Back to Blog
Data Sovereignty

Your Data Is Your Moat. Stop Giving It Away.

Every time an organisation feeds proprietary data into a third-party AI platform, it trades long-term competitive advantage for short-term convenience. Multi-agent systems should work for you without requiring you to hand over the thing that makes you valuable.

March 25, 202611 min read

The Trade You Did Not Agree To

A pharmaceutical company spends two decades building proprietary formulation data. A logistics firm refines routing algorithms across 15 million deliveries. A retailer accumulates granular purchasing behaviour across 40 million customers.

These datasets are not just assets. They are the reason these organisations lead in their respective markets. The data represents millions of hours of research, operational refinement, and competitive learning that no competitor can replicate.

Then someone on the technology team connects a third-party AI platform. The prompt includes customer segments. The fine-tuning dataset includes internal process documentation. The training pipeline ingests proprietary product specifications.

The AI platform gets better. The organisation's competitive moat gets shallower.

This is not a theoretical risk. It is the default operating model for most enterprise AI adoption today.

The Evidence Is Already In

In early 2023, Samsung engineers submitted proprietary semiconductor source code, chip yield data, and confidential meeting transcripts to ChatGPT across three separate incidents within 20 days of the company lifting its internal ban on the tool. Under OpenAI's terms of service at the time, user inputs could be used to train and improve its models. Samsung restricted generative AI tools company-wide. Apple, JPMorgan Chase, Verizon, Citigroup, and Goldman Sachs followed with their own restrictions.

That was one company, three incidents, twenty days.

The pattern has not slowed. Research from Cyberhaven found that 11% of data employees paste into ChatGPT is confidential. Notion routes enterprise documents - customer lists, product roadmaps, salary structures, code repositories - through third-party model providers including Anthropic and OpenAI. Notion's terms of service state that content processed by AI features may be used to improve services and model performance, though enterprise customers can negotiate separate data retention terms. A 2026 investigation by Cambridge Analytica found that 73% of enterprise users surveyed incorrectly believed their data was deleted after AI processing.

The scale of the exposure
68% of organisations have experienced data leakage incidents related to employees sharing sensitive information with AI tools, according to Metomic's 2025 State of Data Security Report - yet only 23% have implemented comprehensive AI security policies. Private LLM development surged 340% in 2025, according to Gartner. The enterprise market is rejecting the "send us your data" model - but most multi-agent frameworks still require it.

The Competitive Advantage Problem

The data security framing, while accurate, understates the real cost. This is not primarily a cybersecurity issue. It is a competitive strategy issue. When an organisation feeds proprietary data into a centralised AI platform, three things happen:

The platform captures the value

The AI provider's model improves. Those improvements are distributed to every customer of that platform - including the organisation's competitors. The proprietary insight that took years to develop now subtly improves outputs for everyone who pays for the same API.

The organisation's differentiation erodes

The reason a company leads in its market is because it has accumulated knowledge, processes, and data that competitors cannot easily replicate. Every dataset submitted to a third-party training pipeline narrows that gap. The short-term productivity gain comes at the cost of long-term distinctiveness.

Intellectual property protection becomes legally uncertain

Courts are grappling with whether information that AI can reverse-engineer or synthesise from submitted data still qualifies as a legally protectable trade secret. Bloomberg Law reports that AI is fundamentally changing the 'readily ascertainable' standard for trade secret protection. Traditional categories of proprietary information - including customer lists - may lose legal protection as AI becomes more capable of extracting patterns from public data.

The organisations winning in their markets are winning because they do what they do exceptionally well. Sharing the substance of that excellence with a third-party platform - even indirectly, even through "anonymised" training data - is trading long-term competitive position for short-term operational convenience.

Private LLMs Solve Half the Problem

The market is responding. According to Techpinions' analysis of enterprise AI economics, self-hosted LLM inference can be 2.6 to 4.1 times more cost-effective than cloud API alternatives at scale. Snowflake and OpenAI announced a $200 million partnership in February 2026 built on "data gravity" - integrating AI models natively into the data platform rather than requiring data to be moved externally.

But private LLMs and data-gravity partnerships keep data secure within a single organisation's boundary. They do not address what happens when that organisation's AI agents need to interact with agents from other organisations - which is the entire premise of multi-agent systems.

