How should in-house teams adopt AI? ‘Carefully’, says secrets expert

Ahead of WIPR Trade Secrets West, Cooley partner Heidi Keefe says that for legal teams, caution—not business pressure—should be the priority.

Artificial intelligence has become the hottest topic in intellectual property—and not all for positive reasons.

The risks to trade secrets posed by generative AI in particular are becoming more widely recognised and understood. And they form the topic of a panel session at this year’s WIPR Trade Secrets West event in California on May 28.

WIPR spoke with experienced Cooley partner Heidi Keefe, who is moderating ‘Future-Proofing Trade Secrets: Generative AI Risks, Liabilities & Legal Frontiers’ at the one-day conference.

Keefe, a first chair trial lawyer with two decades of experience, will host fellow panellists Peter Jovanovic (Dell), Subroto Bose (Astera Labs), Dan Housley (Kyndryl), Hongming Liu (Tencent America), and Chris Rucinski (Charles River Associates).

WIPR: Trade secret law has always been the quieter cousin of patents and copyright—why is generative AI suddenly putting it centre stage?

Heidi Keefe: The extraordinarily competitive marketplace for talent is one of the big factors driving trade secrets in AI. The talent pool moves because we see AI companies make headlines with compensation deals to lure employees from other companies, and there are endless startups in the Bay Area and elsewhere hiring AI researchers and engineers. They’re often hired to continue the very same work they did at their former employer.

This isn’t new, but the speed of the AI talent race is pushing a lot of companies to hire people, sometimes without proper safeguards and vetting. We saw a very similar phenomenon in the late 1990s and early 2000s, with the dot-com boom, where you had a lot of employee mobility among internet and web programmers, resulting in lawsuits.

The other reason you don’t see a lot of action in the patent space for AI is that, right now, most of the key patents are being held by very large companies that are more likely to fight in the marketplace rather than the courtroom through patents.

For smaller companies, the patents haven't had time to wend their way through the system yet. As time goes on and these patents are issued, this might change.

What's the single biggest misconception you see in-house IP counsel carrying into an AI rollout right now?

One of the biggest misconceptions is that in-house IP counsel may overestimate the effectiveness of LLMs. We’ve heard the stories about briefs being filed with courts with hallucinated case citations. But beyond that, the ability of LLMs to do complex legal reasoning is simply not there.

LLMs are certainly working to improve capabilities in math, science, and other fields, and it does seem like legal analysis and reasoning is among them.

I think in-house counsel needs to look at LLMs as a tool that might help with specific tasks. Legal questions are very focused, very particular, and this is an area where LLMs fall short.

The more specific the question you’re asking, the more likely the LLM is to produce an unreliable or incomplete answer, in part because of limits in the data on which it was trained, especially in the IP field.

It is excellent at summarising depositions and synthesising information from a group of documents you feed it. But it remains unreliable for drawing on general legal knowledge, particularly in specialised fields like IP.

To be clear, I’m not saying all of us lawyers can rest easy, there may come a day where LLMs can be used for a lot of legal tasks, but right now, in-house lawyers should approach these tools with caution.

When an employee pastes proprietary data into a commercial LLM, what's the legal exposure that most companies haven't fully accounted for?

It largely depends on the LLM, and the Terms of Service. Some LLMs, in the more basic accounts, say that the company can use your prompts to train future models. That’s a problem if you’ve pasted proprietary data into a prompt, and it’s used to train.

It’s possible it could be outputted by the model to a third party. You absolutely should not be pasting in (or uploading) via the prompt, any confidential information into consumer grade LLMs.

Another risk is that the LLM provider may store your prompts and responses on its servers, subject to the provider's retention and access policies. This means if the LLM company is issued a subpoena, they may have to turn over your prompts and responses to a third party.

This obviously can happen in civil litigation, or in some extreme cases, your data could be turned over to a foreign government.

This is less of an issue if you and your company are using an enterprise LLM account and access the LLM through its APIs as you’re not storing the prompts and responses on the LLM provider’s servers.

