TL: DR
Biotech and pharma are feeding their most valuable IP — pre‑patent compounds, clinical signals, and deal economics — into AI agents that understand permissions but not the subtle trade secret boundaries those assets live inside. Building on Gidi Cohen’s Substack work on the “judgment gap,” this article explains why misusing data in an AI workflow can quietly destroy trade secret protection without any classic “breach,” and why access control alone cannot fix that. It then shows how Bonfy.AI turns relationship‑aware context — who owns what, under which NDA or CDA, and in which program — into real‑time guardrails at the AI boundary, so biotech and pharma can keep accelerating with agents while still meeting DTSA‑level “reasonable measures” for protecting the IP that defines their existence.
******************
Biotech and pharma are putting their most irreplaceable IP into AI agents that have judgment only about tokens and permissions, not about relationships, obligations, or trade secret boundaries — and that’s exactly the exposure Gidi’s latest Substack article warns about and that Bonfy.AI exists to solve.
In his Substack series on AI data security, Gidi Cohen argues that modern AI turns data risk from a “what” problem into a “who and why” problem: who the data belongs to and why it is being used in a given context. Biotech and pharma are the clearest example of that shift. Their AI workflows do not touch generic content; they reason over pre‑patent structures, clinical datasets, regulatory strategies, and partnership economics that embody years of R&D and billions in investment.
As Gidi highlights, traditional security tools see repositories and permissions but not the underlying relationships that make a given use of data appropriate or reckless. In biotech, that missing relational layer is what turns an AI “judgment failure” — combining two datasets that should never meet, or sending the wrong context to the wrong model — into an event that can quietly destroy trade secret status under the Defend Trade Secrets Act.
Bonfy’s view, grounded in Gidi’s thesis, is that the primary risk to biotech IP in the AI era is not classic exfiltration; it is AI‑mediated misuse that erodes the very conditions that make trade secrets enforceable.
Gidi’s Substack pieces describe a core architectural problem: AI agents inherit access, not judgment. Bonfy’s product is engineered to rebuild that judgment layer exactly where AI makes its decisions — at the content boundary between users, tools, and models.
Concretely, across biotech and pharma workflows we see three recurring patterns that his writing maps directly onto:
Each pattern reflects the “who and why” failure Gidi describes: the AI finds something relevant, but no system asks whether surfacing it is appropriate given the relationship and obligations surrounding that data. Bonfy ACS™ addresses this by:
Where Gidi’s articles argue that “relevance is not permission” and “the missing who must become enforceable guardrails,” Bonfy’s role is to make those guardrails real in the places biotech teams actually use AI.
Gidi has written that AI data security is becoming a context‑engineering problem: protecting sensitive information now depends on encoding the rich, relational context that people once carried in their heads into systems that can act on it automatically. Biotech and pharma are where that context is most complex and most valuable per byte.
In practice, Bonfy brings that context into AI governance for biotech by:
So while Gidi’s Substack series lays out why the judgment gap is the defining risk of AI in enterprises, Bonfy’s complementary role — especially in biotech and pharma — is to turn that thesis into a concrete enforcement layer that protects the asset class where one AI judgment failure can cost more than a data breach ever would.