Navigating the Legal Landscape of AI-Generated Code: Ownership and Liability Challenges

Programming is rapidly transforming from a manual, line-by-line exercise into an iterative collaboration between programmers and their large language model (LLM) of choice. Working inside modern integrated development environments (IDEs), developers now collaborate with LLMs, steering them with natural language prompts and iteratively refining the code they produce.

This approach of using artificial intelligence (AI) as an assistant or agent is rapidly becoming industry standard. For example, Microsoft CEO Satya Nadella recently estimated that 30% of Microsoft’s production code is now generated by AI. Similarly, Meta CEO Mark Zuckerberg projected that nearly half of Meta’s codebase will be AI-generated this year, with that proportion expected to grow.[1] Google’s chief scientist, Jeff Dean, goes even further, anticipating a future dominated by “virtual engineers,” AI-driven agents capable of planning, coding, testing, and deploying software with minimal human oversight.[2]

As companies dive head-first into AI-generated coding, they must navigate several thorny legal concerns. While this article will not attempt to unpack every issue arising from the AI-coding revolution, it will cover two fundamental issues: (1) who owns AI-generated code, and (2) who is responsible when flaws in AI-generated code lead to real‑world failures?

Ownership of AI-Generated Code

In the United States, copyright protection hinges on human authorship. Both case law and the U.S. Copyright Office agree that copyright protection is available only for works created through human creativity.[3] Thus, works predominantly generated by AI, without meaningful human authorship, are not eligible for copyright protection.[4]

Accordingly, when code is produced solely by an AI, companies cannot obtain copyright protection for that code. Because such output is ineligible for copyright, it may be freely used by anyone unless safeguarded by another form of legal protection (e.g., trade secret).

Even so, companies with AI-assisted codebases still have meaningful avenues to protect their interests. The Copyright Office emphasizes the distinction between AI-assisted works and content that is generated entirely by AI. Importantly, when human developers substantially participate in the creation process, copyright protection may still be available.

When a human programmer provides sufficient creative input, such as iterative prompting, editing, and refining of the output, then copyright ownership may attach to the human author or, through employment agreements, to their employer. Accordingly, a forward-thinking business practice may be to ensure clear documentation of human involvement in AI-assisted development (for example, logs of what prompts were used to obtain what parts of the codebase).

Of course, when copyright protections do not apply, companies can pursue trade secret protection. There is a theoretical issue of whether AI-generated code qualifies as a trade secret when it was previously known and provided to the AI as training data. This would be a fact-specific analysis. However, general best practice for companies leveraging AI-generated code should be to maintain strict confidentiality and security measures to ensure the viability of any trade secret protections.

Liability Concerns and AI-Generated Code

AI‑generated coding not only challenges companies seeking to safeguard their intellectual property, it also exposes them to potential liability risks. These risks range from inadvertent copyright infringement to code defects and security vulnerabilities that flawed AI outputs can introduce.

The issue of copyright infringement in AI‑generated code is being litigated in cases such as Doe v. GitHub, where the plaintiffs allege GitHub Copilot reproduces licensed code without proper attribution, potentially infringing their copyrights.[5] Although the district court dismissed most of the plaintiffs’ claims, the case is now on appeal to the Ninth Circuit. Thus, the legal uncertainty and risks for businesses deploying AI‑generated code remain significant, especially if there ends up being a circuit split on this issue among the appellate courts.

Furthermore, although traditional negligence and product‑liability principles still apply, courts have yet to clarify exactly how responsibility for errors should be apportioned between AI tool developers and the companies that utilize these tools. Seeking to limit their exposure, most AI tool providers prominently display warnings such as “AI can make mistakes—verify the output” and include warranty disclaimers that seek to push much of the due diligence burden back onto the businesses integrating AI‑generated code.

Conclusion

As always, human creativity and oversight forms the cornerstone of both ownership of creative works and risk management associated with those works. By documenting human contributions, enforcing clear compliance policies, and maintaining rigorous review and oversight, businesses can harness AI’s promise of efficiency with minimal impact to their intellectual property protection and without exposing themselves to unnecessary liability.

[1] https://www.youtube.com/watch?v=WaJOONFllLc.

[2] https://www.youtube.com/watch?v=dq8MhTFCs80.

[3] Naruto v. Slater, 888 F.3d 418 (9th Cir. 2018).

[4] https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf.

[5] Doe v. GitHub, No. 3:22-cv-06823-JST (N.D. Cal. 2023).