Who Owns AI-Written Code? What CTOs, Developers, and Procurement Teams Need to Know

May 18, 2025, 08_28_21 AM

Generative AI is transforming how software is written. Tools like GitHub Copilot, Claude, Cursor, and OpenAI Codex are now capable of suggesting full functions, refactoring legacy modules, and scaffolding new features, in seconds.

But as this machine-authored code finds its way into production, a critical question arises:
Who owns it and who’s responsible if something goes wrong?

In this post, we’ll unpack the legal grey areas, highlight risks around licensing and attribution, and offer practical guidance on how teams can safely adopt AI-assisted development tools.


Four Leading AI Coding Tools And How They Differ

Let’s start with a quick overview of the most popular options on the market:

🧠 GitHub Copilot (powered by OpenAI by default)

  • Suggests code directly in the IDE (VS Code, JetBrains)
  • Trained on a large corpus of public GitHub repositories
  • Copilot Enterprise allows integration with your private repos (e.g., on GitHub Enterprise)
  • Offers limited indemnity for paid users, plus admin controls

💬 Claude (Anthropic)

  • Available via web UI and API; excels at long-context reasoning
  • Often used with code pasted in for review, explanation, or refactoring
  • Less IDE-native, but powerful for complex code analysis or design feedback

🖥 Cursor

  • A developer-focused IDE based on VS Code with built-in AI chat
  • Connects to your own codebase, enabling “context-aware” suggestions
  • Supports multiple models (Claude, GPT-4, etc.)
  • Keeps local context private by default (depending on model provider)

⚙️ OpenAI Codex

  • Powering tools like Copilot and the OpenAI API’s /v1/completions endpoint for code
  • Developers can build their own apps or plugins using Codex directly
  • Highly customisable, but offers no built-in safeguards or context management

Each tool differs in model transparency, context privacy, licensing protections, and enterprise readiness. These factors are key when choosing tools for production environments.


Who Owns AI-Generated Code?

In most jurisdictions:

  • Only humans can own copyright, meaning code produced purely by an AI may not be legally owned at all.
  • If a developer prompts the model and modifies the result, human authorship can be claimed.
  • However, legal precedent is evolving, and different countries may interpret this differently over time.

This matters because unowned or ambiguous code could be:

  • Freely copied or reused by others
  • Unprotectable under IP law
  • A risk in M&A, due diligence, or IP disputes

The Real Risk: Training Data and Open Source Contamination

Most LLMs used for code generation were trained on public datasets, often including open source code. That creates two primary legal risks:

1. Inadvertent Inclusion of Copied Snippets

  • Some AI tools have reproduced exact or near-exact copies of open source code
  • This may expose you to GPL or SSPL licence obligations

2. Lack of Attribution

  • Licences like MIT or Apache require giving credit
  • AI tools don’t include attribution headers unless prompted

GitHub Copilot, for example, has faced criticism for potentially emitting code identical to snippets from public repos. While rare, it’s possible, and puts the onus on developers to check.


Enterprise Features That Reduce Risk

If you’re planning to use AI tools across a team or organisation, prioritise features that mitigate compliance and legal exposure:

Private Codebase Integration

  • Copilot Enterprise and Cursor can restrict model access to your own repos only
  • This improves relevance while avoiding training-data surprises

Prompt Isolation and Data Privacy

  • Claude and OpenAI’s API offer controls to disable data logging or sharing
  • Some platforms allow you to run models in a fully private environment

Reference Transparency

  • Cursor and some LLM wrappers can show source URLs for completions
  • This allows developers to manually validate licences

Indemnity and Commercial Terms

  • GitHub Copilot for Business offers limited indemnity against claims
  • For critical IP, look for signed contracts with your vendor, not just terms of service

How to Use AI Code Generators Safely

Whether you’re using Copilot, Claude, or any other tool, these principles apply:

🧾 1. Treat AI as a third-party contributor

  • Review, test, and document AI-generated code just as you would with open source
  • Avoid direct copy-paste of long completions without editing

