Your edge is information, and information leaks.
A trading strategy can take years to discover and seconds to copy. That asymmetry is the entire problem.
For a fund, a proprietary trading shop, or a research desk, the asset that matters most never appears on the balance sheet. It is the signal, the model, the parameter set, the execution logic, the pipeline. Economists call the excess return it produces alpha. Whatever you call it, it carries the same fragile property as any trade secret: its value depends entirely on other people not having it.
That makes protecting alpha a different problem from protecting most corporate data. A leaked customer list is damaging. A leaked strategy can be terminal, because the moment a rival can replicate it, the edge compresses toward zero. And unlike a stolen database, you often cannot tell a strategy has leaked until your returns quietly stop working.
The pattern across the prominent cases of the last fifteen years is consistent: alpha rarely escapes through a dramatic external breach. It leaves through ordinary channels. A departing employee’s cloud account. A code repository. A chat log. A parameter saved in the wrong place. A strategy pasted into a public AI tool. This article maps those channels and how disciplined firms close them.
Three properties make a proprietary strategy harder to defend than almost any other asset.
It is intangible and portable. A strategy can live in a few hundred lines of code, a spreadsheet, a research note, or one person’s memory. It fits on a USB stick or in a personal email. No single vault holds all of it, because it is distributed across people and systems by design.
It degrades on disclosure rather than on destruction. Most security thinking balances confidentiality, integrity, and availability. With alpha, confidentiality is nearly the whole game. The strategy does not need to be deleted or locked up by ransomware to be ruined. It only needs to be seen by the wrong party.
Its legal status is genuinely contested. It is not even settled that a trading strategy qualifies as a protectable trade secret. When Jane Street sued Millennium Management and two former traders in April 2024, alleging they had carried off an “immensely valuable” India options strategy that the firm said produced more than $1 billion in 2023, the case raised exactly that question. It settled in December 2024 without answering it. The takeaway is sobering: the law is an uncertain backstop, so the controls that prevent a leak in the first place are what you actually rely on.
The most reliable predictor of trade secret loss is an employee heading for the door, often toward a competitor or a new venture. In 2009, a Goldman Sachs programmer named Sergey Aleynikov left for a high frequency trading startup and, on his way out, moved portions of the bank’s proprietary trading source code to an outside server and onto personal devices. Goldman’s monitoring flagged the unusual transfers, and he was arrested at Newark airport with the code in hand. The Jane Street matter is the same story in modern dress. The alleged vector was not a hacker but talent changing firms and taking knowledge along.
This is a cyber problem because the exfiltration routes are digital. Corporate mail forwarded to a personal address, files synced to a personal cloud drive, a repository cloned to a private account, a USB copy, a screenshot. Each looks like ordinary work until you line it up against a resignation.
Not every insider steals. Sometimes the asset is corrupted from the inside. Between November 2021 and August 2023, a researcher at Two Sigma made unauthorized changes to the parameters of fourteen live trading models, reportedly to lift his own compensation. According to the SEC, he could do it because those parameters sat outside the firm’s secure code repository, beyond its change controls. The result was roughly $620 million in unexpected gains and losses, at least $165 million in client harm the firm repaid, and a $90 million SEC penalty in early 2025.
Integrity matters as much as secrecy. If the logic that generates returns can be altered without a second set of eyes and an audit trail, a strategy can be skewed or sabotaged as easily as it can be copied.
Research runs on shared drives, notebooks, chat platforms, and Git. Each is a place where strategy logic accumulates, and each widens the surface it can escape through. Overly broad access to a repository, a misconfigured cloud bucket, a research channel that quietly includes contractors, or commit history that preserves a sensitive parameter long after it was deleted from the current code. The same features that make these tools good for collaboration make them efficient for leakage.
A fund’s secrets do not stay inside the fund. They flow to prime brokers, fund administrators, outsourced IT and managed service providers, data vendors, and cloud platforms. Each relationship is another path to the strategy, governed by someone else’s controls rather than yours. A breach at a vendor, or an attacker who compromises a service provider to reach many clients at once, can expose your positions and logic without ever touching your own network.
A newer channel deserves its own line. When a researcher pastes proprietary code, a strategy description, or sensitive data into a public AI assistant to debug or summarize it, that content leaves the firm’s control. The 2026 Ponemon and DTEX insider risk research singles out shadow AI and unsanctioned AI agents as risk amplifiers, precisely because adoption is outrunning governance. The intent is almost always innocent. The exposure is not.
The classic external attacks still matter, but their usual role is to open one of the doors above. A phished credential hands an outsider the same legitimate access an insider has, letting them read research and clone repositories quietly under a real employee’s name. This is why the line between insider and outsider has mostly dissolved. A compromised account is an insider with someone else’s hands on the keyboard.
When the deal closes, you do not just acquire revenue and people. You acquire the target’s entire security posture and its history, including:
The scale is not anecdotal. The Ponemon Institute and DTEX Cost of Insider Risks research puts the average annual cost of insider incidents near $19.5 million per organization in its 2026 edition, up from $17.4 million in 2025 and about $8.3 million in 2018. Most of that is driven by negligence and stolen credentials, not deliberate espionage, which is exactly why monitoring and controls, rather than trust, are what change the outcome. For a firm whose entire value is a defensible edge, one successful exfiltration is not a line item. It can end the business.
There is one more channel worth naming: the courtroom. Suing to protect a strategy can force disclosure of the very thing you are defending. In the Jane Street case, defense lawyers inadvertently revealed in open court that the strategy involved Indian options, and the headline profit figure drew the attention of India’s market regulator. Litigation is sometimes necessary, but it is a last resort with its own leakage risk. The cheaper, safer path is to make the strategy hard to take in the first place.
No single product solves this, and each control below maps to a failure already described.
Know where the strategy lives. You cannot protect what you have not located. Map every place the logic, parameters, research, and pipeline data actually sit, including the copies in chat, notebooks, and personal devices. This is the unglamorous prerequisite for everything else.
Separate the people from the power. Few employees need the whole strategy, and the person who designs a model should not be able to change its production parameters alone. Two Sigma is what the absence of that separation looks like. Put parameters and execution logic under version control, require dual authorization and an audit trail for anything that reaches production, and make sure nothing important lives off to the side.
Watch the way out, not just the way in. Egress monitoring and behavioral analytics that flag unusual downloads, repository cloning, mass forwarding, and cloud syncs are what caught Aleynikov. Tie heightened scrutiny to notice periods, because the weeks around a departure are when most intellectual property walks.
Hold your vendors to your own standard. Assume that a compromise at a prime broker, fund administrator, or outsourced IT provider is your compromise, and contract and monitor accordingly.
Decide what may touch an AI tool. Write a usage policy that defines what can and cannot go into external models, provide sanctioned alternatives, and monitor for shadow AI instead of pretending it is absent.
Test it like the person trying to take it. Red team your own exfiltration paths. Try to walk a strategy out through mail, cloud, code, and an AI assistant, and you will find the gaps before a departing employee or an attacker does.
Alpha is information, and information leaks. The costliest losses in this industry have not come from spectacular intrusions but from ordinary channels: a programmer leaving with the source code, an insider editing a model outside version control, a strategy carried to a rival, a sensitive note dropped into the wrong tool. The firms that keep their edge treat the strategy as what it is, the crown jewel of the business: located, access controlled, version governed, watched on the way out, and tested by someone whose job is to think like the person trying to take it.
