The Real AI Legal Risk Starts Before the Output
General counsel are asking the wrong questions about artificial intelligence and intellectual property. The focus on output liability-who owns an AI-generated image, who holds a patent on an AI-assisted invention-misses where legal exposure actually begins.
The critical risks emerge during model training, long before a system produces anything. By the time a company considers output liability, it has often already navigated a gauntlet of intellectual property and privacy dangers that most legal teams have not fully mapped.
What Goes Into the Model Matters Most
Large-scale AI models require enormous quantities of training data, and that data rarely arrives free of intellectual property claims. Copyright creates the most obvious exposure.
When training data consists of literary works, music, or photographs, infringement risk is direct. When it consists of facts, the risk shifts differently: copyright does not protect facts themselves, but it does protect sufficiently creative compilations of them. Organizations increasingly are structuring datasets to obtain those protections.
The fair use doctrine offers a potential defense where use is sufficiently transformative. Courts have cited the 2016 ruling in Authors Guild v. Google Inc. as a possible safe harbor, but courts have not yet applied it squarely to generative AI training.
The commercial scale of model training creates real tension with fair use analysis. Companies that document their data sources and make deliberate choices about licensed versus scraped content will fare meaningfully better in litigation.
Patent Risks at the Input Stage
Patent exposure at the input stage is subtler but potentially more disruptive. Two theories warrant serious attention.
Under US Code Section 271(a), if a model learns a patented method from training data and executes that method during inference, each inference run may constitute direct infringement. How the model learned the method is no defense.
Under Section 271(b), a company whose model generates instructions for performing a patented process may face induced infringement liability where users foreseeably follow them.
Neither theory has been resolved by the Federal Circuit in the AI context. Companies building models on technical corpora in life sciences, semiconductors, financial engineering, and cybersecurity should conduct freedom-to-operate analysis on the methods their models are trained to replicate, not just the outputs they produce.
Trade Secrets Can Vanish Permanently
Trade secrets are increasingly the IP protection vehicle of choice for organizations with valuable data. When sharing that data with third parties, organizations are crafting narrow licenses, robust confidentiality obligations, and meaningful audit rights.
A particular area of exposure is employee misuse of confidential information within third-party AI tools. When an employee inputs confidential business information into a platform whose terms permit using inputs for training, the harm is not merely disclosure. It may be the permanent destruction of trade secret status.
Under the Defend Trade Secrets Act and state analogs, protection depends on secrecy. Once information is incorporated into model weights queried by users worldwide, it is effectively in the public domain. There is no file to delete and no injunction that meaningfully restores the status quo, unlike an unauthorized cloud upload.
The reverse direction is equally serious. Companies training on publicly available data may unknowingly ingest information that was itself misappropriated before entering the public corpus-a former employee's GitHub post containing proprietary source code, or a contractor's blog reproducing internal methodology. Civil liability under the DTSA does not require intent.
Trade secret risk demands governance frameworks before training begins: AI tool vetting protocols, technical protections, thoughtful contracts, compliance monitoring, and training data provenance documentation.
Privacy Multiplies the Risk
Training data frequently contains personal information, whether intentional or not. Large publicly available datasets used for language model training often include personal information subject to privacy laws, particularly in the EU.
The most significant liabilities arise when training data comes from a company's own customers. This use case implicates foundational IP questions: Who owns the data? Does the company have the rights to use it for AI training? If personal information must be de-identified to satisfy privacy restrictions, does the company have the contractual right to de-identify it, use the result for its intended purpose, and commercialize it?
For general counsel, the practical imperative is to treat privacy and IP diligence as a single integrated workstream-not sequential checkboxes, but parallel disciplines applied from the earliest stages of AI development.
Companies that get this right will not just avoid liability. They will build AI systems on foundations that hold up.
Learn more: AI for Legal professionals and AI Learning Path for Paralegals offer resources on managing AI compliance and legal risks.
Your membership also unlocks:
