Protecting trade secrets in the age of AI: Legal challenges and strategic approaches

1. The Legal Foundation: What Qualifies as a Protected Trade Secret?

In Germany, the Trade Secrets Act (GeschGehG), in force since 2019, governs the protection of confidential know-how. Legal protection requires that the information is not publicly known, has commercial value, and is subject to reasonable secrecy measures (§ 2 No. 1 GeschGehG). In practice, this means that without active protection—such as access controls or contractual confidentiality clauses—no legal claim can typically be enforced, even in cases involving highly sensitive technology.

2. Technological Shift – When AI Deciphers Trade Secrets

Modern AI systems can decompile binary code into Modern AI systems can decompile binary code into structured source code, detect algorithmic patterns, or reconstruct functional circuit diagrams from microchip images (see more practical examples in the “Practice Spotlight” below).

These capabilities open new avenues for reverse engineering, which is legally permissible under certain conditions. For example, the GeschGehG allows product analysis if the item was lawfully acquired by the party conducting the analysis (§ 3 para. 1 no. 2).

Even if such analysis is technically legal, it can have severe economic consequences for the affected company—such as the loss of trade advantages or uncontrolled dissemination of internal data and innovation. The greatest risk lies with organizations that have not implemented sufficient technical or organizational safeguards.

3. Shortened Innovation Cycles – Why Speed Matters in Protection

Technologies that once guaranteed competitive advantages for years can now become obsolete within three to five years. At the same time, the leap from analysis to improved replication has shortened: AI allows competitors not only to understand but to enhance products—often faster than the original developer can respond. Companies that delay protection, or fail to proactively improve, may be overtaken before their product even reaches market maturity.

4. Rethinking Confidentiality

In light of these technological changes, companies must reassess their protection strategies from both legal and technical perspectives. This requires a critical review of existing protocols: Are access restrictions, encryption, and organizational procedures still up to date? Are confidentiality obligations clearly outlined in contracts with employees and external partners? And is there internal documentation that designates which information is considered particularly sensitive?

Implementation is just as important as intent: Legal protection is only effective if secrecy measures are not just theoretical but demonstrably implemented and actively maintained.

5. Supplementary protection through patents – but with caution

Patents offer robust formal protection, as they remain enforceable regardless of how the information was acquired. For short-lived products, early filing can be strategically decisive. However, every patent becomes publicly accessible—making it unsuitable for innovations where confidentiality is key. The decision between patenting and secrecy should always be made on a case-by-case basis.

Practical insight: What AI can do today – and why this poses challenges for protection concepts

Technological progress is no longer hypothetical. AI systems now perform tasks that used to take expert teams weeks or months. A realistic understanding of AI’s capabilities is essential for any legal risk assessment.

In the software domain:

• Source Code Reconstruction: AI can analyze executable files and regenerate readable source code, complete with comments and functional logic.
• Black-Box Analysis: Even without access to the source code, AI models can recreate functioning copies based solely on software behavior.
• Vulnerability Detection: AI detects security flaws in architecture faster and more comprehensively than most human analysts.

In the hardware domain:

• Chip Analysis via Imaging: AI can reverse engineer how a chip works by analyzing high-resolution microchip images—previously a labor-intensive process.
• 3D Reconstruction from Media: Freely available photos or videos can now be used to generate precise 3D models of products.
• PCB Cloning: AI can digitize and optimize entire printed circuit board designs using photographs or X-ray scans.

These examples demonstrate clearly: Technological superiority alone no longer guarantees protection. In an era where analysis and replication are automated, targeted and hybrid protection strategies—both legal and organizational—are critical.

6. Thinking Holistically About Protection

The gap between legal protection frameworks and modern AI capabilities is widening. There is no one-size-fits-all solution. Instead, hybrid protection models must be tailored to each company’s risk and innovation profile. In practice, this often means strategically combining formal protection (e.g., patents) with informal safeguards (e.g., confidentiality).

Such a strategy requires that leadership teams regularly evaluate which technologies are most exposed—whether because they are embedded in externally accessible products or because their structure lends itself to automated analysis. From this, appropriate protection measures can be derived that are both legally sound and economically viable.

New technologies require a rethink in legal protection

Artificial intelligence is rewriting the rules of intellectual property—often in areas where the law seems settled. Companies must take these new technical realities seriously and reassess their existing protection strategies.

Legal security begins with a clear understanding of one’s own risk landscape—and with the willingness to rethink conventional approaches.

It’s an investment that pays off: those who protect their innovation capacity early and strategically secure not just legal standing, but their long-term competitiveness.