The Sovereignty Problem: Who Actually Owns Your AI's Outputs?

Executive Summary

For the Reader in a Hurry

The Three-Sentence Version

When you use a cloud AI platform for professional work, you absorb the liability when it fails, you may not own the output it produces, and you have no contractual recourse against the vendor when its model changes and produces different results on the same facts six months later. This is not a hypothetical risk — it is the documented reality of how courts have handled AI-assisted legal malpractice, how regulators have framed AI-related medical liability, and what the major vendors' terms of service actually say when you read them carefully. A locally-deployed, zero-cloud AI model does not eliminate these risks, but it changes the liability picture materially: you control the tool, you know exactly what version produced a given output, and the vendor's contractual disclaimers are no longer part of your practice's risk landscape.

The Four Questions This Paper Answers

Who is liable when cloud AI fails in a professional context? Almost always the professional — not the vendor. Courts treat the physician-patient and attorney-client duties as non-delegable.
Who owns AI-generated work product? Under current U.S. law, possibly no one. The D.C. Circuit confirmed in March 2025 (cert. denied March 2026) that purely AI-generated works cannot be copyrighted. The human authorship question for AI-assisted work is still being litigated.
What do cloud vendor terms of service actually say about liability? They disclaim it entirely. Every major vendor. In every relevant tier.
Does the zero-cloud alternative solve these problems? Substantially yes on liability and auditability. Partially on the copyright question, which remains unsettled regardless of deployment model.

600+ Documented AI hallucination cases in U.S. courts since 2023

$0 Vendor liability in any documented AI malpractice case

0 Settled case law on AI output ownership in professional contexts

Section 01

The Core Asymmetry: Benefit to the Vendor, Risk to the Practice

The fundamental problem with cloud AI in professional settings is not that the technology is unreliable — though unreliability is a documented concern, examined in detail below. The fundamental problem is a structural asymmetry in how risk is distributed between the vendor who builds the tool and the professional who uses it.

The vendor collects subscription revenue. The vendor processes your confidential inputs. The vendor trains future model versions on usage patterns derived from your practice's data unless you have negotiated explicit contractual protections — which most SMB-tier customers have not. And when the AI's output causes professional harm, the vendor's terms of service ensure that the liability stays entirely with you.

This asymmetry is not the result of oversight or ambiguity. It is intentional, consistent across every major vendor, and legally airtight in its current form. It was designed by vendor legal teams whose job was specifically to ensure this outcome.

The Asymmetry in Plain Terms

Microsoft, OpenAI, Google, and Anthropic have collectively spent hundreds of millions of dollars on legal infrastructure. Their terms of service have been reviewed by teams of attorneys, updated in response to emerging case law, and stress-tested against every scenario their general counsels could anticipate. Your firm's or practice's relationship with that contract is not a negotiation between equals. It is a contract of adhesion — take it or leave it — written entirely to protect the vendor.

The sections that follow examine the three dimensions of this asymmetry: liability for professional failures, ownership of AI-generated work product, and what happens when the model changes out from under you.

Section 02

The Documented Record: AI Hallucinations in Professional Practice

The risk of AI-generated errors in professional work is not theoretical. It has been documented in hundreds of cases across the U.S. court system since 2023, and the rate is accelerating. Understanding the record is necessary before analyzing the legal framework — because the law's response has been shaped directly by these cases.

The Landmark Case: Mata v. Avianca (S.D.N.Y. 2023)

The case that first brought AI hallucination to wide professional attention was Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. 2023). An attorney used ChatGPT to research legal precedents for a personal injury filing. The brief cited six cases — all fabricated by the AI. When opposing counsel could not locate the cases, the court ordered the attorneys to produce them. They could not. The presiding judge fined the attorneys $5,000 and referred the matter for professional discipline, writing that the conduct reflected a "failure to grasp the distinction between the practice of law and the marketing of legal products."^[1]

The fine was modest. The professional consequences — bar referrals, reputational damage, and the extended public record — were not.

The Escalating Record: 2023–2026

S.D.N.Y.
2023

Mata v. Avianca, Inc.

ChatGPT fabricated six case citations in a personal injury brief. Attorneys unable to produce the cases when challenged. First major AI hallucination sanctions case in federal court.