A retailer's brand agent needs to communicate with a supplier's inventory agent. A logistics company's routing agent needs to coordinate with a warehouse operator's scheduling agent. A financial services firm's compliance agent needs to verify credentials with a regulator's verification agent.

Multi-agent coordination requires interaction. The question is whether that interaction requires surrendering the proprietary data, logic, and parameters that make each agent - and each organisation - distinctive.

The Centralisation Problem in Multi-Agent Systems

A recent paper from the University of Oxford and Fetch.ai - "Fetch.ai: An Architecture for Modern Multi-Agent Systems" (Wooldridge et al., 2025) - identifies a fundamental structural flaw in how the current generation of multi-agent frameworks operates. The paper was co-authored by Professor Michael Wooldridge, who wrote the defining textbook on multi-agent systems and has spent three decades researching how autonomous agents interact.

The Oxford finding
"Most existing LLM-based agent frameworks exhibit a strong bias toward centralised architectures, where a single orchestrator or 'meta-agent' coordinates all other agents." While this simplifies development, it introduces critical limitations that classical multi-agent systems research identified decades ago.

The paper documents four structural consequences of centralisation:

Single point of failure

The central coordinator becomes the system's vulnerability. If it is compromised, the entire ecosystem is exposed - every participant's data, logic, and interactions.

Scalability bottleneck

As the number of agents increases, the central coordinator becomes overwhelmed. All inter-agent communication must flow through a single point, creating latency and bottlenecks.

Limited autonomy

Agents in centralised systems have reduced autonomy, contradicting the fundamental principle that agents should be autonomous decision-makers operating their own logic.

Tool-poisoning attacks

The paper documents how Anthropic's Model Context Protocol (MCP) is vulnerable to attacks where a compromised tool can instruct an agent to extract sensitive data. In centralised architectures, one compromised tool can access data from every participant.

For the data sovereignty question, the implication is stark. In a centralised multi-agent architecture, every interaction between agents from different organisations passes through a shared orchestration layer. The orchestrator must process each agent's inputs to coordinate outputs. Proprietary data - merchandising logic, cost structures, routing algorithms, customer segments - becomes visible to the orchestration platform.

The problem compounds because the data surface is larger than single-agent scenarios. It is not just one organisation's prompts entering a shared pipeline. It is multiple organisations' proprietary logic, pricing rules, inventory data, and operational parameters flowing through a coordination layer that none of them control.

How Fetch.ai Solves This: Decentralised Multi-Agent Coordination

The Fetch.ai architecture - detailed in the Oxford paper - was designed from first principles to address the centralisation problem. The core insight: agents should coordinate through decentralised protocols, not through a central orchestrator that processes everyone's data.

1

Your agent runs your logic. On your infrastructure.

In Fetch.ai's uAgents framework, each agent is an autonomous program that executes its own logic locally. A retailer's brand agent runs the retailer's merchandising rules on the retailer's infrastructure. A supplier's pricing agent runs the supplier's cost models on the supplier's servers. No proprietary data leaves the organisation's boundary. The agent's internal logic - whether powered by a private LLM, a rules engine, or a combination - runs within the agent's own isolated environment.

2

Share outcomes, not data.

The Oxford paper details how Fetch.ai agents communicate using formally defined typed protocols - structured message schemas that both parties agree to - rather than sending raw data through a shared language model. When a retailer's agent queries a supplier's pricing agent, the interaction follows a defined protocol: a structured request goes in, a structured response comes back. The supplier's agent processes its proprietary cost models internally, then returns the price. The retailer receives the outcome. The underlying data, logic, and model that produced it never cross the organisational boundary.

3

Cryptographic identity ensures you know who you are talking to.

Every agent registered on the Almanac - Fetch.ai's on-chain registry - carries a cryptographically signed identity. The paper details the verification mechanism: each registration requires the agent to prove ownership of its address by signing a unique sequence number with its private key, verified on-chain. Before any data is exchanged, both parties confirm with mathematical certainty that they are communicating with a verified, authenticated agent - preventing the risk of interacting with unverified agents harvesting competitive intelligence.

4

Bring your own LLM. Bring your own parameters. Bring your own brand voice.

Fetch.ai agents can wrap and orchestrate any Large Language Model - including private, self-hosted models trained on proprietary data. An organisation that has invested in a domain-specific LLM can deploy it within its agent without exposing model weights, training data, or fine-tuning parameters to any other participant. The brand voice, response patterns, and domain expertise stay within the organisation's control. Other agents interact with the outputs. They never access the underlying model, data, or configuration.

