AI IP Year in Review – AI Tools Are Hard at Work—and So Are We

The era of experimental artificial intelligence (AI) pilots is ending, and enterprise-scale adoption has begun. Generative and foundation models now power every­day copilots that draft documents, HR agents that answer policy questions, and automated workflows that accelerate decision-making.

The promise is speed, scale, and smarter insights. Yet without disciplined governance, these same systems can create operational, legal, and reputational risk. Treating AI as a plug-and-play productivity tool rather than a managed system can invite costly mistakes.

As Bill Gates noted in AI Is About to Completely Change How You Use Computers, “Soon after the first automobiles were on the road, there was the first car crash. But we didn’t ban cars—we adopted speed limits, safety standards, licensing requirements, and other rules of the road.”[1] The same principle applies here: AI progress must be matched by policy, design, and oversight.

This article explores three common risk patterns in enterprise AI adoption: how they arise, why they matter, and what organizations might consider doing to guard against them.

1. Model Performance, Hallucination, and Version Drift

AI’s promise of speed and scale is only as strong as the accuracy of its outputs. When generative systems sound convincing but are wrong or outdated, trust erodes and the damage can be immense and spread quickly. Errors at the model level can quickly become governance issues at the enterprise level. A single flawed output can cascade through automated systems, policy documents, or customer interactions, amplifying the original mistake.

Two patterns drive this breakdown: hallucination and version drift.

Hallucination: Confidently Wrong

Hallucination occurs when an AI system fabricates information or sources that never existed. Hallucina­tions are a result of AI models’ probabilistic nature and their training to produce fluent, humanlike text even when uncertain. Real-life errors have ranged from complete fabrications of authority to small inaccura­cies within citations.

These mistakes often sound authoritative, which makes them dangerous. An invented citation in a legal memo or a misquoted policy in an HR document can quietly ripple through an organization before anyone notices. Once institutional trust is compromised, even verified outputs face skepticism. The cost is not just factual error but loss of confidence in the system itself.

Techniques such as retrieval-augmented genera­tion (RAG) and other fine-tuning of the AI system can reduce hallucination risk but cannot eliminate it altogether. The only reliable safeguard remains human verification, especially in functions like legal, compliance, finance, and policy, where precision determines accountability.

Version Drift: Outdated but Believable

Version drift is more subtle but can be just as costly. Version drift occurs when AI retrieves information that was once correct but no longer is (e.g., outdated poli­cies, contracts, or internal guidance that have fallen out of sync with reality). Unlike hallucination, version drift involves accurate retrieval of obsolete truth.

Version drift, just like hallucination, has caused havoc for companies, both in the media and in court. For example, in Moffatt v. Air Canada, a customer seeking bereavement fares asked the airline’s chatbot about discount eligibility. The bot confirmed the policy’s avail­ability and directed the passenger to purchase tickets and claim the discount later. However, Air Canada had discontinued bereavement fares months earlier. The chatbot, although wrong, did not hallucinate; it cited outdated internal guidance. The British Columbia Civil Resolution Tribunal held the airline liable, finding that a company bears responsibility for what its AI says on its behalf.[2]

This case demonstrates that version drift can turn outdated knowledge into a liability. In a regulated envi­ronment, “technically correct but no longer true” can still be grounds for accountability.

Version drift doesn’t just threaten accuracy; it can under­mine compliance, audit integrity, and customer trust. In global enterprises, local versions of policies or datasets may age at different rates, creating inconsistencies that quietly spread. In the age of generative systems, data freshness has become a form of compliance.

Mitigation Practices

• Timestamping and Versioning: Many organiza­tions might consider maintaining timestamps and version markers for retrieved content so that refer­ences to policies or documents reflect their most recent update dates.
• Regular ReIndexing of Knowledge Bases: It might be wise for content repositories to be refreshed on defined cycles—such as compliance or audit inter­vals—to keep indexed information aligned with current standards.
• Human-in-the-Loop Review: In areas involving higher sensitivity (e.g., HR, legal, compliance), it might be wise to incorporate review checkpoints to maintain oversight of AI-generated outputs.
• Monitoring Correction Latency: Organizations might consider tracking the time between the detection, correction, and redistribution of updated information as an indicator of information manage­ment responsiveness.
• Ownership for Data Freshness: It might be wise to designate data or knowledge steward roles to manage content life cycle processes, including version control and update governance.
• Automated Freshness Indicators: Metadata track­ing, API monitoring, or similar mechanisms may be used to signal when referenced sources approach or exceed a defined staleness threshold.