$5,000 Sanction · Bar Referral

E.D. Tex.
2024

Gauthier v. Goodyear Tire

AI-generated hallucinated citations submitted in court filing. Court imposed monetary sanction and issued guidance on attorney obligations when using generative AI tools.

$2,000 Sanction

N.D. Ala.
2025

Johnson v. Dunn et al.

Defense attorneys used ChatGPT to prepare motions containing fabricated citations. Court found "extreme dereliction of professional responsibility." Attorneys disqualified from the case and referred to the state bar.

Disqualified · State Bar Referral

S.D. Ind.
2025

Mid Cent. Operating Eng'rs v. HoosierVac

AI-generated hallucinations in court filings. Court recommended a $15,000 sanction — the largest recommended monetary penalty in an AI hallucination case to date — and noted that prior fines had proven insufficient as deterrents.

$15,000 Recommended Sanction

6th Cir.
2026

Whiting v. City of Athens

First circuit-level sanctions ruling on AI-generated fake citations. Two Tennessee attorneys sanctioned under Rule 38 for citing over 24 fabricated cases. Court held use of fake citations was "misconduct in arguing the appeal" — not mere sloppiness.

Rule 38 Sanctions · Circuit Court

These are not isolated incidents involving careless solo practitioners. Since mid-2023, more than 600 cases of AI-driven legal hallucinations have been documented in U.S. courts, with at least 200 recorded in the first eight months of 2025 alone. Researchers tracking the phenomenon have reported a rate of two to three new cases per day as of late 2025. The Stanford RegLab found that some AI tools generate hallucinated legal content in one out of three queries.^[2]

The pattern in every case is the same: the attorney is sanctioned, referred to the bar, or both. The AI vendor is not a party to the proceeding. The vendor's terms of service are not at issue. The professional bears the consequence alone.

The Judicial Trend

Courts are not becoming more lenient as AI use becomes more common — they are becoming less lenient. The Johnson v. Dunn court specifically noted that "if fines and public embarrassment were effective deterrents, there would not be so many cases to cite." The trajectory of sanctions is upward in both monetary amount and professional consequence. The Sixth Circuit's 2026 ruling elevates this to the appellate level. This is not a problem that will become more forgiving over time.

Source: Johnson v. Dunn et al., N.D. Ala., July 23, 2025; Whiting v. City of Athens, 6th Cir., 2026 WL 710568.

Section 03

The Legal Malpractice Framework

The hallucination cases above involve sanctions for filing false material with a court. But the liability landscape for legal AI extends beyond sanctions for fabricated citations. It encompasses the full scope of legal malpractice — the civil cause of action that a client brings against an attorney whose negligence causes harm.

The Non-Delegable Duty Problem

Legal malpractice rests on a principle that courts have applied consistently for over a century: the attorney's duty to the client is personal and non-delegable. An attorney cannot discharge that duty by pointing to a tool, a vendor, or a technology that failed. When a client is harmed by AI-assisted legal work, the attorney who supervised or produced that work is the responsible party — not the AI system, not the company that built it.

This principle predates AI entirely. It was developed in the context of associates who missed deadlines, paralegals who made errors in documents, and legal research services that provided incomplete results. In each context, courts have held that the supervising attorney bears ultimate responsibility. The same principle applies with full force to AI-generated legal work.

The ABA Standing Committee on Ethics and Professional Responsibility issued its first opinion on generative AI in July 2024, affirming that attorneys using AI tools remain subject to all existing professional conduct obligations — competence, supervision, and candor to the tribunal — regardless of what tool generated the work product.^[3]

The Supervision Standard

What does adequate supervision of AI-generated legal work require? The emerging consensus from bar opinions, court decisions, and ethics commentary points to the following: the attorney must verify all factual and legal claims in any AI-generated work product before filing or delivering it to a client; must understand the AI tool well enough to identify the types of errors it is prone to making; and must have a documented process for that verification.

"I used AI and it looked right to me" is not a defense. It has not been a defense in any of the cases above. Courts have treated it as an aggravating factor, not a mitigating one — because it suggests the attorney did not understand the limitations of the tool they chose to rely on.

The Harder Question Coming

The hallucination cases to date have involved obvious failures — fabricated citations that don't exist. The harder cases, not yet fully litigated, involve subtler failures: AI-generated contract analysis that misses a material risk, AI-assisted due diligence that overlooks a recorded lien, AI-drafted legal advice that is technically accurate but strategically wrong for the specific client's situation. In these cases, the AI's output won't be obviously fabricated. It will be plausible, confidently stated, and wrong in ways that require expert analysis to identify. Those cases will be harder to defend and the professional exposure will be larger.

