FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatorytrade secretsIPconfidentialityDTSA

Trade Secret Misappropriation Through AI Inference Attacks

By Basel IsmailMay 20, 2026

Trade Secret Misappropriation Through AI Inference Attacks

There is a category of AI security threat that most trade secret programs are not built to handle. Model inversion attacks, membership inference attacks, and related extraction techniques can pull proprietary information out of machine learning models without ever directly accessing the underlying data. The Defend Trade Secrets Act (DTSA), 18 U.S.C. § 1836, provides a federal cause of action for misappropriation, but applying it to AI inference attacks requires some careful legal reasoning. The statute was not written with gradient-based reconstruction in mind, and the case law is still catching up.

What Inference Attacks Actually Do

A quick taxonomy, because the technical distinctions matter for the legal analysis.

Model inversion attacks reconstruct training data by exploiting a model's outputs. Fredrikson et al. demonstrated this in 2015 by recovering recognizable facial images from a facial recognition model using only the model's confidence scores and the target's name. The attacker queries the model repeatedly and uses the responses to reverse-engineer what the model "learned" during training. If your model was trained on proprietary chemical formulations, customer pricing data, or clinical trial results, a sufficiently motivated adversary can approximate that data through systematic querying.

Membership inference attacks determine whether a specific data record was part of the training set. Shokri et al. published foundational work on this in 2017, showing that shadow model techniques could identify training set membership with high accuracy across multiple ML architectures. This matters for trade secrets because confirming that a competitor's proprietary dataset was used to train a model can establish the factual predicate for a misappropriation claim.

Model extraction attacks steal the model itself. Tramer et al. (2016) showed that equation-solving attacks could replicate ML models hosted behind prediction APIs with a modest number of queries. A 2020 study from researchers at the University of Waterloo demonstrated extraction of functionally equivalent copies of models served by major cloud ML platforms. The extracted model becomes a vessel carrying whatever trade secrets were embedded in the original's architecture and weights.

Mapping Inference Attacks to DTSA Elements

The DTSA requires three things: (1) the existence of a trade secret, (2) misappropriation through improper means or breach of a duty, and (3) the information relates to a product or service used in interstate or foreign commerce. Let's work through each.

Existence of a Trade Secret

Under 18 U.S.C. § 1839(3), a trade secret includes "all forms and types of financial, business, scientific, technical, economic, or engineering information" provided the owner has taken reasonable measures to keep it secret and the information derives independent economic value from not being generally known. Training data, model architectures, and learned parameters can all qualify. The Sixth Circuit in Compulife Software Inc. v. Newman (2020) recognized that compiled databases used in software can constitute trade secrets. Proprietary training datasets and the model weights derived from them fit comfortably within this framework.

The harder question is whether information reconstructed through model inversion, which is an approximation of the original data rather than an exact copy, still qualifies. The DTSA's definition is broad enough to cover this. Courts have consistently held that trade secret misappropriation does not require verbatim copying. In Waymo LLC v. Uber Technologies, Inc. (N.D. Cal. 2017), the court addressed misappropriation of LiDAR technology trade secrets where the allegedly stolen information was modified and adapted rather than copied wholesale.

Improper Means

Section 1839(6) defines improper means to include "theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means." That last clause does real work here. Systematic querying of a model to extract its training data or replicate its functionality looks a lot like "espionage through electronic means," especially when it involves circumventing access controls, rate limits, or terms of service.

There is a reasonable argument that querying a publicly available API, even extensively, does not constitute "improper means" if the attacker is using the system as designed. This is where the analysis gets interesting. The DTSA borrowed its improper means framework from the Uniform Trade Secrets Act and the Restatement (First) of Torts § 757, which contemplated a spectrum of propriety. Reverse engineering through legitimate observation has traditionally been permissible. But inference attacks go beyond passive observation; they involve active, adversarial manipulation of the model's input space to extract information the model owner never intended to disclose.

The hiQ Labs, Inc. v. LinkedIn Corp. litigation (9th Cir., 2022) touched on related questions about scraping publicly accessible data, though in a CFAA context rather than trade secrets. The distinction between accessing available outputs and systematically extracting embedded proprietary information through adversarial techniques is one courts will need to develop further.

Reasonable Measures

This is where companies deploying AI models frequently fail. If you serve a model through an API with no rate limiting, no query monitoring, no output perturbation, and no access controls, a court may find you did not take "reasonable measures" to protect the trade secrets embedded in that model. The DTSA requires affirmative effort.

Practical measures that strengthen a DTSA claim include:

Differential privacy applied during training (with a documented epsilon budget)
Output perturbation that adds calibrated noise to prediction results
Query rate limiting and anomaly detection on API access patterns
Contractual restrictions in API terms of service explicitly prohibiting model extraction and inference attacks
Access logging sufficient to support forensic reconstruction of an attack
Watermarking or fingerprinting techniques embedded in model outputs

The 2023 NIST AI Risk Management Framework (AI RMF 1.0) specifically identifies data privacy attacks against AI systems as a risk category, which gives companies a recognized standard to point to when demonstrating the reasonableness of their protective measures.

Damages and Remedies

The DTSA provides for injunctive relief under § 1836(b)(3)(A), actual damages including unjust enrichment under § 1836(b)(3)(B), and exemplary damages up to two times actual damages for willful and malicious misappropriation under § 1836(b)(3)(C). Attorney's fees are available in exceptional cases.

Quantifying damages from inference attacks is genuinely difficult. If an attacker reconstructs 80% of your proprietary training dataset through model inversion, what is the economic harm? Courts will likely look to the cost of assembling the original dataset, the competitive advantage lost, and the unjust enrichment gained by the attacker. In Epic Systems Corp. v. Tata Consultancy Services (W.D. Wis., 2016), a jury awarded $940 million in trade secret damages (later reduced to $420 million), partly based on the development costs of the misappropriated system. Similar cost-of-development theories could apply to extracted training data and model architectures.

The ex parte seizure provision in § 1836(b)(2) is also worth noting. In extraordinary circumstances, a court can order seizure of property to prevent dissemination of a trade secret. If a company discovers an active model extraction attack, this provision could theoretically support seizure of the extracted model before it proliferates.

Where This Is Heading

The EU AI Act, which entered into force in August 2024, includes provisions on transparency and technical robustness that will intersect with trade secret protection for AI systems deployed in European markets. Domestically, the proposed AI LEAD Act and various state-level AI regulations are creating a patchwork of obligations that will shape how companies must protect and disclose information about their models. The interplay between mandatory transparency requirements and trade secret protection is going to generate significant litigation over the next several years.

Companies that deploy AI models trained on proprietary data need to treat inference attack resilience as a core component of their trade secret protection program, not an afterthought handled by the ML engineering team in isolation from legal.

How FirmAdapt Addresses This

FirmAdapt's architecture was designed with data isolation and access control as foundational principles rather than bolt-on features. The platform enforces granular query logging, output controls, and access restrictions that directly support the "reasonable measures" requirement under the DTSA. For companies using AI systems that process or are trained on trade secret information, these controls create a documented, auditable record of protective measures.

FirmAdapt also maintains compliance mappings across regulatory frameworks, so organizations can track how their AI deployment practices align with DTSA requirements, NIST AI RMF guidance, and applicable state trade secret statutes simultaneously. When your general counsel needs to demonstrate that the company took reasonable steps to protect proprietary information embedded in an AI system, the documentation infrastructure is already in place.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free