FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorytrade secretsIPconfidentialityDTSA

Trade Secret Audits: The Quarterly Review Every Mid-Market Company Now Needs

By Basel IsmailMay 24, 2026

Trade Secret Audits: The Quarterly Review Every Mid-Market Company Now Needs

A trade secret audit sounds like one of those things your outside counsel recommends once, you nod politely, and then never schedule. I get it. But the combination of the Defend Trade Secrets Act (DTSA, 18 U.S.C. § 1836) and the patchwork of state Uniform Trade Secrets Act (UTSA) adoptions has created a situation where companies that skip regular audits are essentially gambling with their ability to enforce anything in court. And now that generative AI tools are touching proprietary data in ways most companies haven't fully mapped, the stakes have gotten meaningfully higher.

Let me walk through what a trade secret audit actually involves, what competent counsel is looking for when they run one, and the AI-specific elements that should now be part of every review cycle.

What a Trade Secret Audit Actually Looks Like

At its core, a trade secret audit is a structured review of three things: what you claim as trade secrets, how you protect them, and whether those protections would survive judicial scrutiny. The DTSA and most UTSA-based state statutes define a trade secret as information that derives independent economic value from not being generally known and is subject to "reasonable measures" to maintain its secrecy. That second prong, the reasonable measures requirement, is where companies consistently fail.

A well-run audit typically covers:

Identification and inventory. What specific information does the company treat as a trade secret? This includes algorithms, customer lists, pricing models, manufacturing processes, vendor terms, internal playbooks, and training data. Vague categories like "our proprietary methods" will not hold up. In Broker Genius, Inc. v. Zalta (S.D.N.Y. 2019), the court dismissed a DTSA claim in part because the plaintiff failed to identify its trade secrets with reasonable particularity.
Access controls and documentation. Who has access to each category of trade secret information? Is access logged? Are there technical controls (encryption, role-based access, DLP tools) and administrative controls (NDAs, restrictive covenants, onboarding/offboarding protocols)?
Policy review. Do employment agreements, vendor contracts, and partnership agreements contain trade secret provisions that align with current DTSA requirements, including the required notice of whistleblower immunity under 18 U.S.C. § 1833(b)? If your NDAs predate May 2016 and haven't been updated, you may have forfeited your right to exemplary damages and attorney fees under the DTSA.
Incident history. Have there been any suspected or confirmed misappropriation events since the last review? How were they handled? Was evidence preserved?

The output of the audit is typically a report that maps each identified trade secret to its protective measures, flags gaps, and prioritizes remediation. Think of it as a compliance posture assessment, but specifically for information assets you might need to litigate over someday.

What Counsel Is Really Looking For

The attorney running your audit is essentially stress-testing your ability to win a future misappropriation case. Courts under both the DTSA and state UTSA frameworks have been increasingly specific about what "reasonable measures" means in practice. In Compulife Software Inc. v. Newman (11th Cir. 2020), the court found that making information available through a public-facing tool, even if the underlying database was proprietary, undermined the secrecy claim. The lesson: if your protective measures have gaps that a reasonably diligent competitor could exploit, you may not have a trade secret at all.

Counsel is looking for consistency. If you tell the court your customer list is a trade secret but your sales team routinely emails it as an unencrypted spreadsheet, that inconsistency is going to be a problem. The audit is designed to surface those disconnects before opposing counsel does.

Another thing experienced trade secret litigators focus on is the "independent economic value" element. This requires more than just asserting that information is valuable. You need to be able to articulate, with some specificity, what competitive advantage the information provides and what it would cost a competitor to independently develop it. The audit should include at least a preliminary valuation framework for your most critical trade secrets. In Epic Systems Corp. v. Tata Consultancy Services (W.D. Wis. 2016), the jury awarded $240 million in compensatory damages and $700 million in punitive damages, later reduced to $420 million. The ability to quantify harm was central to that outcome.

The AI-Specific Elements You Should Be Adding Now

This is where things have shifted substantially in the last 18 months. If your audit template hasn't been updated since 2022, it is almost certainly missing critical exposure points related to AI adoption.

Training Data Exposure

Are employees or contractors inputting proprietary information into third-party AI tools? OpenAI's enterprise terms are different from its consumer terms, and many companies are still running on default ChatGPT accounts where inputs may be used for model training. Samsung learned this the hard way in April 2023 when engineers pasted proprietary source code into ChatGPT on at least three separate occasions. Your audit needs to map which AI tools are in use, under what terms, and whether proprietary data has been or could be exposed through them.

AI-Generated Outputs and Ownership

If your company is using AI to generate content, code, or analysis that you intend to treat as a trade secret, you need to evaluate whether the output qualifies for protection. Trade secret law does not require the same originality threshold as copyright, but if an AI tool could generate substantially similar output for a competitor using the same prompts, the "not generally known" element gets shaky. Your audit should assess whether AI-generated materials are being claimed as trade secrets and whether that claim is defensible.

Model Training on Internal Data

Companies building or fine-tuning proprietary models on internal datasets need to treat those models, and the training data pipelines feeding them, as trade secret assets. This means applying the same access controls, documentation, and contractual protections you would apply to any other high-value proprietary information. The audit should specifically cover: where training data is stored, who has access to model weights, whether fine-tuned models are deployed in environments that could allow extraction or reverse engineering, and whether your AI vendors have contractual obligations regarding data segregation.

Automated Decision Systems and Process Secrets

Proprietary workflows that incorporate AI, such as underwriting models, diagnostic algorithms, or compliance screening processes, may themselves constitute trade secrets. But if you are using a vendor's AI tool as the core engine, you need to understand what portion of the process is actually proprietary to you versus what is the vendor's standard offering configured with your parameters. The audit should draw that line clearly.

Frequency and Ownership

Quarterly is the right cadence for most mid-market companies, particularly those in regulated industries where the information landscape changes frequently. Annual audits made sense when the primary risks were departing employees and competitor espionage. The introduction of AI tools that can ingest, process, and potentially leak proprietary information in seconds has compressed the risk timeline considerably. A quarterly review does not need to be as comprehensive as the initial audit; it can focus on changes since the last cycle, new tools adopted, personnel changes, and incident review.

Ownership should sit with the general counsel's office, with input from the CISO (for technical controls), HR (for employment agreements and offboarding), and increasingly, whoever is responsible for AI governance. If nobody in your organization owns AI governance yet, the trade secret audit is a good forcing function to fix that.

How FirmAdapt Addresses This

FirmAdapt's architecture is built around the principle that proprietary data should never leave the compliance boundary without explicit, auditable authorization. For companies conducting trade secret audits, this means the AI tools deployed through FirmAdapt do not train on client data, do not commingle inputs across tenants, and maintain detailed access logs that directly support the "reasonable measures" documentation courts require under the DTSA and UTSA frameworks.

The platform also provides configurable data classification and access control features that map to the categories a trade secret audit would evaluate. Rather than retrofitting consumer AI tools with enterprise guardrails, FirmAdapt starts from a regulated-industry baseline, which makes the quarterly audit process significantly more straightforward and the results more defensible.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free