Section 04

The Medical Malpractice Framework

The legal framework for AI-related medical liability is developing along parallel lines — and the same fundamental asymmetry applies. The physician's duty of care to the patient is non-delegable. The AI vendor is not part of that relationship.

The Current State of the Law

As of mid-2026, there are no landmark AI medical malpractice cases that have reached verdict or settlement on the core question of AI liability.^[4] This does not mean the risk is absent — it means the cases are early in the pipeline. The legal framework being built now will govern claims filed years from now, based on AI use happening today.

What courts have consistently signaled, based on analogous EHR and clinical decision support cases, is that the physician's use of an AI output does not transfer liability to the AI vendor. The question courts will ask is not "did the AI fail?" but "did the physician exercise appropriate clinical judgment in interpreting and acting on the AI's output?"

Based on existing EHR-related malpractice cases, courts tend to focus primarily on how the physician interpreted and acted on the software's output — and the same reasoning is expected to apply to AI, given that the physician-patient duty of care is non-delegable.

The Regulators Have Spoken

Regulatory bodies have been explicit. The Federation of State Medical Boards suggested in April 2024 that its member medical boards should hold clinicians, not AI makers, liable if AI makes a medical error — treating AI as a tool whose output falls within the physician's scope of professional responsibility.

This is the regulatory consensus: the physician who uses AI in clinical practice is responsible for the AI's output in the same way they are responsible for the output of any diagnostic tool they choose to employ. The vendor's design decisions, training data, and known failure modes are not the physician's concern to litigate — they are the physician's obligation to understand before using the tool clinically.

The Insurance Signal

Some malpractice insurers have revised their policies in response to AI — introducing AI-specific exclusions, while others require physicians to undergo AI training to remain covered. When malpractice insurers begin adding exclusions specifically for AI-related claims, that is a market signal about how the underwriting community expects those claims to be resolved. It is not a signal that AI risk is being priced into vendor liability. It is a signal that AI risk is being priced into physician liability.

The Catch-22 of Standard of Care

Medical AI creates a documented professional trap. As AI tools become more widely adopted among physicians, not using available AI may eventually become a deviation from the standard of care — an act of omission that exposes a physician to liability. At the same time, relying too heavily on AI outputs without adequate clinical oversight is already a recognized risk. The professional must navigate both exposures simultaneously, with no clear bright line between appropriate use and over-reliance — and no help from the vendor's terms of service in either direction.

Source: Medical Economics, "The new malpractice frontier," May 2026; Sara Gerke, University of Illinois College of Law, 2025.

Section 05

Who Owns the Output? The Copyright Vacuum

The liability question — who is responsible when AI fails — has a reasonably clear answer: the professional. The ownership question — who owns AI-generated work product — has no clear answer at all. This creates a second, independent problem for practices that use cloud AI: the work product they produce may not be protectable intellectual property.

The Current Legal Landscape

U.S. copyright law has required human authorship since the Copyright Act of 1976. The U.S. Copyright Office has maintained this position consistently, and federal courts have now confirmed it twice at the appellate level. The D.C. Circuit held in Thaler v. Perlmutter, on March 18, 2025, that human authorship is a bedrock requirement for copyright registration, and that an AI system cannot be deemed the author of a work. The court's decision aligns with the U.S. Copyright Office's January 2025 report reaffirming the necessity of human authorship for copyright protection. The Supreme Court declined to hear the case in March 2026, leaving the D.C. Circuit's ruling as the controlling authority.^[5]

The practical implication: a work produced entirely by an AI system cannot be registered for copyright. If a law firm or medical practice produces a document using a cloud AI tool, the copyright status of that document depends on how much human creative input was involved — and that line has not been drawn clearly by any court.

The Gradient Problem

The Copyright Office's January 2025 report specifically addressed the question of AI-assisted works — works that involve both human input and AI generation — and declined to draw a bright line. It concluded that prompts alone are insufficient to establish human authorship, that the degree of human creative control is the relevant variable, and that courts will need to resolve specific cases as they arise.^[6]

This creates a genuine gray zone for professional work product. A legal brief drafted primarily by an AI tool, reviewed and edited by an attorney, occupies an uncertain position in the copyright framework. The attorney's edits may be sufficient to create copyright in the portions they authored. The AI-generated portions may be in the public domain. The integrated document may be partially protectable and partially not — with no reliable way to draw the line before a court rules on the specific facts.

