•
One of the first federal cases to test whether strategic prompting of a generative AI model to extract its system prompt constitutes trade secret misappropriation under federal law.
OpenEvidence Inc. v. Doximity Inc. is a federal trade secret and computer fraud case pending in the U.S. District Court for the District of Massachusetts that is one of the first cases to test whether strategic prompting of a generative AI model to extract its system prompt constitutes trade secret misappropriation under federal law.
The case raises novel questions at the intersection of trade secret law, computer fraud, and artificial intelligence. The outcome could establish precedent for how courts treat prompt injection attacks, system prompt confidentiality, and the boundaries of competitive intelligence in the AI industry.
| Item | Details |
|---|---|
| Case Name | OpenEvidence Inc. v. Doximity Inc. |
| Court | U.S. District Court, District of Massachusetts |
| Docket No. | 1:25-cv-11802 |
| Filed | June 20, 2025 |
| Key Statutes | Defend Trade Secrets Act (DTSA), Computer Fraud and Abuse Act (CFAA), Digital Millennium Copyright Act (DMCA) |
| Status | Active; motion to dismiss partially denied January 2026 |
The central legal questions involve:
OpenEvidence operates an AI-powered medical search platform exclusively accessible to healthcare professionals. Users access the platform using National Provider Identifier (NPI) numbers, and the platform's terms prohibit impersonation and reverse engineering.
OpenEvidence alleges that Doximity's Chief Technology Officer and AI Products Director impersonated licensed physicians by using stolen NPI numbers to access the platform. Once inside, they allegedly submitted prompts designed to trick the AI model into revealing its proprietary system prompt, including instructions such as:
The complaint further alleges that Doximity conducted large-scale data scraping of the AI model's responses, submitting hundreds of similar queries to map the model's reasoning patterns and compile a dataset to replicate its functionality. OpenEvidence characterizes this as "prompt stealing."
OpenEvidence asserts ten claims, including trade secret misappropriation, CFAA violations, DMCA violations, unfair competition, Lanham Act violations, and defamation.
Doximity moved to dismiss, arguing that OpenEvidence fails to identify its alleged trade secrets with the specificity required under the DTSA. Doximity contends that elements like the chatbot's tone, formatting, citation style, and disclaimers are visible to any user and therefore cannot be trade secrets.
Doximity also argues that even if a protectable trade secret exists, it at most attempted to obtain it and was never successful in extracting the full system prompt. Doximity filed counterclaims alleging that OpenEvidence engaged in a campaign of misinformation and harassment.
Judge Richard G. Stearns ruled that OpenEvidence could proceed with most of its claims, including those related to computer fraud, breach of contract, and unjust enrichment. OpenEvidence dropped its original trade secret misappropriation claims but advanced related theories. The court also allowed Doximity's counterclaims to proceed.
The case could establish important precedent in several areas:
What is prompt injection? Prompt injection is a technique in which a user submits strategically crafted inputs to an AI model designed to bypass its safety guardrails or extract protected information, such as the model's system prompt or behavioral rules.
Which court is hearing the case? The U.S. District Court for the District of Massachusetts, before Judge Richard G. Stearns.
Why is this case significant for the AI industry? It is one of the first federal cases to test whether AI system prompts are protectable trade secrets and whether prompt injection constitutes unlawful misappropriation.
Use PacerPlus to search the actual court documents from this case.