induwara.lk
Opiniontrade-secretsstartupsintellectual-property

Apple sues OpenAI: trade-secret lessons for small teams

Apple's trade-secret lawsuit against OpenAI is really a story about departing employees and IP hygiene. Here's what it means for a small Sri Lankan team.

Induwara Ashinsana5 min read
Apple and OpenAI logos side by side against a dark courtroom-style background
Image: TechCrunch

Apple sues OpenAI over alleged trade secret theft, and my first reaction was not "who's right" but "this is the exact mistake a two-person Colombo startup makes without ever getting sued." According to TechCrunch, Apple alleges the misconduct was directed by OpenAI's senior leadership, including a long-time former employee.

I'm not a lawyer, and I'm not going to pretend I know how this ends. But the shape of the dispute, a former insider who allegedly carried valuable knowledge to a competitor, is the single most common way small companies lose their edge. You don't need Apple's legal budget to learn from it.


๐Ÿ” What a "trade secret" actually is

A trade secret isn't a patent. That distinction matters more than most builders realise, because the two protect completely different things in completely different ways.

Trade secret Patent
What it protects Anything secret with commercial value (recipes, code, processes, customer lists) A specific novel invention
How you get it Just keep it secret + take reasonable steps to protect it File, pay, wait, publish
Public disclosure None. Secrecy is the protection Full public disclosure
Duration Forever, until it leaks ~20 years, then public
Dies when It becomes public knowledge The term expires

Key takeaway: A trade secret's entire legal existence depends on you actually keeping it secret. The moment you stop taking "reasonable steps" to protect it, the protection evaporates, no lawsuit required to lose it.

That's the uncomfortable part of the Apple story for small teams. The alleged value walked out on two legs. Once knowledge is in someone's head, technical locks don't help. Your protection is contractual and procedural, not cryptographic.


๐Ÿ› ๏ธ The departing-employee problem, scaled down

Apple's complaint reportedly centres on a long-time former employee. Strip away the billion-dollar names and this is a Tuesday afternoon at any growing company:

  1. Someone senior leaves.
  2. They join a competitor, or start one.
  3. They know your pricing model, your unpublished roadmap, your customer list, the one clever thing your product does that nobody else does.
  4. Nobody wrote down who was allowed to know what.

I've seen Sri Lankan freelancers and small agencies get burned by step 4 specifically. There was no NDA, no offboarding checklist, no access review. The knowledge wasn't stolen in any dramatic sense. It just... left, because nothing ever marked it as protected.

Bottom line: If you can't point to the "reasonable steps" you took to keep something secret, a court, and reality, may decide you never treated it as a secret at all.


๐Ÿ’ก IP hygiene a two-person team can actually do

You don't need a legal department. You need a handful of boring habits that cost nothing but discipline. Here's the minimum I'd run for any small SL team:

  • Written NDAs and IP-assignment clauses in every employment and contractor agreement. Get a local lawyer to sign off on a template once; reuse it forever.
  • Least-privilege access. Not everyone needs the production database or the full customer export. Grant per-role, review quarterly.
  • A real offboarding checklist. Revoke tokens, rotate shared credentials, disable accounts on the last day, not the following week.
  • Label what's confidential. A repo README or doc header that says "Confidential, internal only" is cheap evidence that you treated it as a secret.
  • Log access to sensitive assets. Even a simple audit trail shows who touched what.

Here's a dead-simple offboarding script skeleton, the point isn't the code, it's that the checklist exists and runs every time:

# offboard.sh โ€” run on an employee's last day
USER="$1"
echo "Revoking access for $USER"
# 1. Disable SSO / email account
# 2. Remove from GitHub org + rotate any deploy keys they held
# 3. Rotate shared API keys the whole team used
# 4. Revoke database credentials
# 5. Archive their laptop image, wipe device
echo "Offboarding complete. Log this to your audit trail."

The gap between "we trust each other" and "we have a checklist" is where most small-team IP disputes are born.


๐ŸŒ Where open source changes the maths

Not everything should be a trade secret. For a lot of Sri Lankan builders chasing a global audience on a learning budget, openness is a stronger strategy than secrecy. Your moat becomes your execution, community, and support, not a hidden algorithm.

Strategy Best when The risk
Trade secret You have a genuine, hard-to-reverse edge One leak ends it; enforcement is expensive
Patent The invention is novel and worth the filing cost Slow, costly, publicly disclosed
Open source Adoption and trust matter more than secrecy Anyone can fork; you compete on execution

The Apple v. OpenAI fight is a reminder that secrecy is a liability you have to actively maintain. Open source flips that: there's nothing to steal, and contribution becomes your distribution. Decide deliberately which parts of your product are secret and which are shared. The mistake is defaulting into secrecy for things that were never really secret and never really protected.

If part of your workflow involves checking whether text or code looks suspiciously copied, our free AI text similarity checker can give you a quick signal, useful for spotting when a "new" document is really an old one with the logo swapped.


๐Ÿ’ฌ What this means for you

You will probably never sue anyone, and nobody will sue you. But the failure mode in this lawsuit, valuable knowledge leaving through a person while nobody tracked it, is one you can hit at any size.

  • Treat your edge like it's real. Write down what's confidential, and take steps to keep it that way.
  • Contracts first, not after the fallout. NDAs and IP-assignment clauses are cheap now and priceless later.
  • Offboard like it matters. The last day is when access should end, every time.
  • Choose secrecy on purpose. If openness serves you better, commit to it and stop pretending you have a secret you never protected.

I'll watch how the case develops, but the lesson doesn't depend on the verdict. Secrets you don't protect aren't secrets. They're just facts waiting to walk out the door.

#trade-secrets#startups#intellectual-property
IA

Induwara Ashinsana

Information Systems student at UCSC and Executive Director at Ryzera Technologies. Writes about software, AI, and what it means for builders in Sri Lanka.

About the author โ†’

Keep reading