The Competitive Intelligence Problem

For a law firm, copyright-unprotected work product has an immediate practical consequence: it cannot be controlled. If an AI-generated legal brief, contract analysis, or due diligence report is not protectable intellectual property, there is no legal mechanism to prevent a competitor from copying it. Work product developed at professional rates, for a specific client's matter, may have no more IP protection than a generic form document. Firms that invest significantly in AI-assisted work product development may find they have created a public good, not a competitive asset.

The Vendor's Non-Answer

Most cloud AI vendors' terms of service nominally assign ownership of outputs to the customer. OpenAI's terms, for example, state that the customer owns the output generated using their inputs — subject to applicable law. The phrase "subject to applicable law" is doing significant work in that sentence. If applicable law says the output cannot be copyrighted, the vendor's contractual assignment of ownership is an assignment of nothing.

The U.S. Copyright Office has maintained its position that works generated entirely by AI without meaningful human authorship are not eligible for copyright registration. This means customers may not be able to claim copyright protection over outputs AI produces for them — a fact that vendor terms of service do not clearly disclose.

Section 06

What the Terms of Service Actually Say

The terms of service for the major cloud AI platforms are not difficult to read. They are difficult to read carefully — because reading them carefully requires accepting the implications of what they say. The key clauses are consistent across all major vendors and address three topics: liability disclaimers, data use rights, and indemnification.

Liability Disclaimers

Every major cloud AI vendor disclaims liability for the accuracy, completeness, or fitness for purpose of its outputs. The standard formulation — "as is," "without warranty," "no liability for damages arising from use" — appears in some form in OpenAI's Terms of Use, Microsoft's Azure OpenAI Service Terms, Google's Gemini Terms of Service, and Anthropic's usage policies.^[7] These disclaimers are broad, clearly written, and have not been successfully challenged in any professional malpractice context to date.

Liability Distribution: Cloud AI Platform vs. Professional Practice
Scenario	Vendor Exposure	Practice Exposure
AI hallucinates a case citation filed in court	None (ToS disclaimer)	Sanctions, bar referral, malpractice claim
AI produces flawed clinical recommendation acted upon by physician	None (ToS disclaimer)	Medical malpractice claim, licensing review
AI generates contract analysis missing material risk	None (ToS disclaimer)	Legal malpractice claim, client damages
AI output used in business decision that causes financial loss	None (ToS disclaimer)	Professional liability, breach of duty claim
AI-generated work product copied by competitor	None (copyright issue is yours)	No recourse if output is not copyrightable

Data Use Rights

The terms governing how vendors use customer inputs vary by tier and have been updated repeatedly as scrutiny has increased. At consumer and most SMB business tiers, vendors typically reserve the right to use inputs to improve their services — which may include model training. At enterprise tiers, with additional contractual protections, this right is generally restricted or eliminated. The significant majority of law firms and medical practices in the U.S. operate at tiers where these protections are minimal or absent.^[8]

The practical implication: when a physician dictates a clinical note into a cloud AI system, or an attorney describes a client matter to obtain AI-assisted analysis, that input may be retained by the vendor and used to improve the model that will serve other customers — including, potentially, opposing counsel.

Indemnification

Some enterprise-tier vendors offer limited intellectual property indemnification — promising to defend customers against copyright infringement claims arising from the AI's outputs. Microsoft's Copilot Copyright Commitment is the most prominent example. These indemnifications are narrower than they appear: they apply to copyright claims arising from the training data, not to claims arising from the outputs' content, accuracy, or fitness for professional use. They do not address malpractice exposure, professional sanctions, or the copyright ownership question for AI-generated work product.

Section 07

The Temporal Problem: When the Model Changes

This section addresses a liability dimension that has received almost no attention in professional AI discourse, and that we believe will become increasingly significant as AI use in professional practice matures.

Cloud AI models are updated continuously, without notice to users and without documentation of what changed. This creates a specific and underappreciated professional risk: the AI tool that produced a given output last quarter may not be the same tool that would produce an output today, on the same facts, for the same prompt.

