'Honeypot' Suit Spotlights Nuances of Trade Secret Law

On March 17, 2026, MyCard, Inc. (d/b/a Knot) filed a bombshell complaint in the District of Delaware, alleging that it had caught Atomic FI, Inc. red-handed for misappropriating Knot’s trade secrets. 

Knot described in the complaint that it had planted a “honeypot” in the form of a random, non-functional, 37-character string in its Authentication Integrations Source Code, and that the identical 37-character string was found in Atomic FI’s source code.[1] 

Indeed, Knot alleges that the odds of this happening without the alleged theft is an eye-catching 1 in 13,763,753,091,226,345,046,315,979,581,580,902,400,000,000.[2] Knot alleges that Atomic FI resorted to copying Knot’s software in an attempt to compete with Knot after a failed attempt to work together.[3]

While Knot’s allegations grabbed headlines, there appear to be key trade secret issues that require resolution before any final judgment can be passed. 

For legal observers, this case involves far more than allegations of copying; it also features typically fact-intensive questions under the Defend Trade Secrets Act of whether Knot’s alleged trade secrets were really secret and whether there were reasonable measures to protect the alleged secret.

What Knot Says the Trade Secrets Are

Knot markets itself as solving “Merchant Connectivity,” and its software products such as CardSwitcher^TM  are marketed to merchants as an easy way for customers to update their payment information and an easier onboarding experience overall.[4]  In the complaint, Knot identifies its trade secrets as pertaining to the following categories:

• The source code for Knot’s backend API that “manages the full lifecycle of automated merchant interactions,” including for 4 of its product offerings such as CardSwitcher^TM. This includes “Authentication Integrations Source Code,” or AISC, which it describes as a subset of its broader proprietary code base that enables biometric authentication—particularly Apple Face ID—to work inside Knot’s merchant-connectivity products;[5]
• Knot’s SDKs for client-side execution;[6]
• Merchant configuration files, build processes, and automation scripts.[7]

Knot describes that the honeypot was added to its AISC code in June 2025, and that the 37-character string was a hardcoded parameter appended to a URL that is used to trigger the Face ID security feature on iOS devices.[8]

How did Atomic FI Gain Access to Knot’s Source Code and the Alleged Honeypot

One of the first questions that emerged in this case was how Atomic FI gained access to Knot’s source code and the alleged honeypot. This question raised an important factual issue: did Knot take adequate measures to protect its trade-secret source code? The preliminary injunction briefing shows that this has become one of the key battlegrounds in the case. 

Knot alleges that Atomic FI’s production JavaScript bundle on February 25, 2026 contains a copy of portions of Knot’s AISC source code, including the honeypot. Beyond the honeypot, Knot also alleges the Atomic FI source code reflects parallel variable names, identical Boolean checks, the same phased authentication architecture for validating Face ID, the same fallback URL usage when Face ID is not validated, and the same cookie-related pattern for authentication sequence as corroborating signs that Atomic FI worked from Knot’s code.[9] 

Atomic FI attempted to refute Knot’s trade secret misappropriation claims by alleging that portions of Knot’s source code, including the alleged honeypot, are publicly available and that Atomic FI “lawfully observed” Knot’s SDK. 

Atomic FI explaineed that every client-side SDK has to expose certain portions of its code in order for the software to properly integrate with a merchant application.[10] 

Atomic FI went on to argue it’s routine in the industry for developers to examine how competing products function, and anyone with a basic understanding of app development can observe how another company’s SDK works by studying its integration with a merchant application.[11] Atomic FI argues this observation does not require bypassing any firewalls or passwords. 

Finally, Atomic FI suggested that much of the “corroborating” evidence cited by Knot consists of constructs or requirements imposed by third-party merchants, basic programming tools, or represents general practices for companies developing authentication software.[12]

As expected, Knot heavily disputes that its source code is publicly available. Knot recites a series of measures it undertakes to keep its technology and source code secret, including the secure repositories and firewall protection used to securely store the source code, the encryption of the communications between the SDK and servers, and the terms of services it imposes on anyone who signs up for a Knot account to access the SDK.[13] 

Knot also argues that its source code cannot just be “observed” and postulates that Atomic FI may have deployed a man-in-the-middle attack or data scraping to obtain the source code.[14] 

At the April 2, 2026 hearing on the preliminary injunction, it appears that Atomic FI’s Chief Technology Officer testified how he could download the JavaScript file containing Knot’s “honeypot code” from a publicly accessible URL back on November 6, 2025, using a web browser and the option to “view page source.”[15] He further testified that he used a man-in-the-middle app called “Proxyman” to inspect, debug, and understand the network traffic but not to initiate a malicious attack.[16]

What has emerged is a potentially fact-intensive dispute over whether the alleged trade secret was actually secret and whether reasonable measures were taken to protect Knot’s source code. 

Atomic FI has argued that it is industry practice to conduct competitive intelligence through observing how a competitor’s SDK integrates with a merchant application. 

The court may decide it needs more discovery to ascertain what the industry practice is around competitive intelligence or that it needs more information about what can be “observed” about the source code underlying the SDK. 

There is also the question of whether this alleged competitive intelligence industry practice adequately explains how the 37-character string ended up in Atomic FI’s code. 

So while the initial headline focused on copying, the first pivotal argument that has emerged tests the boundary of what constitutes improper acquisition, publicly available, and reasonable measures to protect.

Practical Takeaway

On April 2, 2026, after having a hearing on the preliminary injunction motion, the court denied the motion as moot. Because the transcripts are sealed, it’s unclear why the motion became mooted. 

Should the case proceed forward, it will remain interesting to legal observers to see whether the court will need full discovery, including expert discovery, to decide the issues identified in this article. 

Another fact-intensive inquiry will likely surround the activities of two Atomic FI engineers identified in Knot’s reply brief in support of its request for preliminary injunction. Knot alleged these two Atomic FI engineers conducted an unusual amount of testing on Knot’s platform, further suggesting their activity supports a picture of misappropriation. 

Businesses that engage in competitive testing of their competitors’ products ideally would have guidelines for their employees on what activities are and are not permitted. 

The employees engaged in gathering competitive intelligence should attend regular training based on these guidelines. Training employees will help reduce the risk of trade secret misappropriation allegations being levied against a company. 

Subscribe to Farella Insights by topic and author here.