FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorytrade secretsIPconfidentialityDTSA

The Defend Trade Secrets Act and the Threshold Question for AI-Leaked Information

By Basel IsmailMay 20, 2026

The Defend Trade Secrets Act and the Threshold Question for AI-Leaked Information

If you have spent any time litigating trade secret claims under the Defend Trade Secrets Act (18 U.S.C. § 1836), you know the first real fight is almost never about whether the information qualifies as a trade secret. It is about whether the owner took "reasonable measures" to keep it secret. That requirement, baked into the DTSA's definition of trade secret at 18 U.S.C. § 1839(3)(A), is the threshold question that kills claims before they ever get to the merits. And generative AI has made that threshold significantly harder to clear.

The Reasonable Measures Standard, Briefly

Courts have been interpreting "reasonable measures" for decades under state UTSA variants, and the DTSA largely adopted the same framework. The standard is not perfection. It is context-dependent reasonableness. In Compulife Software Inc. v. Newman (11th Cir. 2020), the court emphasized that the inquiry looks at the totality of the circumstances: NDAs, access controls, employee training, physical security, digital protections. No single factor is dispositive, but the absence of several is usually fatal.

The key cases tend to hinge on gaps. In Turret Labs USA, Inc. v. CargoSprint, LLC (E.D.N.Y. 2021), the court found that failing to implement basic access restrictions undermined the plaintiff's claim. In Yellowfin Yachts, Inc. v. Barker Boatworks, LLC (M.D. Fla. 2019), the absence of confidentiality agreements with key employees was enough to defeat the reasonable measures element at summary judgment. The pattern is clear: if you have an obvious gap in your protection regime and the information leaks through that gap, your DTSA claim is in serious trouble.

Generative AI Is the New Obvious Gap

Here is where things get interesting for 2024 and beyond. Employees are using generative AI tools. They are pasting source code into ChatGPT, uploading financial models to Claude, feeding proprietary datasets into open-source LLMs running on personal machines. Samsung's widely reported incident in early 2023, where engineers submitted confidential semiconductor source code to ChatGPT on at least three separate occasions within a single month, was a wake-up call. But it was not an anomaly. A Cyberhaven study from March 2023 found that 11% of data employees pasted into ChatGPT was confidential. Cisco's 2024 Data Privacy Benchmark Study reported that 62% of employees admitted to inputting company data into public AI tools, and 45% of that data was categorized as problematic.

Now think about that from the perspective of a DTSA plaintiff. You are in court arguing that your client took reasonable measures to protect its trade secrets. Opposing counsel asks a simple question: did your company have an AI acceptable use policy in place at the time of the alleged misappropriation? If the answer is no, you have a problem. If the answer is "we had a general confidentiality policy," you have a slightly smaller problem, but still a problem.

Why General Policies Are Not Enough

A standard NDA or employee confidentiality agreement typically covers disclosure to "third parties" or "unauthorized persons." Whether a cloud-based AI service constitutes a third party for purposes of those agreements is, at minimum, ambiguous. Most NDAs were drafted before generative AI existed. They do not address the specific mechanics of how an LLM ingests, processes, and potentially retains or regurgitates input data. A court evaluating reasonable measures is going to notice that ambiguity.

Compare this to how courts treated electronic security in the early 2000s. Companies that had physical security but no password protections on digital files started losing the reasonable measures argument as digital workflows became standard. The same evolution is happening with AI. The technology is mainstream, the risks are well-documented, and the expectation that companies will address those risks specifically is forming in real time.

What a Defensible AI Policy Looks Like Under DTSA

To satisfy the reasonable measures standard in a world where generative AI is a routine workplace tool, companies need policies that are specific, enforced, and documented. Based on the factors courts have historically considered, a defensible AI policy should address at least the following:

Explicit classification of AI tools as potential disclosure channels. The policy should name generative AI services and treat input into those services as a form of external disclosure subject to the same restrictions as sharing information with a human third party.
Tiered data handling rules. Not all information carries the same sensitivity. A policy that prohibits all AI use is likely to be ignored. A policy that maps data classification levels to permitted AI interactions is more likely to be followed and, critically, more likely to be viewed by a court as a genuine protective measure rather than a paper exercise.
Technical controls, not just written rules. Courts in DTSA cases consistently give more weight to measures that are enforced through technology rather than relying solely on employee compliance. DLP tools that detect and block sensitive data from being pasted into AI interfaces, approved AI environments that do not retain or train on input data, and network-level restrictions on unapproved AI services all strengthen the reasonable measures argument.
Training with documented acknowledgment. In Broker Genius, Inc. v. Zalta (S.D.N.Y. 2019), the court noted the importance of employees being specifically informed about what constitutes confidential information and how to handle it. AI-specific training, with signed acknowledgments, extends this principle to the current threat landscape.
Regular auditing and policy updates. A policy written in January 2023 that has never been updated is going to look stale by the time it reaches a courtroom in 2025. The AI landscape changes fast. Courts will expect that protective measures evolve with the technology.

The Litigation Angle Nobody Is Talking About Enough

There is a flip side to this analysis that defense counsel should be paying attention to. If you are defending a DTSA misappropriation claim, the plaintiff's AI posture is now a legitimate area of discovery. Interrogatories about AI policies, requests for production of DLP logs, depositions of IT leadership about what tools were permitted and what controls were in place. If the plaintiff cannot demonstrate that it addressed the AI vector, the reasonable measures element becomes genuinely contestable, even if the plaintiff had strong protections everywhere else.

This is not speculative. We are already seeing defendants in trade secret cases raise AI-related arguments in motions to dismiss and at summary judgment. The volume of these arguments will only increase as courts become more familiar with how generative AI actually works and how data flows through these systems.

The Timing Problem

One more wrinkle worth flagging. The reasonable measures inquiry looks at what was in place at the time the trade secret was misappropriated, not what the company implemented afterward. Remedial measures can help in some contexts, but they do not retroactively satisfy the statutory requirement. Companies that wait until after an incident to adopt an AI policy are buying themselves a gap in coverage that could undermine any future DTSA claim arising from that period. The time to implement is before you need it in court.

How FirmAdapt Addresses This

FirmAdapt's architecture is built around the principle that AI interactions with sensitive data should be governed by enforceable technical controls, not just written policies. The platform provides a compliance-first AI environment where data classification rules, access restrictions, and retention policies are applied at the infrastructure level. This means that when employees use AI through FirmAdapt, the interaction is governed by the same protections that apply to other forms of data handling, creating the kind of documented, enforced, and auditable controls that courts look for in the reasonable measures analysis.

For companies concerned about maintaining DTSA-defensible trade secret protections, FirmAdapt generates the audit trail and technical enforcement layer that transforms an AI acceptable use policy from a piece of paper into a demonstrable security measure. The platform logs interactions, enforces data classification boundaries, and ensures that proprietary information is not exposed to third-party model training pipelines. It is the kind of infrastructure-level control that closes the gap before opposing counsel can exploit it.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free