The Consistency Problem in Practice

Consider a concrete scenario. An attorney uses a cloud AI tool in January to analyze a contract and advise a client that a particular clause does not create material liability. The attorney relies on the AI's analysis, reviews it with professional judgment, and delivers the advice in good faith. In July, the vendor silently updates the underlying model. If the same contract were analyzed with the updated model, it might identify the clause as a significant risk. The client suffers harm from the clause in August.

In a malpractice proceeding, the relevant question is whether the attorney exercised reasonable professional judgment in January. But the attorney cannot demonstrate what the AI tool produced in January, because the tool no longer exists in the form it existed then. There is no version record. There is no audit trail. The tool that produced the output is not the tool that currently runs under the same interface. The attorney is left to reconstruct their analysis without the ability to show what their AI-assisted process actually produced.

The Audit Trail Problem

Professional accountability requires the ability to reconstruct process. An attorney defending a malpractice claim must be able to show what research was done, what sources were consulted, and what analysis was performed. A physician defending a clinical decision must be able to show what information was available at the time and what decision-support tools were used. A cloud AI system that silently updates its underlying model destroys the audit trail for every professional decision made using the prior version. The output may be preserved in the file. The tool that produced it is gone.

The Temporal Liability Gap

Independent research has documented measurable behavioral changes in major cloud AI models between versions — including regressions in factual accuracy, instruction-following, and domain-specific reasoning.^[9] These changes happen without advance notice, without changelog documentation available to professional users, and without any mechanism for the practice to test its specific workflows against the new model before the update is deployed.

This creates a liability gap with no current legal resolution: if a professional relied on an AI tool in good faith, and that tool later behaved differently on the same inputs, who bears responsibility for the gap? Based on the non-delegable duty frameworks discussed above, the answer is the professional. The vendor's terms of service confirm it. No case has yet tested this specific scenario — but the legal framework for its resolution already exists, and it does not favor the professional practice.

Section 08

How Zero-Cloud Deployment Changes the Calculus

The liability picture described in the preceding sections applies specifically to cloud-hosted AI platforms, where the practice does not control the model, cannot audit its provenance, and operates under terms of service designed to insulate the vendor from all professional risk. Zero-cloud, locally-deployed AI changes each of these conditions.

What Changes With Local Deployment

The vendor's ToS disclaimers become largely irrelevant. When you deploy an open-weight model on your own hardware, you are not using the vendor's service. You are using open-source software under its model license — a fundamentally different legal relationship that does not involve the same liability-shifting terms.
The model version is fixed and documented. A frozen local model has a name, a version number, and a model card. The practice can demonstrate precisely what tool produced a given output on a given date, and can reproduce that output using the same model version at any future point. This is the audit trail that professional accountability requires.
The temporal problem is solved by design. A locally-deployed model cannot be silently updated. If the practice chooses to upgrade to a new model version, that upgrade is an event — documented, deliberate, and testable against existing workflows before deployment. The attorney's January analysis was produced by the same tool that the practice can demonstrate today, because that tool has not changed.
Your inputs stay on your hardware. Client communications, clinical notes, and confidential matter descriptions processed by a local model never leave your network. There is no third-party data use right, no model training on your confidential inputs, and no exposure to the data sovereignty risks discussed in White Paper No. 1.

What Does Not Change

Honesty requires clarity on the limits of the zero-cloud answer. Local deployment does not eliminate the non-delegable duty of professional supervision. The attorney or physician who uses a locally-deployed AI tool remains responsible for verifying its outputs — just as they would be with any other analytical tool. Local deployment does not make the AI infallible, and it does not transfer liability to the model's original developers when the model is used under an open-source license.

The copyright ownership question is also not fully resolved by local deployment. Thaler v. Perlmutter and the Copyright Office's January 2025 report address the copyrightability of AI-generated works generally — regardless of whether the AI is cloud-hosted or locally deployed. The degree of human creative input required for copyright protection applies to both deployment models.

What zero-cloud deployment does is remove the specific, avoidable risks created by the cloud vendor relationship: the contractual disclaimers, the silent model updates, the data use rights, and the version opacity that destroys the professional audit trail. These are not minor risks. They are the structural features of cloud AI deployment that make the liability asymmetry as severe as it is.