Accuracy is not merely technical; it is the foundation of trust. Organizations that treat data quality and model oversight as continuous disciplines, not one-time controls, are often best positioned to scale AI confi­dently and responsibly.

2. Integrating AI Responsibly: Governance, Accountability, and Oversight Gaps

AI adoption is outpacing most enterprise governance systems, creating a dangerous blind spot between perception and reality. Enterprises are often blind to how individuals are using AI to boost their performance. In McKinsey’s State of AI 2025 survey, nearly all exec­utives and employees reported familiarity with gener­ative AI—but leaders believed only 4% of employees used it regularly. However, the real number was likely three times higher.[3] Enterprises cannot manage what they cannot see, and many underestimate the extent of unsanctioned AI experimentation happening within their own walls.

When employees use unapproved AI tools to acceler­ate their work, sensitive data may leave secure envi­ronments, and unvetted models may influence deci­sions without proper oversight. Essentially, employees are running an invisible experimentation of AI tools, creating an enterprise liability. Leaders who lack visi­bility into which models are influencing operations or what data those models touch cannot credibly manage compliance, privacy, or reputational exposure.

Accountability and Regulatory Risk

Weak oversight is not just a technical risk—there are tangible business and regulatory consequences. Algo­rithmic decision tools have drawn external scrutiny when their outputs affect consumers without adequate transparency or review.

Recent cases involving AI‑enabled hiring systems illus­trate the risk. In 2025, a federal court allowed a nation­wide collective action to proceed against Workday after plaintiffs alleged that its AI‑driven applicant‑screening tools disproportionately rejected applicants over the age of 40 across multiple employers using the plat­form. The court found the claims plausible under the Age Discrimination in Employment Act and authorized the case to move forward, reflecting increasing judicial willingness to scrutinize automated hiring pipelines.[4]

In another prominent example, the Equal Employment Opportunity Commission reached a settlement in 2023 with iTutorGroup after alleging that its automated hiring software was programmed to automatically reject older applicants based on age thresholds embedded in the system—resulting in more than 200 qualified candi­dates being screened out solely due to age.[5]

AI enforcement actions underscore a broader lesson: automation does not absolve companies of account­ability. Enterprises deploying AI‑driven decision systems are increasingly expected to explain how deci­sions are generated, what data sources or proxies are used, and which safeguards keep outcomes within legal and ethical boundaries. Unexpected errors can lead to reputational damage and regulatory exposure. Gover­nance gaps, therefore, might include not only missing oversight structures but also the absence of clarity and explanations that regulators increasingly expect from organizations relying on automated decision tools.

Internal Development and Rollout of AI Tools

The following are considerations at a generic enter­prise level, but approaches to AI governance should be tailored to match the enterprise’s own structure, risk appetite, and technological maturity.[6]

• Leadership bodies often play a central role in shap­ing the organization’s AI risk posture by defining elements such as risk appetite, ethical boundaries, and oversight expectations. Regular visibility into AI deployments, identified risks, and compliance status is commonly part of governance reporting practices.
• Management functions typically translate governance expectations into operational processes. This can include assigning AI system ownership, establishing access and data controls, and incorporating respon­sible‑use training across departments. Management structures often emphasize traceability, documenta­tion, and review mechanisms across deployed models.
• Internal audit and assurance groups provide vali­dation and oversight by examining the effectiveness of controls, assessing transparency mechanisms, and reviewing the explainability and reproducibility of AI‑supported decisions.

Effective governance shields organizations from regu­latory surprise and maintains trust when AI operates in public contexts. Systems that are owned, reviewed, and documented by accountable humans generally operate predictably. Organizations that institutional­ize this discipline often adapt faster, avoid regulatory shocks, and strengthen confidence among clients, employees, and regulators alike.

3. Human Versus AI-Generated Code

Essentially, copyright laws exist to protect your origi­nal work from being copied or claimed by others. But what if that work was never fully yours to begin with? That question sits at the center of the legal uncertainty surrounding AI-generated code.

Copyright protection provides the legal protection of most software assets. But when code is generated, modified, or integrated using artificial intelligence, that foundation becomes uncertain. If no human author can be clearly identified, the resulting code may not qualify for copyright protection.[7] Therefore, without a human-backed system, an enterprise could lose the ability to defend, license, or monetize its own intellectual property.

