Onyrisanitize
All articles
Guide6 min read

Protecting trade secrets when you use AI

Roadmaps, R&D, strategic contracts: handing a trade secret to AI can strip its protection. How to anonymize before ChatGPT, Claude or Gemini.

By Alexis de ONYRI

A trade secret — an R&D process, a product roadmap, a strategic client list, a pricing formula — is legally protected only as long as it stays secret and is subject to reasonable protection measures. Pasting it into a consumer AI hands it to a third party and can weaken that protection. Before having strategic content analyzed or rephrased, replace project names, figures and identifying elements with tokens: the model reasons, without accessing the secret.

Why disclosure weakens protection

The EU Trade Secrets Directive conditions protection on three criteria: the information is secret, it has commercial value because it is secret, and its holder has taken reasonable steps to keep it secret. Sending that information to a third-party service with no framework runs against the third criterion — and therefore against the protection itself.

  • Unpatented technical processes, methods and know-how.
  • Roadmaps, product plans, strategic deadlines and priorities.
  • Commercial data: prices, margins, key client or supplier lists.
  • Internal project names and identifiers that tie the information to your strategy.
Diagram: an R&D technical drawing whose dimensions and project name are masked by tokens, next to a safe symbolizing the trade secret.
Dimensions, project names and figures become tokens before sending; the secret stays in the safe.

What to mask before any prompt

  1. 1Code names and internal project identifiers.
  2. 2Strategic figures: prices, margins, volumes, deadlines.
  3. 3Distinctive technical data: parameters, dimensions, configurations specific to your know-how.
  4. 4Names of strategic clients, partners and suppliers.

A flow that keeps the secret in the safe

  1. 1Detection: the engine spots project names, figures and identifying technical elements.
  2. 2Tokenization: each element becomes a neutral token, kept in local memory.
  3. 3Sending: only the anonymized text goes to the AI — the secret doesn't transit.
  4. 4Restoration: the answer is de-tokenized in your browser, ready to use internally.

ONYRI Sanitize detects strategic markers — project names, internal URLs, figures, identifiers — and restores the answer in your browser. Your R&D and strategy teams gain AI's help to structure or rephrase, without ever letting the secret leave the company.

Frequently asked questions

Does handing a strategic document to ChatGPT strip its protection?
It can weaken it. Trade-secret protection assumes reasonable measures to keep it secret; sending it to a third party with no framework runs against that criterion. Anonymizing before sending lets you use AI without disclosing the protected information.
What's the difference between a patent and a trade secret with AI?
A patent is public by nature; a trade secret draws its value from confidentiality. The latter is the most exposed by a copy-paste into an AI: once disclosed, it can lose its protection. Hence the importance of anonymizing upstream.
How do I have AI analyze a roadmap without disclosing it?
Replace project names, key dates and figures with consistent tokens, then ask for the analysis. AI works on the structure and the logic; after restoration in your browser, you get a usable answer, without the strategic content ever leaving your machine.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next