Last week, Palantir sued Guardian AI, a Y Combinator startup founded by a pair of recently departed employees. The claim? Theft of trade secrets.
The Guardian AI founders allegedly told clients their product had saved them $150,000—mere weeks after leaving Palantir. That kind of result, that fast? It’s hard to believe they weren’t building with Palantir tech still ringing in their ears, or maybe even open on their laptops.
But here’s the catch: whether Palantir can stop them or recover its property will depend on something entirely unsexy. Not cutting-edge tech. Not legal firepower. Just whether Palantir took “reasonable measures” to protect its secrets in the first place.
In short: did they do the easy but boring bit?
We’ve written before about the first P—Process—and the importance of identifying and classifying trade secrets. That remains step one. If you don’t know what’s a trade secret, how can you prove it’s been stolen?
But this Palantir story brings us squarely to the second P: People. Here is the key number to remember: 72% of employees take company material with them when they leave. 59% believe it belongs to them.
It’s not malicious. It’s not espionage. It’s normal people copying code to their Dropbox because they built it. Because they’re proud of it. Because it’s their work. The problem? It’s not their IP.
Exit processes are your last line of defence—and often the most neglected.
A good exit interview isn’t about confrontation. It’s about clarity.
Remind people what they’ve had access to (which you should have on your register). Remind them what their obligations are. This doesn’t need to be hostile. In fact, it shouldn’t be. It’s just your final opportunity to ensure there’s no confusion about what’s theirs and what’s yours. If Palantir did this, they’ll be in good shape.
And on the other side of the coin: onboarding. You should check that new joiners aren’t bringing “gifts” from their previous employer. Remember when Uber had to give Waymo $245 million in equity because an engineer showed up with 9.7GB? You do not want to be the sequel to that. See more on our piece here.
Beyond exits and entrances, managing people risk includes awareness, culture and contracts:
This is where companies often fall down. Most are doing some of this. Very few are doing all of it.
In our work at Intanify, we consistently find companies who think they’re covered—because they have NDAs or some onboarding documents from a while back. But there’s a gap between “having” something and using it effectively.
That depends on whether it did the groundwork.
Did it identify and classify its trade secrets? Did it document who had access? Did it train staff, secure files, and remind leavers of their obligations?
If not, the case could crumble—even if Guardian AI did, in fact, copy core tech.
Palantir v Guardian AI is the latest in a long line of cautionary tales. Not of malicious hackers or cybercrime syndicates—but of people. Your own people. Doing what they think is fine, but which could cost you everything.
Most companies lose their secrets not to bad actors—but to good employees walking out the door, confused about what’s theirs.
Want to avoid being next? Start with the boring, but easy and cheap bits. And start today. It will be much more expensive later, and perhaps existential.