Reverse Engineering in the Age of AI- Are Your Trade Secrets Still Safe?

Wednesday, December 24, 2025

Artificial intelligence has dramatically broadened the capabilities of anyone looking to reverse-engineer public-facing products. What once took specialized skill, deep pockets, and many hours now requires little more than a curious mind and a powerful AI model. For companies built around valuable and confidential know-how, this shift has profound implications, especially for in-house counsel tasked with safeguarding trade secrets.

How AI Is Changing Reverse Engineering

Reverse engineering is the process of using publicly available information, like software code or a publicly available user interface, to discover nonpublic information about a product or process. Traditionally, this was a slow and expert-driven endeavor that required a significant amount of information. But with advances in AI—including code analysis tools, language models, and automated data scrapers, reverse engineering can be carried out with significantly less information and at a scale and speed previously unimaginable.

Machine learning and predictive modeling allows AI to uncover hidden information and piece together proprietary logic from software outputs, reconstruct algorithms from behavioral patterns, and even deduce “secret sauce” ingredients that were once thought irretrievable. No company operating in the digital world, whether SaaS, traditional tech, or even non-tech with proprietary digital processes, is immune.

Trade Secret Law: What Counts as “Improper Means”?

In the US, trade secrets are protected under the Uniform Trade Secrets Act (UTSA) and the Defend Trade Secrets Act (DTSA). Both statutes define a trade secret as information that has economic value because it is not generally known or “readily ascertainable,” and reasonable efforts are used to keep it confidential.

Crucially, these laws focus on misappropriation, wrongful acquisition or use, typically through “improper means.” However, both UTSA and DTSA have always made a major exception: information obtained by reverse engineering a publicly available product is not considered “improper means”—and therefore, is not misappropriation.

Yet the AI era is disturbing what counts as “proper” and “improper.” Is deploying bots to scrape massive amounts of data “proper”? Is coaxing unexpected outputs from a generative AI model by way of “prompt injection” fair play, or does it cross the line into cyberattack territory? Recent legal cases signal that courts are struggling with these questions.

Recent Cases: The Law Grapples with AI

In a 2024 case, a company claimed competitors used “prompt injection” (manipulating generative AI with crafted inputs) to elicit sensitive outputs, allegedly extracting valuable trade secrets. Adding to the intrigue, the attackers used false credentials and impersonation—raising the specter of “improper means.”

The Eleventh Circuit recently ruled that even when data is accessible to the public, how it’s accessed matters. Automated scraping of millions of insurance quotes, carried out with bots, was deemed “improper means,” casting doubt on companies relying purely on “technical public availability” as a shield.

Underlying both decisions is a key trend: As AI makes it easier for outsiders to reconstruct proprietary information, courts are increasingly interrogating what makes a method of acquisition truly “improper.”

Heightened Risk: When “Readily Ascertainable” Is Redefined

A second risk looms: As AI tools become more adept at deducing secrets from public clues, courts may decide that information is, in fact, “readily ascertainable.” That could mean what was once securely covered by trade secret law might lose protected status, not because of a security lapse, but because technology makes it easier for competitors to deduce nonpublic confidential information from the outside.

Protecting Trade Secrets in an AI-Powered World

For in-house counsel and business leaders, the message is clear: the old playbook is no longer enough. Here are practical steps for safeguarding confidential information in the current environment:

• Reinforce Technical Barriers

• Implement rate limiting, CAPTCHA challenges, and advanced bot-detection tools, especially on SaaS platforms.

• Apply AI-powered monitoring for unusual patterns that might signal scraping or prompt injection attempts.

• Update Legal Protections

• Revise terms of service to expressly prohibit automated access, scraping, reverse engineering, and prompt injection. Make these clauses visible and actively enforce them.

• Incorporate explicit provisions regarding AI-specific attack vectors in your contracts and NDAs.

• Document all incidents and responses to show your “reasonable measures” in the event of future litigation.

• Revisit Traditional Best Practices

• Limit access to core confidential information for each trade secret to those on a genuine “need to know” basis, and monitor usage carefully.

• Maintain a robust trade secret management program, including labeling sensitive documents and regularly auditing access controls.

• Review employment and third-party agreements to confirm they’re up to date for the realities of AI-era risks.

• Stay Vigilant and Evolve.

• Conduct periodic reviews of your confidentiality policies. If your framework predates the AI surge of 2023, it’s time for an update.

• Educate internal teams on the new forms of reverse engineering and AI-enabled threats, including social engineering.

• Consider documenting how your company specifically addresses the risk of AI-assisted reverse engineering.

Trade secret protection has always demanded vigilance, but the rise of AI has upped the stakes. The law continues to evolve as judges confront novel scenarios, but companies cannot afford to wait for clear answers. By implementing a multi-layered approach, combining legal vigilance, technical defenses, and up-to-date policies, businesses can better safeguard their intellectual assets and navigate the uncertain legal terrain of the AI age.

Have your trade secret protocols kept pace with the march of AI? Now is the time to review, revise, and reinforce.