The Future: Proving Without Revealing

The Oxford paper outlines a future direction that takes data sovereignty further: advanced cryptographic techniques including zero-knowledge proofs (ZKPs), multi-party computation (MPC), and confidential transactions.

These technologies enable an agent to prove something without revealing the underlying data. A supplier's agent could prove it has sufficient inventory to fulfil an order without disclosing exact stock levels. A financial services agent could verify a customer's creditworthiness without exposing their financial records. An organisation could demonstrate regulatory compliance without revealing the proprietary processes it uses to achieve that compliance.

Where this is heading
From agents that protect their data by keeping it local, to agents that participate in complex multi-party interactions while proving outcomes without ever exposing the inputs that produced them. The paper describes specific applications: "the issuance of verifiable credentials for agents, the ability for LLM agents to securely sign legal agreements, and the execution of private transactions that conceal sensitive details."

The Comparison

DimensionCentralised Multi-AgentFetch.ai Decentralised
Proprietary dataFlows through shared orchestrationStays within the organisation's boundary
Agent communicationOrchestrator processes all inputsTyped protocols exchange outcomes only
Data exposureSingle centralised aggregation pointIsolated agent environments, no aggregation
Value capturePlatform benefits from all participants' dataEach organisation retains full value
Trust modelRequires trusting the orchestration providerOn-chain cryptographic verification
LLM ownershipPlatform's model serves all agentsEach organisation brings its own
Agent identityUnverified or platform-issuedCryptographically verified on the Almanac
Attack surfaceOne compromised tool exposes all agentsIsolated environments with signed messages

The Strategic Calculation

The organisations that lead in their markets did not get there by sharing their proprietary knowledge with intermediaries. They got there by accumulating capabilities, data, and operational intelligence that competitors cannot replicate.

Multi-agent systems represent an enormous opportunity. AI agents that coordinate across organisational boundaries can automate complex workflows, reduce transaction costs, and create new commercial possibilities that no single organisation could achieve alone.

But that opportunity should not require surrendering the very thing that makes each organisation valuable. The data, the models, the logic, the brand voice - these are the competitive moat. Any multi-agent architecture that requires centralising this information is asking organisations to trade their long-term position for short-term coordination.

From the Oxford paper
"To the best of our knowledge, the Fetch.ai stack is the only deployed system with such overarching infrastructure for building trusted, secure, and economically viable agentic systems."

Your data is your moat. The agents should work for you, not the other way around.

Get Started

Want to explore what this means for your organisation?

Every business has different data, different competitive advantages, and different requirements for how their agents should operate. We would welcome a conversation about how decentralised multi-agent infrastructure can protect your proprietary data while enabling the coordination your business needs.

Book a ConversationRead the Oxford Paper

Sources

  • Wooldridge, M., Bagoly, A., Ward, J.J., La Malfa, E., Licks, G.P. "Fetch.ai: An Architecture for Modern Multi-Agent Systems." arXiv:2510.18699, University of Oxford and Fetch.ai (2025)
  • Samsung ChatGPT incidents (March-April 2023) - The Register, Cybersecurity News, Stealth Cloud
  • 11% of data pasted into ChatGPT is confidential - Cyberhaven Labs research (2023)
  • 68% of organisations experienced AI-related data leakage; 23% have AI security policies - Metomic, 2025 State of Data Security Report
  • Notion AI third-party model processing; 73% user perception gap - Cambridge Analytica investigation (2026)
  • Enterprise private LLM development surged 340% in 2025 - Gartner, via Techpinions
  • Self-hosted LLM inference 2.6-4.1x more cost-effective at scale - Techpinions enterprise AI economics analysis (2025)
  • Snowflake-OpenAI $200M partnership (February 2, 2026) - Snowflake press release, OpenAI, TechCrunch
  • AI changing trade secret "readily ascertainable" standard - Bloomberg Law (2024-2025)
  • AI tool restrictions: Apple (9to5Mac), JPMorgan Chase, Goldman Sachs, Citigroup (Business Insider), Verizon (Fortune) - various 2023
  • MCP tool-poisoning vulnerability - Anthropic (2024), referenced in Wooldridge et al. Section 4

Joe Hurst - Chief Revenue Officer

Joe.Hurst@fetch.ai