Trade secret protection must adapt as AI agents gain access to company systems
In-house counsel have focused on the obvious risk: employees pasting company data into ChatGPT. But a deeper threat is emerging as AI agents-software that can autonomously retrieve information, read emails, access databases, and execute tasks across multiple systems-become embedded in everyday workflows.
Once an agent gains system-level access, the protective boundary around trade secrets shifts. The company has effectively handed control to an external system.
This is not theoretical. Since 2026, mainstream AI agent platforms have suffered from vulnerabilities including path traversal, prompt injection, and server-side request forgery. Attackers can craft malicious instructions and use an authorized agent account to move laterally through enterprise systems.
In March 2026, China's Ministry of Industry and Information Technology and National Computer Network Emergency Response Team issued the first systematic regulatory warning on AI agent security risks, naming specific attack vectors: prompt injection, inter-process communication hijacking, and malicious plug-in installation. The alert served as a compliance call for corporations.
Three new leakage paths
Systematic harvesting replaces one-off disclosure. An employee downloading a quotation leaves a visible breach. But an agent granted access to a CRM, project management tools, and email-asked to "summarize this quarter's client negotiations"-aggregates dozens of sensitive documents in a single run without visibly opening each file. Traditional monitoring points for trade secrets become ineffective.
The CNCERT alert also describes a covert mechanism: attackers use inter-process communications via the MCP protocol to inject prompts, steering an authorized agent to extract data without crossing visible permission boundaries.
Rewriting and restructuring erase the trail. AI tools often transform trade secrets into summaries, syntheses, or distilled rules rather than copying text verbatim. A departing employee may take not a document, but an AI-refined knowledge model. Litigation relying mainly on word-for-word comparison will likely fail.
China's Anti-unfair Competition Law protects the "substantive content" of information, but no settled approach exists for proving that AI-rewritten output is substantively equivalent to the original secret.
Multi-party access breaks the liability chain. An agent involves the base model provider, plug-in developers, API vendors, cloud hosting, and operations teams. Once company data enters this chain, the number of parties with potential access multiplies. Subcontracting by vendors, offshore processing, log ownership, and data deletion duties are often absent from traditional IT procurement contracts. If a leak occurs, the company may struggle to identify who to pursue.
All three paths lead to the same litigation problem: opposing counsel will argue, "Your own employee fed the data to an agent. How can you claim your confidentiality measures were reasonable?"
What companies should do now
Rebuild information classification and define AI boundaries. Most confidentiality policies predate widespread AI use and lack rules for agent scenarios. Create a three-tier classification for core information: (1) information that must not enter any external AI tool; (2) information that may enter only with approval and after removing identifying details; and (3) information that may be processed only in a private or controlled environment.
This list becomes key evidence in litigation to show the company's confidentiality measures were reasonable.
Implement AI tool onboarding review and reject default open access. When business teams deploy an agent with system integration capabilities, the legal risk can match signing a sensitive data processing agreement. Yet legal teams are often not involved.
The onboarding checklist should cover: whether the data will be used for training; whether plug-in permissions are controllable; whether logs are fully retained; whether the bug fixing process is transparent; and whether cross-border transfers comply with applicable rules. Pre-launch assessment is only the starting point. Full-lifecycle monitoring should be standard.
Revise confidentiality clauses to add AI-specific duties. Most existing employment contracts, vendor agreements, and technical services contracts do not address agent use.
At minimum, add clauses that bar employees and vendors from inputting certain information classes into any unapproved external model or agent; prohibit vendors from using company data for training or any purpose beyond the contract scope; require notice within an agreed timeframe and cooperation with evidence collection if a security flaw or suspected leakage occurs; and clearly address subcontracting, offshore processing, log keeping, and data destruction.
These clauses set clear boundaries up front and create a written basis for allocating responsibility if a dispute arises.
Move evidence collection up front. With agents, data flows are fragmented, multi-node, and often opaque. Post-incident reconstruction is nearly impossible.
Log AI tool access control and invocation. Keep outbound approval records. Monitor user activity for key roles. Conduct offboarding data audits for departing employees, including review of AI conversation logs where available.
In a dispute, these controls may be the only evidence that information remains governed and any leakage is traceable.
For legal professionals managing these risks, AI for Legal resources can help teams understand the technical landscape, and AI Learning Path for Paralegals covers document handling and confidentiality measures in detail.
Your membership also unlocks:
