Bonfy Blog

Relevance Is Not Permission: The Hidden Way AI Agents Erode Pharma's IP

Written by Vishnu Varma | 7/2/26 2:30 PM

TL: DR

Biotech and pharma are feeding their most valuable IP — prepatent compounds, clinical signals, and deal economics — into AI agents that understand permissions but not the subtle trade secret boundaries those assets live inside. Building on Gidi Cohen’s Substack work on the “judgment gap,” this article explains why misusing data in an AI workflow can quietly destroy trade secret protection without any classic “breach,” and why access control alone cannot fix that. It then shows how Bonfy.AI turns relationshipaware context — who owns what, under which NDA or CDA, and in which program — into realtime guardrails at the AI boundary, so biotech and pharma can keep accelerating with agents while still meeting DTSAlevel “reasonable measures” for protecting the IP that defines their existence.

******************

Biotech and pharma are putting their most irreplaceable IP into AI agents that have judgment only about tokens and permissions, not about relationships, obligations, or trade secret boundaries — and that’s exactly the exposure Gidi’s latest Substack article warns about and that Bonfy.AI exists to solve.

From Gidi’s “judgment gap” to biotech’s trade secret risk

In his Substack series on AI data security, Gidi Cohen argues that modern AI turns data risk from a “what” problem into a “who and why” problem: who the data belongs to and why it is being used in a given context. Biotech and pharma are the clearest example of that shift. Their AI workflows do not touch generic content; they reason over prepatent structures, clinical datasets, regulatory strategies, and partnership economics that embody years of R&D and billions in investment.

As Gidi highlights, traditional security tools see repositories and permissions but not the underlying relationships that make a given use of data appropriate or reckless. In biotech, that missing relational layer is what turns an AI “judgment failure” — combining two datasets that should never meet, or sending the wrong context to the wrong model — into an event that can quietly destroy trade secret status under the Defend Trade Secrets Act.

Bonfy’s view, grounded in Gidi’s thesis, is that the primary risk to biotech IP in the AI era is not classic exfiltration; it is AImediated misuse that erodes the very conditions that make trade secrets enforceable.

How Bonfy implements Gidi’s ideas at the AI boundary

Gidi’s Substack pieces describe a core architectural problem: AI agents inherit access, not judgment. Bonfy’s product is engineered to rebuild that judgment layer exactly where AI makes its decisions — at the content boundary between users, tools, and models.

Concretely, across biotech and pharma workflows we see three recurring patterns that his writing maps directly onto:

  • Research agents that mix internal compound libraries with public literature.
  • Regulatory agents that draft summaries using embargoed clinical signals.
  • BD agents that compress multipartner term sheets and valuations.
  • Modeling IP relationships as an entityaware graph — partners, programs, NDAs, CDAs, exclusivity windows — rather than a flat set of labels.
  • Inspecting prompts, tool results, and outputs in real time to detect when graphbound entities (compounds, trial IDs, deal terms) appear in contexts that cross those relationship boundaries.
  • Enforcing judgment policies at the AI boundary: blocking, redacting, or rewriting AI interactions when they would combine data across incompatible obligations or send protected IP into unauthorized reasoning contexts.
  • Translating partner and program metadata — which used to live only in a research director’s intuition — into machinereadable graphs that drive realtime AI decisions.
  • Providing visibility into where AI agents are already crossing IP boundaries, so security and legal teams can see misappropriationstyle risk before it becomes a case file.
  • Giving CISOs and GCs a way to operationalize Gidi’s architectural critiques inside their own environments: proving, with logs and controls, that “reasonable measures” for trade secret protection are being applied to AI agents, not just to traditional systems.

Each pattern reflects the “who and why” failure Gidi describes: the AI finds something relevant, but no system asks whether surfacing it is appropriate given the relationship and obligations surrounding that data. Bonfy ACS™ addresses this by:

Where Gidi’s articles argue that “relevance is not permission” and “the missing who must become enforceable guardrails,” Bonfy’s role is to make those guardrails real in the places biotech teams actually use AI.

Connecting Gidi’s broader architecture critique to biotech deployments

Gidi has written that AI data security is becoming a contextengineering problem: protecting sensitive information now depends on encoding the rich, relational context that people once carried in their heads into systems that can act on it automatically. Biotech and pharma are where that context is most complex and most valuable per byte.

In practice, Bonfy brings that context into AI governance for biotech by:

So while Gidi’s Substack series lays out why the judgment gap is the defining risk of AI in enterprises, Bonfy’s complementary role — especially in biotech and pharma — is to turn that thesis into a concrete enforcement layer that protects the asset class where one AI judgment failure can cost more than a data breach ever would.