← Back to Resources

Cloud AI Leaks: Trade Secrets vs Patents

You paste your code into a cloud AI tool. The model may train on it, store it, or route it through servers you cannot audit. That single upload can put two forms of IP protection at risk at once.

This is not hypothetical. About 1,500 federal trade secret cases were filed in 2025, per ABA Journal and Lex Machina data. Litigation rose roughly 25% in the year after the Defend Trade Secrets Act passed in 2016. For indie hackers building novel algorithms or ML architectures, an uninformed upload can jeopardize both trade secret protection and patent eligibility before you even know there was a decision to make.

The fix starts before your code touches any cloud service. Scan locally. Identify what is potentially patentable, what qualifies as a trade secret, and what is safe to share. That puts you in control of decisions that are otherwise made for you.

Last updated: March 2026. This page is informational only and not legal advice. Consult a patent attorney for your specific situation.

~1,500

Federal trade secret cases filed in 2025, per ABA Journal / Lex Machina data

+25%

Increase in trade secret litigation in the year after the DTSA passed in 2016

$245M

Waymo v. Uber settlement in equity. Once IP leaves your control, recovery is expensive.

12 mo

Window a provisional patent gives you to establish a priority date while you keep iterating

Why Cloud Uploads Create Legal Risk

Trade secret protection under the Defend Trade Secrets Act (18 U.S.C. §§ 1831–1839) requires you to take "reasonable measures" to maintain secrecy. Courts evaluate this case by case. Uploading proprietary code to a cloud AI service whose terms permit data retention or model training is one factor a court might weigh. Terms of service are not automatically dispositive, but they are part of the analysis.

The patent risk is separate and more specific. Under 35 U.S.C. § 102, a public disclosure before filing can create prior art. The U.S. offers a one-year grace period, but it generally covers disclosures by or derived from the inventor. It does not automatically cover every third-party disclosure.

The key question for patent purposes: did the upload result in a public disclosure? A simple upload does not trigger a statutory bar by itself. But if a provider exposed your code through a breach or a training data release, whether that constitutes a public disclosure is a question courts have not fully resolved. These are contingent risks worth understanding before you upload anything, not after.

1
Trade secret exposure. Terms permitting data retention or model training may undermine the "reasonable measures" standard courts apply under the DTSA.
2
Prior art creation. If a provider exposes your code through a breach or dataset release, whether that constitutes a public disclosure triggering the patent statutory bar is unsettled law.
3
No bespoke contracts. Most indie hackers do not negotiate confidentiality agreements with their AI tools. That leaves them on standard terms they did not write and may not have read.
Bottom line: Two forms of IP protection can both be affected by a single uninformed upload. The decision point is always before the code leaves your machine.

Trade Secrets vs Patents: When to Use Each

You have two primary IP tools for protecting your code. They serve different purposes and have different vulnerabilities.

Trade Secrets

Protect information that derives economic value from being kept secret: training methodologies, negative know-how, proprietary data pipelines. Protection lasts indefinitely as long as secrecy holds. Cost is near zero. The critical downside: once the information is out, the protection is gone. Disclosure cannot be reversed.

Utility Patents

Protect inventions that are novel, non-obvious, and useful. Last 20 years from the filing date. Require public disclosure of how the invention works. For software and AI, face eligibility hurdles under 35 U.S.C. § 101 and the Alice Corp. v. CLS Bank framework. Claim drafting often determines outcome as much as the underlying invention does.

What Patents Cover Best

Novel algorithms and technical architectures that might survive Alice scrutiny. Things a competitor could independently discover or reverse-engineer. Patents protect you even if someone else arrives at the same solution independently. Trade secrets cannot do that.

What Trade Secrets Cover Best

Elements not visible to outside observers: curated training datasets, hyperparameter configurations, failed experiments, internal methodologies. These have economic value precisely because no one else knows them. Patent filing would destroy that value by requiring disclosure.

Hybrid strategy: File provisional patents on core algorithms and architectures that could be independently discovered. Keep training data, internal methodologies, and negative know-how as trade secrets. Make this distinction before anything goes to the cloud.

A Local-First Scanning Framework

Four steps. All of them happen on your machine before any code touches a cloud service.

1
Scan locally for potentially patentable elements. Run your codebase through a local patent discovery tool. Look for novel algorithms, specific technical improvements to ML processes, or unconventional architectures. Running locally means your code does not leave your machine during this step.
2
Document discoveries with disclosure forms. For each potentially patentable element, write a brief disclosure: what it does, how it improves on existing approaches, and what technical problem it solves. Date it. This creates a record that supports both patent filings and trade secret claims.
3
File provisional patents for patentable elements. A provisional preserves your filing date for 12 months while you keep iterating. Check the current USPTO fee schedule at uspto.gov for accurate filing fees. You do not need finalized claims at this stage. A provisional lets you establish a priority date now and work out formal claims later.
4
Classify remaining code. Trade secrets stay off cloud services or behind confidentiality agreements. Standard implementations and clearly non-sensitive code can go to cloud tools without meaningful IP concern. Only after completing these steps should any code go to a cloud AI service.

Alice Eligibility: What Actually Survives

Not every piece of clever code is patentable. The Alice two-step test (Alice Corp. v. CLS Bank, 573 U.S. 208, 2014) filters out abstract ideas implemented on generic computers. For indie hackers working in AI and ML, this is the biggest obstacle.