Can an AI-generated output satisfy the "reasonable efforts to maintain secrecy" requirement if the underlying model was trained on publicly available data?

Obviously, if AI output closely reproduces training data verbatim, that output isn’t going to be protected. So, let’s put that edge case to the side.

As I mentioned above, from a contract perspective, it is going to depend on your terms of service with the LLM provider. If you’re using a consumer grade LLM with terms of service that allow the company to use your prompts and responses to train future models, or disclose them to third parties, a plaintiff could argue that AI-generated data would not satisfy the Uniform Trade Secrets Act’s (UTSA) reasonable efforts.

But the fact that the model itself was trained on public data does not, by itself, prevent the output from being a trade secret. The output is dependent on the prompt you gave the model, which may be detailed and include megabytes of uploaded confidential data. The prompt is just as important, perhaps more so, than the publicly available data on which the model was trained.

No one could reasonably replicate your LLM output if they don’t have your input prompts and input data. The output of an LLM, therefore, is not publicly available data, even if the original training data was.

If a company can't fully explain how its AI produced a particular output, does that opacity help or hurt a trade secret claim?

You could argue that training on trade secret data constitutes misappropriation under the UTSA, though the claim faces significant hurdles—most importantly, a plaintiff would need to show the LLM company acquired or used the data by improper means, or knew or had reason to know it was a trade secret.

Most LLM companies have records of the datasets they used for training (in fact, a California law going into effect soon will require public disclosure of at least a high-level description, so these companies will generally know what categories of data were in the model—though that is a long way from knowing any specific item was a protected trade secret).

If misappropriation could be established, damages would be available, though quantifying them—given how little any single item contributes to a model trained on massive datasets—would be genuinely challenging.

In another scenario, suppose the LLM maker had no way of knowing your trade secrets were in there? Maybe it scraped a webpage that your company incorrectly made accessible or an employee posted information to a public internet site with no indication that it was confidential.

In that situation, it would be difficult to prove that the LLM company had the requisite intent that they acquired by improper means, or that it had reason to know it’s a trade secret.

The big wildcard is the remedy. Can you get an injunction against the model if you prove misappropriation? The data can’t be retrieved or removed from the LLM. There is research on LLMs “unlearning,” but it suggests this is not particularly effective.

And it might be cost-prohibitive for the LLM company to retrain its model from scratch without the trade secret data. Bottom line: would a court require that a model allegedly "tainted” with trade secret data be taken off the market, even if it was only a tiny part of the training set?

I think the answer to this will depend on whether there’s a risk that the trade secret data could be output to an LLM user in response to a prompt. In most cases, the model isn’t going to do that, although it’s not impossible through adversarial prompting. My guess is that a court would not issue an injunction in this situation, if it sees the ultimate disclosure through a prompt to be small.

You're moderating a room likely full of in-house counsel already mid-rollout. What's the one thing you hope every attendee leaves with that they didn't walk in knowing?

See above; they need to be cautious. Companies, especially on the management and business side, are saying that they need to go “all-in” on AI. But legal problems are somewhat unusual in that they require a very precise answer to discrete questions, and there are huge consequences for getting it wrong.

In business and product decisions, there are often lots of ways you can correct, adjust, etc. But if you filed an export control document incorrectly, misapplied tariff rules, quoted from a hallucinated case cited with the court, these are mistakes that AI can generate that are very difficult, very costly, and in some cases very embarrassing, to correct (or even attempt to correct).

I think it’s important for in-house lawyers to explain to management that legal departments need to take LLM adoption very carefully. They need to communicate to the business side that in law, the tools are not yet as reliable for answering mission-critical legal questions.

One day they may be there, but right now, in-house lawyers need to manage the gap between the perceived value of AI, derived from coding and other disciplines where it is highly effective, and where it’s not, like legal.

Trade Secrets West 2026 takes place on May 28 at the Hilton in San Jose, CA.

For more information, contact David Barton at: dbarton@newtonmedia.co.uk

Did you enjoy reading this story? Our free newsletters send stories like this straight to your inbox