🔍 2. Scan for licensing risk

  • Run code scans (e.g. FOSSA, Snyk, or GitHub Advanced Security) to identify similarities to existing OSS
  • Watch for suspicious patterns or license headers

📚 3. Maintain usage policies

  • Define when AI tools can and cannot be used (e.g. not in core IP or patented code)
  • Track model usage and train teams to review AI output critically

🛡 4. Address it in contracts

  • For client work or commercial products, ensure deliverables include:
    • Warranties of originality
    • Indemnity for IP issues
    • Disclosure of AI involvement if relevant

When to Avoid AI-Generated Code

Use extra caution when:

  • Developing core IP, patents, or client-critical software
  • Operating in regulated industries like finance or healthcare
  • Building software where open source obligations would be unacceptable

In those cases, consider disabling AI suggestions or using them only for exploratory work—not production code.


Legal Landscape: Still Evolving

The law is trying to catch up:

  • The EU AI Act includes provisions on traceability and transparency
  • In the US and UK, copyright regulators are investigating AI authorship
  • Lawsuits (e.g. against GitHub and OpenAI) could shape how AI training and output are regulated

For now, you carry the risk. So policies and process matter more than ever.


The Future: Trusted AI Tools with Built-In Governance

As adoption grows, the winners in this space will be those who offer:

  • Clear audit trails
  • Transparent model training disclosures
  • Enterprise licensing and indemnity
  • Private deployment options
  • Fine-tuned models trained only on your codebase

This is where tools like GitHub Copilot Enterprise, Cursor, and self-hosted models (e.g. using Azure OpenAI with your own vector database) are gaining traction.


In Summary: Build with AI, But Build Smart

AI-powered coding tools are here to stay. They boost velocity, improve quality, and reduce boilerplate—but they don’t remove your responsibilities.

  • Own your process
  • Validate your output
  • Secure your rights
  • Protect your clients

With the right governance, AI can be a powerful co-pilot—not a legal landmine.

Control your own destiny

Talk Think Do is an industry-leading cloud application development company, offering application innovation services that support clients from project discovery to post go-live support. Our expertise extends to developing software for various operating systems, ensuring seamless integration and performance across different platforms.

During the discovery phase, we work alongside clients to fully define and clarify the goals of the project, to ensure that they receive an application that meets all of their unique business requirements. We can advise on whether you might benefit from owning the source code of your application, helping to minimise risks in delivery and ensure that every decision is made with your best interests at heart. This source code is crucial for creating and managing computer programs that drive cloud-native applications. Book a consultation today to discuss how our application innovation service could help you.

Table of Contents

    Get access to our monthly
    roundup of news and insights

    You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

    See our Latest Insights

    Implementing RAG AI Search on On-Premise Files with our AI Search Accelerator

    As demand for AI‑powered tools like Microsoft Copilot grows, many organisations are asking the same question: “How can we harness the power of generative AI without moving our sensitive data to the cloud?” In this guide, we’ll explain why Retrieval‑Augmented Generation (RAG) is so effective for on‑premise data and walk through a practical approach using…

    Learn More

    Using AI to Strengthen ISO 27001 Compliance

    Preparing for our ISO 27001:2022 recertification, and a transition from the 2013 standard, was no small task. As a custom software company handling sensitive client data, we hold ourselves to high standards around security and compliance. But this year, we approached the challenge differently. We built and deployed a custom AI Copilot agent to help…

    Learn More

    When Open Source Goes Closed: Commercialisation, AI, and the Future of Software Dependence

    Open source software has been a cornerstone of modern development for two decades. It’s fast to adopt, battle-tested by communities, and, most importantly, free. But lately, “free” has started to come with fine print. From infrastructure tools to developer libraries, many open source projects are turning commercial. For developers, software buyers, and architects alike, this…

    Learn More

    Legacy systems are costing your business growth.

    Get your free guide to adopting cloud software to drive business growth.