All articles
July 13, 2026

The Reverse Information Paradox: Protecting Core IP in the Age of Intelligence

Nadella warns intelligence is a commodity while your company knowledge leaks into shared models. How to protect core IP when adopting AI, from practitioners.

Over the past year Satya Nadella has said a few things that should worry executives more than any "robots take over" storyline. The gist: the models themselves are turning into a commodity, while your company's knowledge risks getting "commoditized right out from underneath you." We ship AI into businesses every week, and we read this not as futurism but as a description of a concrete project risk. The real danger when adopting AI is not that an agent makes a mistake. It's that your know-how quietly leaks into someone else's model and stops being your advantage. That's why protecting core IP when adopting AI isn't a security line at the bottom of the invoice. It decides whether you'll still have a moat in two years.

Below we cover what Nadella actually said (verbatim, with sources), how Arrow's 1962 paradox fits in, how much core IP already leaks into public models by the numbers, and how to roll out AI so the learning loop stays yours. We call this frame the "reverse information paradox" — and to be clear, that's our phrasing, not a Nadella quote.

What Nadella actually said — and why it isn't about models

Nadella argues that competitive advantage has moved out of the models and into how you wrap them with your data and processes. On a March 2025 podcast he put it plainly: "the models are getting commoditized," adding that "OpenAI is not a model company, it's a product company that happens to have fantastic models" (the-decoder).

He'd made the same point earlier on X: as AI turns agentic, "models themselves become more of a commodity, and all value gets created by how you steer, ground, and finetune these models with your business data and workflow" (X). Read it back: the value lives in your data and processes on top of the model, not in the model.

By 2026, in his essay Frontier Ecosystem, Nadella sharpened it. He warned of "a small number of AI systems capturing all the economic returns," while whole industries find their knowledge "commoditized right out from underneath them" (the-decoder). And the line worth pinning to the wall: "You can offload a task, or even a job, but you can never offload your learning."

The problem lives in that gap. Intelligence gets cheaper and shared. A specific company's knowledge does not. Roll out AI in a way that ships your knowledge into a shared model, and you hand over the one thing that was never supposed to get cheap.

The reverse information paradox: Arrow's paradox, flipped for the AI era

In 1962 economist Kenneth Arrow described what we now call the "information paradox" (in "Economic Welfare and the Allocation of Resources for Invention"). His wording: "its value for the purchaser is not known until he knows the information, but then he has in effect acquired it without cost" (Arrow information paradox). In plain terms: you can't sell information without showing it, and once you show it, you've given it away for free. The classic trap for anyone who trades in knowledge.

We call what's happening with AI the "reverse information paradox" because the old trap runs backwards. With Arrow, you lost the value of information the moment you sold it. In the age of shared models, you lose it the moment you feed it in — not to a buyer, but to a model everyone uses, including your competitors. Disclosure happens at inference, not at the sale. And notice: nobody bought anything from you. You paid for a subscription and threw the know-how in for free.

This isn't paranoia. The default way to adopt AI — "give the team ChatGPT" — works against your moat by design. The good news: the paradox has a workaround, and it doubles as the right way to roll AI out. We'll get there at the end.

The cost of the leak: how much core IP already flows into other people's models

This isn't hypothetical — leaks are happening now, and they're measurable. Cyberhaven, analyzing ChatGPT use across 1.6 million workers, found back in 2023 that 11% of everything people paste into ChatGPT is confidential data, with such incidents up 60% over six weeks (Cyberhaven). Source code and client data top the list of what leaks.

The best-known case is Samsung. In 2023, engineers pushed sensitive material into ChatGPT three times in 20 days: source code, a defect-detection algorithm, and a transcript of an internal meeting. The result — the company banned ChatGPT for employees and started building its own internal tool (Forbes).

