing-a]: **Perkins Coie commentary** — "To manage these risks, many companies are adopting an acceptable use policy (AUP) governing their use of third-party generative AI tools, educating employees on their use, and monitoring initial use cases and the quality, legality, and accuracy of the outputs" *Perkins Coie, Ten Considerations for Developing an Effective Generative AI Use Policy.* [^orrick-protecting-trade-secrets-tips-for-ai-comp]: **Orrick commentary** — "A company does not need to register a trade secret to invoke it in litigation, unlike other IP protections." *Orrick, Protecting Trade Secrets: Tips for AI Companies.* [^fisher-phillips-the-10-things-all-employers-must-2]: **Fisher Phillips, The 10 Things All Employers Must Include in Any Workplace AI Policy** — "A first step is developing a workplace GenAI policy." *Fisher Phillips, The 10 Things All Employers Must Include in Any Workplace AI Policy.* [^goodwin-what-employers-need-to-know-about-use-of-2]: **Goodwin commentary** — "In most cases, employees and contractors that input company information, including confidential or sensitive information, are essentially putting it in the public domain." *Goodwin, What Employers Need to Know About Use of Generative AI at Work.* [^snyder-v-beam-technologies-inc-no-24-1136-10th-c-2]: **Snyder v. Beam Technologies, Inc., No. 24-1136 (10th Cir. Aug. 5, 2025)** — "The district court granted summary judgment on Snyder’s two trade secret claims. It held that Snyder offered insufficient evidence to show that he ‘owned’ the alleged trade secret, a customer list." *Snyder v. Beam Technologies, Inc., No. 24-1136 (10th Cir. Aug. 5, 2025).* [^quinn-emanuel-urquhart-sullivan-preventing-detec-2]: **Quinn Emanuel Urquhart & Sullivan commentary** — "AI-specific provisions may serve as deterrents and, where a dispute arises, as evidence bearing on willfulness under the Defend Trade Secrets Act (‘DTSA’)." *Quinn Emanuel Urquhart & Sullivan, Preventing, Detecting, and Litigating Trade Secret Theft in the Age of AI.* [^first-round-review-from-memo-to-movement-shopify]: **First Round Review, From Memo to Movement: Shopify's Cultural Adoption of AI** — "Alignment at the highest level means everyone understands you have to find a way to get to ‘yes,’ including the key conversations around security and privacy." *First Round Review, From Memo to Movement: Shopify's Cultural Adoption of AI.* [^the-verge-shopify-ceo-says-no-new-hires-without]: **The Verge, Shopify CEO says no new hires without proof AI can't do the job** — "Before asking for more Headcount and resources, teams must demonstrate why they cannot get what they want done using AI." *The Verge, Shopify CEO says no new hires without proof AI can't do the job.* [^reuters-chatgpt-fever-spreads-to-us-workplace-so]: **Reuters, ChatGPT fever spreads to US workplace, sounding alarm for some** — "Security firms and companies have raised concerns, however, that it could result in intellectual property and strategy leaks." *Reuters, ChatGPT fever spreads to US workplace, sounding alarm for some.* [^thompson-hine-trade-secret-quarterly-february-20-2]: **Thompson Hine, Trade Secret Quarterly, February 2026** — "There is a growing split among federal circuit courts regarding how particularly plaintiffs must describe the trade secrets at issue, and at which point in the litigation this particularity is required." *Thompson Hine, Trade Secret Quarterly, February 2026.* [^ipwatchdog-navigating-recent-developments-in-gen-2]: **IPWatchdog, Navigating Recent Developments in Generative AI and Trade Secret Protection** — "Taken together, Trinidad and Heppner are among the first decisions to establish that confidential information shared with a public AI platform is not legally protected." *IPWatchdog, Navigating Recent Developments in Generative AI and Trade Secret Protection.* [^quinn-emanuel-urquhart-sullivan-preventing-detec-3]: **Quinn Emanuel Urquhart & Sullivan commentary** — "AI-specific provisions may serve as deterrents and, where a dispute arises, as evidence bearing on willfulness under the Defend Trade Secrets Act (‘DTSA’)." *Quinn Emanuel Urquhart & Sullivan, Preventing, Detecting, and Litigating Trade Secret Theft in the Age of AI.* [^18-u-s-c-1836-b-2-a-i-2]: **18 U.S.C. § 1836(b)(2)(A)(i)** — "The district courts of the United States shall have exclusive original jurisdiction of civil actions under this section." *18 U.S.C. § 1836(b)(2)(A)(i).* [^nicholas-carlini-et-al-extracting-training-data]: **Nicholas Carlini et al., Extracting Training Data from Large Language Models** — "This paper demonstrates that in such settings, an adversary can perform a training data extraction attack to recover individual training examples by querying the language model." *Nicholas Carlini et al., Extracting Training Data from Large Language Models.* [^extracting-memorized-training-data-via-decomposi]: **Extracting Memorized Training Data via Decomposition** — "In this paper, we demonstrate a simple, query-based decompositional method to extract news articles from two frontier LLMs." *Extracting Memorized Training Data via Decomposition.* [^do-llms-really-memorize-personally-identifiable]: **Do LLMs Really Memorize Personally Identifiable Information?** — "Our results show that existing evaluation of PII leakage substantially overestimates privacy risk, as such evaluations conflate cue-driven reconstruction with genuine memorization across languages and evaluation paradigms." *Do LLMs Really Memorize Personally Identifiable Information?.*