If your AI-generated code fails, who faces the most liability?
In the first article of this two-part analysis, we took a look Who owns the code? created by AI chatbots like ChatGPT and explore the legal implications of using AI-generated code.
Part I: Who owns the code? If ChatGPT’s AI helps write your app, does it still belong to you?
We will now discuss issues of liability and risk.
Functional responsibilities
To present this discussion, I turn to attorney and longtime Internet Press Association member Richard Santalesa. With his technology journalism background, Santalesa understands this issue from both a legal and technology perspective. (He is a founding member of SmartEdgeLaw Group.)
“Until court cases are heard to definitively answer this question, the legal meaning of AI-generated code is the same as human-generated code,” he advised.
Remember, he continues, that human-generated code is not error-free. There will never be a service level agreement that guarantees that the code is perfect or that users will experience uninterrupted service.
Also: ChatGPT and new AI are wreaking havoc on cybersecurity in exciting and scary ways
Santalesa also points out that it is rare for all parts of a piece of software to be developed entirely in-house. “Most programmers use SDKs and code libraries that they haven’t personally reviewed or analyzed but rely on anyway,” he said. “I think AI-generated code – for the time being – will be in the same bucket as the regulatory implications.”
Dear trolls
Sean O’Brien, lecturer on cybersecurity at Yale Law School and founder of Yale Privacy Labpoints out a risk that is undeniably worrying for developers:
The possibility that AI prompts can output proprietary code is very high, if we are talking about tools like ChatGPT and Copilot, which have been trained on a huge code repository of both open source and exclusive type.
We don’t know exactly what code was used to train the chatbot. This means we don’t know whether the code snippets output from ChatGPT and other similar tools are generated by the AI or simply repeating codewords it entered as part of the process. train.
Also: 5 ways to explore creative uses of AI in the workplace
If you’re a developer, it’s time to prepare yourself. Here’s O’Brien’s prediction:
I believe there will soon be a whole trolling sub-industry that mirrors patent trolls, but this time around AI-generated works. As more and more authors use AI-powered tools to submit code under exclusive licenses, a feedback loop will be created. There will be software ecosystems polluted by proprietary code and subject to cease-and-desist orders from enterprising companies.
O’Brien just mentioned the troll element and the hair on the back of my neck stood up. This is going to get very, very messy.
Canadian lawyer Robert Piasetina partner in the technology group at Canadian business law firm McMillan LLP, also points out that chatbots may have been trained in open source work and legal sources, in addition to copyrighted work. All such training data may include flawed or erroneous data (or algorithms) as well as the company’s proprietary data.
Also: AI scholar Gary Marcus makes a strong argument for AI regulation
“If AI is based on inaccurate, flawed or misleading information, the AI tool’s output can lead to a variety of potential claims, depending on the nature of the damage,” Piasentin explains. or the potential harm that the output may cause (whether directly or indirectly).”
Here’s another thought: Some will try to corrupt the training corpus (the source of knowledge the AI uses to provide their results). One of the things humans do is find ways to trick the system. So there won’t just be an army of legal scammers trying to find people to sue, but also hackers, criminals, rogue states, high school students and weirdos — all trying feeding false data into every AI they can find, either because of lulz or for much more nefarious reasons.
Maybe we shouldn’t focus so much on the dark side.
Who is at fault?
However, no lawyer is discussing who is at fault if AI-generated code leads to some catastrophic outcome.
Example: The company providing a product shares some responsibility for choosing a library with known shortcomings. If a product is shipped using a library with known exploits and the product causes an issue that results in tangible harm, who is responsible for that failure? Did the product creator, the library programmer, or the company choose the product?
Usually, it’s all three.
Also: ChatGPT’s newest adversary: the Supreme Court
Now add AI code into the mix. Clearly, much of the responsibility lies with the programmer who chooses to use AI-generated code. After all, that is It’s common knowledge that the code may not work and needs to be thoroughly examined.
In a full-blown lawsuit, would the complainants prosecute the companies that produce the AIs and even the organizations that source the content to train those AIs (even if done without permission)?
As every lawyer has told me, there is very little case law to date. We won’t really know the answer until something goes wrong, the parties go to court and get a thorough trial.
We are in uncharted waters here. My best advice now is to test your code thoroughly. Test, test and then test some more.
You can follow my daily project updates on social media. Be sure to follow me on Twitter at @DavidGewirtzon Facebook at Facebook.com/DavidGewirtzon Instagram at Instagram.com/DavidGewirtzand on YouTube at YouTube.com/DavidGewirtzTV.
