Gidi's Substack Articles

In Biotech and Pharma, One AI Judgment Failure Can Cost More Than a Data Breach Ever Would.

Written by Gidi Cohen | Jul 1, 2026 3:33:52 PM

The original article appeared here.

 

Why the industry with the highest-value data per byte is also the one with the least visibility into what AI agents are doing with it.

Every industry has sensitive data. Biotech and pharma have something different: data whose value is measured not in compliance penalties but in years of research, billions in development investment, and the entire competitive position of a company that may exist for the sole purpose of bringing one drug to market.

A data breach at a retail company is a serious incident. A data breach at a pre-commercial biotech can be an existential event.

That asymmetry should make biotech and pharma the most cautious AI adopters in the enterprise. In practice, the opposite is often true. AI tools are accelerating drug discovery, automating literature review, and supporting clinical operations at a pace that has outrun the governance frameworks designed to protect the intellectual property (IP) those workflows consume. The judgment gap previous articles in this series described across financial services and healthcare is present here too — but the consequences of getting it wrong are in a category of their own.

The Asset Class That AI Is Now Touching

The data that flows through biotech and pharma AI workflows is not generic enterprise content. It is pre-patent molecular structures and compound libraries. It is clinical trial protocols, interim efficacy data, and safety signals that determine whether a drug reaches market. It is regulatory submission strategies, competitive pipeline intelligence, and manufacturing process know-how that represents durable competitive advantage long after a product launches.

None of this is recoverable once disclosed. A patent can be filed after the fact. A disclosed trade secret cannot be undisclosed. The legal framework protecting it, including the Defend Trade Secrets Act and the contractual obligations governing every partner and vendor in the research supply chain, assumes the information was kept confidential. The moment it enters an AI reasoning context it was not authorized for, that assumption may no longer hold.

The AI Workflows Where IP Moves Without Oversight

A research scientist using Copilot or a custom AI agent to accelerate a literature review may pull from internal compound databases alongside public sources. The agent does not know which structures are pre-patent, which are subject to a confidential disclosure agreement (CDA) with a research partner, or which are covered by an exclusivity agreement. It retrieves what it can reach and assembles what the prompt asks for.

A regulatory affairs team prompting an AI with internal clinical data and competitive analysis sends that context outward through every tool call the agent makes. Proprietary information travels out. External information travels in. No enforcement layer evaluates whether either direction is appropriate given the IP obligations surrounding the data.

A business development team using AI to analyze partnership opportunities may retrieve and reason over confidential term sheets and pipeline valuations across multiple programs — programs that may be subject to entirely different confidentiality obligations depending on which partner relationship they originated from.

In each case, the agent has access. It does not have the judgment to know what those relationships mean for how the data should be handled.

The Trade Secret Risk Is Already Materializing

Federal trade secret filings reached their highest level ever recorded in 2025, with more than 1,500 cases filed in US district courts — the highest total since the Defend Trade Secrets Act was enacted in 2016, according to Lex Machina's 2026 Trade Secret Litigation Report. AI-related trade secret filings grew by approximately 80 percent in the first half of 2025 alone.

AI agents do not need to exfiltrate data to create exposure. They need only to use it in a context where it should not appear: in a prompt sent to an external model, in a retrieval response assembled from sources with incompatible confidentiality obligations, or in an output that combines proprietary information from programs whose IP boundaries should never have intersected. None of those events look like a breach. All of them may constitute misappropriation under the Defend Trade Secrets Act.

Why the Judgment Gap Is Wider Here

In financial services, the human judgment AI agents replaced was operationalized through regulatory frameworks. In healthcare, it was operationalized through HIPAA's minimum necessary standard. In biotech and pharma, the judgment that is missing is not primarily regulatory. It is relational and contextual in a way no classification system can capture.

A research director who had spent years on a program knew intuitively which data belonged to which partner, which compounds were pre-patent, and which competitive intelligence came through a channel that carried confidentiality obligations. That knowledge was embedded in professional judgment. It was never written down in a way a classification label could represent.

When an AI agent retrieves from the same repositories that research director once navigated manually, it has file permissions. It does not have the judgment that transformed those files from data into protected IP.

The Enforcement Has to Live at the Boundary

The governance response most organizations reach for is access control. That instinct is right as far as it goes, and it does not go far enough.

Access control limits what AI agents can open. It does not govern how retrieved content is used, what it is combined with, or whether the resulting output respects the confidentiality obligations surrounding the data. Those are judgment calls requiring understanding not just what the data is, but who it belongs to, what relationships surround it, and what obligations attach to it in the specific context of the request.

In biotech and pharma, that judgment has always been the difference between a well-governed research operation and a trade secret liability. AI agents do not change what the judgment requires. They change who, or what, has to provide it.

The original article appeared here.