Trade Secrets Are the New Training Data
2026-07-11 · 5 min read · Janaina Maia
Apple filed a lawsuit against OpenAI on Friday that reads like a corporate thriller. Tang Tan, OpenAI's Chief Hardware Officer and a 24-year Apple veteran, allegedly used Apple's confidential project code names during OpenAI recruiting, asked candidates to bring Apple hardware components to interviews, coached departing employees on how to evade Apple's security procedures, and requested details about unannounced products. Another former Apple engineer, Chang Liu, supposedly kept his Apple-issued laptop after leaving for OpenAI and used it to download confidential technical documents.
TechCrunch reports that Apple even found OpenAI using a proprietary Apple metal finishing technique after misleading a partner into believing it had permission. Apple sent OpenAI a letter in February raising concerns. OpenAI never responded.
This is not just a legal dispute between two tech giants. It is a pattern that has been building for years, and it has implications for every product team working with AI.
The pattern: taking what was not offered
The AI industry has a taking problem. It started with training data. Large language models were built by ingesting the entire internet — books, articles, code, images, conversations — without asking, without crediting, and without compensating the people who created that work. When the New York Times sued, OpenAI's defence was essentially: everyone does it, and besides, it is transformative.
Then it was evidence destruction. The NYT alleged this week that OpenAI deliberately deleted billions of logs central to the copyright case. OpenAI called it storage management.
Then it was steganographic fingerprinting. Claude Code was found embedding invisible tracking markers in every prompt, without telling users.
Then it was quiet dependency-building. Anthropic launched a feature designed to expand AI adoption and framed it as helpfulness.
Now it is trade secret theft. A company that built its foundation on taking the internet's creative work is now accused of taking a competitor's hardware secrets through targeted recruitment of their top talent.
The pattern is consistent: appropriate first, ask forgiveness later, and frame the whole thing as innovation.
What is a trade secret, and why should product people care?
A trade secret is confidential business information that gives a company a competitive advantage — think Coca-Cola's recipe, or Apple's unannounced product designs and proprietary manufacturing techniques. Unlike patents, which are public in exchange for legal protection, trade secrets are protected by keeping them secret. The legal system protects them through laws that prohibit theft, espionage, and breach of confidentiality agreements.
Product people should care because trade secrets are the invisible infrastructure beneath every competitive advantage you have. The algorithm that makes your recommendation engine 15% better than the competition. The dataset you spent three years curating. The manufacturing process that lets you ship hardware at half the cost. When these leak to a competitor through targeted recruitment and deliberate information extraction, your product's moat disappears overnight.
The OpenAI hardware play changes the stakes
What makes this different from a typical employee poaching case is that OpenAI is building a hardware product. They acquired Jony Ive's device startup io for $6.5 billion last year. Industry analysts believe they are building a phone that replaces apps with AI agents — a direct assault on Apple's core business.
If OpenAI is building an iPhone competitor, then Apple's hardware secrets — component selection processes, vendor relationships, metal finishing techniques — are not just competitive information. They are the playbook for the exact product OpenAI is trying to build.
Apple's filing says the misconduct was "directed by OpenAI's senior leadership." If true, this is not a few rogue employees. It is a company strategy.
The Boko Haram report: a darker version of the same pattern
On the same day, CASP published a report on how Boko Haram uses frontier AI models. Terrorist groups are using large language models for propaganda generation, operational planning, encrypted communication analysis, and recruitment. The same capabilities that make AI useful for businesses — content generation, data analysis, language translation — are being repurposed by groups that intend harm.
This is the same pattern at a different scale. The AI industry built powerful tools, took what it needed to build them, and then distributed those tools broadly without adequate guardrails for how they could be misused. Whether it is training data, trade secrets, or terrorist access — the common thread is insufficient attention to what happens after the capability is released.
GPT-5.6 and the government gate
Also this week, OpenAI launched GPT-5.6 — a family of three models (Sol, Terra, Luna) with explicit government restrictions. GPT-5.6 Sol was initially held back by the US government over cybersecurity concerns before being released. OpenAI calls it their "strongest cybersecurity model yet" and brags that Sol beats Anthropic's Fable 5 on coding benchmarks while costing a third less.
The government intervention is notable. A frontier AI model was restricted from release because regulators assessed its cybersecurity capabilities as potentially dangerous. It was eventually released, but the precedent is set: the government is now a gatekeeper on model releases. The question nobody is answering well is: what standard was used to decide this model was safe enough? And who gets to make that call?
Why this matters for product design
- Trust is a product feature, not a legal checkbox. Apple is suing because OpenAI allegedly took its secrets. But the reputational damage is already done. Every company that partners with an AI vendor is now asking: if they will take Apple's secrets, what will they do with mine? The same question applies to user data. If you build products on top of AI platforms, your users' trust in that platform is part of your product. When the platform's trust erodes, your product's trust erodes with it.
- Data provenance is a product surface. I have written about this before: where content comes from matters. But provenance is not just about training data attribution. It is also about whether the insights in your competitor's product came from legitimate innovation or from stolen trade secrets. When the provenance of competitive advantage is murky, the entire market's trust in fair competition erodes.
- Dual-use is a design problem. The Boko Haram report highlights something product teams need to confront: powerful tools will be used by bad actors. "We did not intend this" is not a design choice. Designing for misuse is a design choice. Every product team shipping AI capabilities should be asking: what is the worst thing someone could do with this, and have we designed a surface that makes that harder?
- Government gating is here. Whether you think the government should be in the loop on model releases or not, the fact is that it now is. Product teams need to plan for a world where some capabilities are restricted, some releases are delayed, and some features require government approval. This is the new regulatory landscape, and pretending it is not happening is not a strategy.
My take
The AI industry keeps running into the same wall: it wants to move fast and take things, and it is shocked every time someone objects. Training data was taken without asking. Evidence was deleted without preserving. Tracking markers were hidden without disclosing. Adoption features were launched without transparency. And now, according to Apple, trade secrets were stolen without consequence.
Each of these is a product design decision. Someone chose to scrape rather than license. Someone chose to delete rather than preserve. Someone chose to hide rather than disclose. Someone chose to poach rather than invent. These are not accidents. They are choices made by people who believed that the speed of innovation justifies the means.
Maybe it does. Maybe in five years, nobody will remember how the data was obtained or whose secrets were taken. But I doubt it. Because every time the industry takes something that was not offered, it teaches the people who use its products that appropriation is normal. And when appropriation is normal, trust becomes impossible.
The companies that will still be standing in ten years are the ones that figured out how to build without taking. Everyone else will be in court, explaining why they thought the rules did not apply to them.