Monday, July 13, 2026

Apple v. OpenAI offers a master class in spotting trade secret theft before it's too late

Apple's newly filed trade secret lawsuit against OpenAI contains an allegation that should make every employer's ears perk up.

According to the complaint, multiple departing Apple employees allegedly emailed Apple's confidential information to their personal email accounts on their way out the door. Apple also claims that some former employees later used Apple's confidential and trade secret information to help OpenAI develop competing hardware.

Whether Apple ultimately proves those allegations is for the courts to decide.

But the behavior it describes is one of the oldest—and most obvious—red flags in the employee-theft playbook.

When someone suddenly starts forwarding company files to Gmail the week before resigning, odds are they're not creating a personal scrapbook.

The good news is that employees who steal information often leave breadcrumbs. The key is knowing what to look for.
 
1. Forwarding files to personal email. This is the classic tell. Employees suddenly emailing themselves spreadsheets, customer lists, source code, pricing information, engineering documents, contracts, or other confidential files shortly before giving notice should immediately raise concerns. Sometimes they'll even justify it by saying they're "working from home" or "need it for reference." Maybe. But if that activity spikes immediately before resignation, it's worth investigating.

2. Unusual downloading or printing activity. Most employees have predictable habits. Then, two weeks before resigning, they download thousands of files they've never previously accessed. Or print hundreds of pages. Or export an entire CRM database. Volume matters. Timing matters even more.

3. Plugging in personal USB drives or external hard drives. USB devices remain one of the fastest ways to walk out with gigabytes of proprietary information. Most organizations can monitor—or even block—these transfers. If your systems aren't logging USB activity, they should be.

4. Cloud uploads. Dropbox. Google Drive. OneDrive. iCloud. Personal cloud storage has largely replaced the thumb drive as the preferred method of taking company information. Watch for large uploads to personal accounts, particularly after hours. 

5. Accessing information unrelated to the employee's job. Salespeople suddenly reviewing engineering files. Engineers downloading HR records. Finance employees opening customer databases. Curiosity isn't always innocent. When employees begin accessing information outside their normal responsibilities shortly before departure, ask why.

6. Odd-hour activity. A longtime employee who always worked 8:30 to 5 suddenly starts logging in at midnight. Or on weekends. Or while supposedly on vacation. Sometimes there's a perfectly innocent explanation. Sometimes there isn't.

7. Deleting evidence. Ironically, people trying to hide theft often create another red flag. Large-scale email deletions. Deleted folders. Cleared browser histories. Attempts to disable logging. Employees trying to erase their tracks often leave new ones.

8. Sudden interest in confidential projects. Employees who are leaving sometimes begin asking for access they've never needed before. "I just wanted to understand the project." Maybe. Or maybe they wanted one last chance to copy it.

9. Competitor timing. An employee resigns on Friday. Starts at your direct competitor Monday. Combined with suspicious electronic activity before departure, that timing deserves attention. Competition is legal. Taking your former employer's trade secrets to help your new employer compete isn't.

Apple may eventually prove its allegations. OpenAI may successfully defend against them. That's what litigation is for. Prevention, however, is far easier and much less expensive than litigation. Indeed, employers shouldn't wait until they're filing a lawsuit to think about protecting their confidential information.

Have written confidentiality agreements.
Limit access to sensitive information on a need-to-know basis.
Monitor unusual data activity.
Conduct meaningful exit interviews.
Collect company devices immediately.
Disable access promptly.

And if your IT team sees an employee forwarding confidential files to a personal Gmail account the day before they resign? Don't ignore it.

More often than not, trade secret theft announces itself before the employee ever walks out the door. The question is whether anyone notices.