By 2025 this stopped being a string of oddities and became the background hum:

What was measuredNumberSource
Pastes into ChatGPT that are confidential11%Cyberhaven, 2023
Office workers using AI without IT approval71%Reco, State of Shadow AI 2025
Businesses that already had a leak from unsanctioned AI~20%Reco, State of Shadow AI 2025
Average cost of a breach where shadow AI is high$670,000Reco, State of Shadow AI 2025
OpenAI's share of corporate shadow-AI traffic53%Reco, State of Shadow AI 2025

The shadow-AI figures come from Reco's "State of Shadow AI 2025". It reads simply: your people already carry your data into public models, most companies can't see it, and a leak costs six figures.

One detail matters. In the reverse information paradox, the leak doesn't look like a leak. Nobody breaches the perimeter or walks a database out on a USB stick. An employee just wants to finish faster and drops a chunk of code or a client email into a chat. From a security standpoint, nothing loud happened. From a moat standpoint, you gave away a piece of what people pay you for.

What becomes the real moat: the learning loop, not the model

If the model is a commodity, the moat is whatever doesn't leave when you swap providers. Economist Christian Catalini, writing in Forbes, called this "Nadella's test": you should be able to "swap out a generalist model without losing the 'company veteran' expertise built into your learning system" (Forbes). Simpler: pull the model out of your product. If the value collapses, the model was doing your job, not amplifying your expertise.

Nadella describes the mechanism as "building a learning loop on top of models where human capital and token capital compound." A learning loop is when every case you work, every expert correction, every defect you catch becomes a signal that stays with you and makes the next run sharper. Everyone shares the model. Only you have the loop.

The difference shows up in a simple example. Two law firms plug the same model into contract review. The first runs documents through a public chat and enjoys the speed. The second keeps the model inside its own boundary and files every lawyer's edit into a base the system gets sharper on — on exactly its type of deals. A year later the first firm has the same ChatGPT everyone has. The second has an assistant that knows its practice better than any competitor. The model was identical for exactly one day.

We've made this point before, unpacking Anthropic's research on the return to expertise: AI doesn't retire the domain expert, it raises the price of their accumulated knowledge. On our projects the moat forms not where the newest model sits, but where the client has closed the loop on its own data and feedback. We drew the same lesson from 100+ AI consultations: the winners aren't the ones who wired up ChatGPT fastest, but the ones who built a system where knowledge keeps accumulating inside.

How to protect core IP when adopting AI: a practical setup

Protecting data when adopting AI comes down to one principle: use someone else's intelligence, but don't pour your knowledge into the shared pot. On projects we break it into five steps.

  1. Classify data before the pilot. Mark what counts as core IP (source code, client base, pricing, methods) and what doesn't. Skip this and "give everyone ChatGPT" becomes a voluntary leak.
  2. Keep a private boundary. Route the sensitive stuff through models inside your perimeter: Azure OpenAI, self-hosted open models, or an AI agent with RAG over your documents, without the provider training on them. Public ChatGPT stays for non-confidential work only.
  3. Put no-training in the contract. Confirm the provider doesn't learn from your data, and lock it down in writing, not "by a default checkbox in settings."
  4. Turn on DLP and a policy. Since even basic rules against shadow AI aren't universal, a simple policy plus monitoring already pulls you out of the risk group.
  5. Build your own learning loop. Keep expert feedback, labels, and corrections closed on yourself. That's your moat, in Nadella's terms.

A short cheat sheet on what you can and can't feed into someone else's model:

Fine for a public modelPrivate boundary only
Draft copy, rewritesSource code and algorithms
Public data, researchClient base and contracts
Ideas, brainstorming, learningPricing and methods
Formatting, translationInternal meetings and strategy

None of this slows you down. The opposite: teams with the boundary set up adopt more boldly, because they aren't scared to connect AI to real processes. If you want to build that setup for your business, look at our AI implementation services or just discuss your project — we'll tell you what's safe to hand a model and what has to stay yours.

You can't cancel the reverse information paradox, but you can route around it. Nadella is right on the core point: you can delegate the task, not the learning. So adopt AI in a way that keeps the learning with you.

Want to implement an AI agent?

Let's discuss your task and suggest the optimal solution

Reverse Information Paradox: Protecting Your Core IP in AI | Gless AI