At the same time, rapid advances in AI coding agents are accelerating this uncertainty. These agents have made significant progress on software engineering benchmarks—standardized tests that measure model performance. Developers increasingly describe a new working style—sometimes called “vibe coding”—where engineers articulate intent in natural language and rely on AI systems to write, refine, and debug entire soft­ware components.

Legal and Technical Risk

U.S. copyright law requires that creative works orig­inate from a human being. When AI tools such as GitHub Copilot or Amazon CodeWhisperer assist in writing or refactoring code, the line between human and machine authorship blurs. Adoption is accelerat­ing too: 65% of developers now use AI coding tools at least weekly.[8] Large portions of modern software may already include code that cannot be definitively attributed and therefore are not definitively owned.

This ambiguity also compounds legal risk. AI‑generated code can inadvertently reproduce, remix, or approxi­mate existing open‑source snippets under restrictive or incompatible licenses, introducing license contami­nation. For startups seeking investment or enterprises developing regulated products, these issues can trigger costly audits, force re‑architecture efforts, delay prod­uct launches, or create downstream legal exposure. Companies in regulated industries or those distributing commercial software are especially at risk.

Actionable Mitigation

To reduce ambiguity and still capture the benefits, it is often helpful to adopt structured documentation and governance practices around AI-assisted development:

• Marking AI Contributions: Some development teams may consider annotating portions of the codebase that were generated, modified, or influ­enced by AI tools to maintain visibility into the origin of specific code segments.
• Provenance Auditing: Version control platforms such as Git may be leveraged to trace authorship, track changes, and record human review activity associated with AI-assisted contributions.
• Documenting Human Oversight: Teams might consider maintaining records of prompts, review notes, and approval checkpoints to provide trans­parency into where and how human authorship and supervision occurred.
• Reviewing Open Source Dependencies. Open­source license reviews may be performed to understand whether AI-generated code introduces dependencies with restrictive or incompatible licensing terms.
• Developer Training and Supervision. Many orga­nizations might consider training on authorship standards and oversight expectations to reinforce the role of meaningful human contribution within AI-supported development processes.

The legal framework around AI-generated code is still evolving. U.S. copyright authorities have reaffirmed that protection requires meaningful human authorship. Until clearer international standards develop, docu­menting the human contribution in AI-assisted development remains a practical safeguard. Transparent attribution of human and AI contributions can allow teams to navigate the evolving landscape responsibly while continuing to leverage AI’s productivity benefits.

Conclusion

The enterprise AI landscape of 2025 mirrors the early stages of other tech revolutions: transformative, prom­ising, and still taking shape. Enterprise structures must evolve as quickly as the technologies themselves. The organizations that succeed will be those that treat AI not as a shortcut but as an engineering discipline. They will build strong guardrails early, so progress can accelerate safely and sustainably.

Sterne Kessler is uniquely situated to counsel clients interested in growing an AI program. Our own AI initia­tives reflect the integration of law, engineering, and ethics. Our approach allows us to scale responsibly while preserving the quality, accuracy, and trust that define our practice.

[1] Bill Gates, AI Is About to Completely Change How You Use Computers, Gates Notes, https://www.gatesnotes.com/meet-bill/tech-thinking/reader/ai-agents

[2] Moffatt v. Air Canada, 2024 BCCRT 149 (CanLII).

[3] Sheryl Estrada, “MIT report: 95% of generative AI pilots at companies are failing,” Aug. 18, 2025. https://fortune.com/2025/08/18/mit-report-95-percent-generative-ai-pilots-at-companies-failing-cfo/

[4]Mobley v. Workday, Inc., 3:23-cv-00770 (N.D. Cal. Feb. 21, 2023).

[5] Equal Employment Opportunity Commission v. iTutorGroup, Inc., 1:22-cv-02565 (E.D.N.Y.).

[6] The Institute of Internal Auditors, The IIA’s Artificial Intelligence Auditing Framework, “Part 3 – AI Auditing Framework,” updated 2024, https://www.theiia.org/globalassets/site/content/tools/professional/aiframework-sept-2024-update.pdf

[7]U.S. Copyright Office, Copyright and Artificial Intelligence Part 2: Copyrightability 10 (Jan. 2025), https://www.copyright.gov/ai/Copyright-and-Artificial-Intelligence-Part-2-Copyrightability-Report.pdf

[8] Stack Overflow, 2025 Developer Survey: AI, https://survey.stackoverflow.co/2025/ai#ai-agents-ai-agents

This article appeared in the 2025 AI Intellectual Property: Analysis & Trends Year in Review report.