HOW AI CAN STEAL YOUR TRADE SECRETS

Samsung lost trade secret protection when its engineers used ChatGPT. These incidents happened last year, but now that artificial intelligence (AI) systems are stampeding into businesses at a breakneck speed, it’s important to first review what happened as a very cautionary tale – forewarned is forearmed, and then put in place procedures to protect  your company against this happening.

What happened?

It was reported that Samsung engineers used ChatGPT to repair problems with source code, and to optimize test sequences used to identify errors in chips. The process involved inputting source code and confidential meeting notes into ChatGPT. This information was considered by Samsung to be very confidential information.

How to ruin/lose trade secret protection?

Trade secrets are an odd type of intellectual property. They only remain protected as trade secrets so long as they remain secret. Therefore, if a trade secret is disclosed to a third party that is not obligated to maintain the secrecy of the information, the information is no longer a trade secret – it’s gone forever and available for anyone to use.

ChatGPT’s Privacy Policy states: “we may use Content you provide us to improve our Services, for example to train the models that power ChatGPT.” Therefore, once the source code in question and other information was entered into a ChatGPT input field, it’s then available for use by OpenAI – without any trade secret protection. At that point Samsung had no ability to retrieve this data from ChatGPT.

ChatGPT does have an option for opting out of allowing input data for training purposes. This opt out option was either not selected by the Samsung engineers or was not available at that time. In order to avoid this problem, and yet still benefit from AI, Samsung is now developing its own AI model for performing these test functions.

Procedures to Protect Trade Secrets

To safeguard trade secrets while utilizing technologies like ChatGPT, companies should implement the following procedures:

1. Conduct a Risk Assessment: Before integrating AI into business operations, evaluate the specific risks associated with the AI platform, especially in terms of data privacy and IP security.
2. Establish Clear Usage Policies: Define what type of information can be shared with AI platforms. Sensitive or proprietary data should be strictly off-limits unless absolutely necessary and safe.
3. Use AI Locally When Possible: If feasible, use on-premises AI solutions where the data does not leave the corporate environment, minimizing exposure.
4. Implement Data Security Measures: Enhance cybersecurity protocols to secure data transmission to and from AI services. Encryption of data in transit and at rest can prevent unauthorized access.
5. Regularly Update Confidentiality Agreements: Ensure that all employees and stakeholders are aware of what constitutes a trade secret and the importance of not divulging this information to any AI systems.
6. Monitor and Audit AI Interactions: Regularly review interactions with AI systems to ensure compliance with internal data security policies and to detect potential leaks or breaches early.
7. Collaborate with AI Providers on Security: Engage with AI service providers to understand their data security measures and advocate for enhanced protections or custom solutions tailored to your company’s needs.
8. Legal Safeguards: Work with legal counsel to update terms of service agreements with AI providers to include clauses that protect your data and trade secrets explicitly.
9. Educate Employees: Provide training on the appropriate use of AI technologies, emphasizing the risks related to trade secret exposure.
10. Develop a Response Plan: Establish a protocol for responding to IP breaches, including how to handle data breaches involving AI platforms.

Conclusion

The advent of AI like ChatGPT in business processes presents both opportunities and challenges, particularly concerning the protection of trade secrets. By understanding the risks and implementing robust security measures, companies can enjoy the benefits of AI while safeguarding their valuable intellectual assets. As AI technologies evolve, so too should the strategies for protecting sensitive information, ensuring that innovation does not compromise security.