Type of Claim Alice Outcome Why
Novel neural network topology that measurably reduces inference latency Tends to survive Specific architectural improvement with measurable technical result
Data pipeline solving a specific processing bottleneck in a new way Tends to survive Concrete technical solution to a technical problem
Using ML to perform a known business task Tends to fail Abstract idea applied to a domain, not a technical improvement
Generic claims about applying AI to a field Tends to fail No specific implementation detail, purely functional description

The 2024 USPTO subject matter eligibility guidance (Examples 47–49) provides AI-specific illustrations. Claims demonstrating a technical improvement in efficiency or architecture can pass Section 101 review. Claims that are essentially "do X, but with AI" generally cannot.

When you scan locally, you are looking for genuine technical contributions: novel algorithms, unconventional architectures, concrete solutions to technical problems. Not applications of existing tools to new domains. Claim language and technical specificity often determine outcome as much as the underlying invention does.

The Numbers Behind the Risk

Trade secret litigation has been accelerating. The ABA Journal, citing Lex Machina data, reported approximately 1,500 federal trade secret cases filed in 2025, up roughly 25% from the year the DTSA passed in 2016. These numbers do not tell you what will happen in your case. They tell you the legal landscape is active and contested.

Waymo v. Uber, involving autonomous vehicle trade secrets, settled for $245 million in equity in 2018. That case involved a former employee, not a cloud tool. The principle still applies: once proprietary information leaves your control, tracing misappropriation and proving damages is expensive and difficult.

AI models add another layer of difficulty. Anthropic CEO Dario Amodei has written publicly about the serious problem of AI interpretability, noting that even AI developers often cannot fully explain how their models reach specific outputs. That interpretability gap has practical consequences for trade secret disputes involving AI systems. Even if your code were misappropriated through a cloud AI service, demonstrating that a specific model output was derived from your specific input would be very hard to prove. Courts are still working out how to handle these evidentiary challenges.

The evidentiary problem cuts both ways: It makes it hard for bad actors to prove they did not misuse your code. It also makes it hard for you to prove they did. Prevention is far more practical than litigation.

Frequently Asked Questions

Does uploading code to ChatGPT or Copilot destroy my trade secret protection?

It depends on the facts, and the law here is not fully settled. Under the DTSA (18 U.S.C. §§ 1831–1839), trade secret protection requires "reasonable measures" to maintain secrecy. Terms of service that permit data retention or use for model training are one factor a court might consider, but they are not automatically dispositive. Enterprise agreements with explicit confidentiality terms reduce the risk. Without any kind of confidentiality agreement, indie developers face heightened exposure. Understand a provider's data practices before uploading anything proprietary.

Can I still patent something after uploading it to a cloud AI service?

Possibly, but the analysis depends on the facts. Under 35 U.S.C. § 102, the U.S. provides a one-year grace period for an inventor's own public disclosures, and generally for disclosures made by or derived from the inventor. The critical question is whether the upload resulted in a public disclosure. A simple upload does not trigger a statutory bar by itself. But if the provider exposed your code through a breach or a training data release, whether that constitutes a qualifying public disclosure and how the grace period applies are questions courts have not fully resolved. Filing a provisional before any cloud upload is the more reliable approach.

What qualifies as a patentable element in my codebase?

Under the Alice framework (573 U.S. 208, 2014), patentable software inventions must demonstrate a specific technical improvement, not just an abstract idea on a generic computer. Look for novel algorithms, unconventional system architectures, concrete solutions to technical problems (like reducing latency or improving data efficiency), and specific ML pipeline innovations. Claim language and technical specificity often determine outcome as much as the underlying invention does. The 2024 USPTO subject matter eligibility guidance, including Examples 47–49, provides AI-specific illustrations worth reviewing.

How much does a provisional patent cost for a solo developer?

USPTO filing fees for provisional applications vary by entity status (micro-entity, small entity, and large entity pay different rates) and are subject to change. Check the current fee schedule at uspto.gov for accurate figures. Most solo developers qualify for reduced fees under micro-entity or small-entity status. A provisional does not require finalized claims or formal drawings, which keeps preparation costs lower than a full utility application.

Why is proving trade secret misappropriation so hard with AI models?

AI models are difficult to interpret, even for their creators. Anthropic CEO Dario Amodei has written publicly about the serious problem of AI interpretability, noting that developers often cannot fully explain how their models reach specific outputs. That interpretability gap creates real evidentiary difficulties in trade secret disputes involving AI systems. Demonstrating that a model's output was derived from your specific misappropriated input would be very hard to prove. Courts are still working out how to handle these challenges.

Should I choose patents or trade secrets for my AI project?

Often a combination makes sense. Utility patents work best for inventions that could be independently discovered or reverse-engineered: novel algorithms, specific architectures, technical efficiency improvements. Trade secrets work best for elements not visible to outsiders: training methodologies, curated datasets, hyperparameter configurations, negative know-how. A hybrid approach lets you pursue exclusivity on core inventions while maintaining ongoing protection on hidden elements. How you structure that mix depends on your specific codebase and competitive situation.

The inventions hiding in your codebase are not going to find themselves.

Scan your code locally before it touches any cloud service. Identify what's patentable, what's a trade secret, and what's safe to share — before those decisions are made for you.

No code leaves your device.

Discover your inventions

Related Resources

Provisional Patent Strategy

How to use a provisional application to lock in a filing date while your codebase is still evolving.

Read the Guide →

IP Ownership in Local-First Sync Engines

Who owns what when your architecture is designed to keep data off centralized servers — and why that affects your patent strategy.

Read the Guide →

Software Patents: Starting Too Late

Why most developers wait until it's too late to file — and the window you probably still have.

Read the Guide →