The Defensibility Argument

In a professional liability proceeding, the question is often not whether the professional made the right decision, but whether they made a reasonable, defensible process. A practice that can say "we used a known, validated, version-controlled AI tool, we verified its outputs against professional standards, and we documented our process" is in a substantially stronger position than a practice that says "we used whatever version of ChatGPT was running at the time." The zero-cloud approach does not guarantee a favorable outcome. It provides the documentation infrastructure that a defensible professional process requires.

Section 09

What Professional Practices Should Do Now

The legal framework governing AI in professional practice is being written in real time. The cases being decided now, the bar opinions being issued now, and the regulatory guidance being published now will define the standard of care for AI use in law firms and medical practices for the next decade. Practices that establish sound AI governance now — before the standard is fully codified — are establishing that governance in an environment where they have the most flexibility. Practices that wait will be required to meet a standard established by others' mistakes.

Immediate Steps Regardless of Deployment Model

Establish a written AI use policy. Every professional who uses AI in client or patient work should operate under a documented policy that specifies what tools are approved, what verification is required before AI-generated content is used in professional work product, and who is responsible for that verification.
Verify every AI output that enters a professional work product. This is not optional. It is the professional standard as articulated by bar associations, medical boards, and courts. "The AI said it" is not a defense. The supervising professional must be able to verify the substance independently.
Document AI use in matter files. When AI is used in the preparation of a legal filing, clinical documentation, or client deliverable, that use should be noted in the matter file — including what tool was used, what version, and what verification steps were taken.
Read your vendor's terms of service. Specifically: the liability disclaimer, the data use rights, and the indemnification provisions. Understand what you have agreed to before you rely on a tool for professional work.

For Practices Evaluating Zero-Cloud Deployment

Prioritize auditability as a procurement criterion. The ability to document what tool produced a given output, and to reproduce that output at a future date for verification, is a professional accountability requirement — not a preference. Any AI deployment model that cannot satisfy it creates liability exposure.
Assess your current cloud AI agreements. Most SMB-tier cloud AI agreements were signed without careful review of their liability and data use provisions. A one-time review of the actual terms in effect is a reasonable first step.
Request a zero-cloud assessment. AI Driven offers a practice-specific evaluation of your current AI tools against the professional accountability standards described in this paper, and a concrete analysis of what a zero-cloud alternative would look like for your specific workflows.

Section 10

Conclusion

The sovereignty problem in professional AI use has three dimensions, and they converge on the same practical conclusion. When AI-generated work product fails, the liability flows to the professional, not the vendor — by design, by contract, and by the non-delegable duty principles that govern both legal and medical practice. When AI-generated work product succeeds, the copyright ownership of that output is legally uncertain, potentially unprotectable, and poorly disclosed by the vendors who market these tools to professional users. And when the vendor silently updates the model between the time the output was produced and the time it must be defended, the professional loses the ability to reconstruct the process that produced it.

None of these problems is solved by better AI tools. They are solved by better AI governance — by knowing what tool you used, what version, when, and why, and by having a deployment model that gives you that knowledge by design rather than by contractual negotiation with a vendor whose interests are not aligned with yours.

The practices that navigate this landscape successfully will not be the ones that adopted AI earliest or used the most capable models. They will be the ones that used AI on terms that permitted professional accountability — with version control, audit trails, deliberate upgrade decisions, and the ability to stand behind their process in any proceeding that asks them to.

That is what zero-cloud deployment provides. This paper, and the series it completes, is an argument for treating AI governance as a professional obligation rather than a technology preference. The legal framework being built right now will enforce that obligation. The time to get ahead of it is before the first claim, not after.

Know What Your AI Is Doing — Before a Court Asks

We will assess your current AI tools against the professional accountability standards described in this paper, and show you what a zero-cloud alternative would look like for your specific workflows.

Request a Practice Assessment →
← White Paper No. 3: The Model Collapse Problem ← All White Papers

Section 11

References

Mata v. Avianca, Inc., 678 F. Supp. 3d 443 (S.D.N.Y. 2023). First major federal court sanctions order arising from AI-hallucinated legal citations. $5,000 fine imposed; bar referral issued.
Stanford RegLab / CodeX. Analysis cited in multiple 2024–2025 press accounts finding that certain AI legal research tools generate hallucinated content in approximately one in three queries. Primary data: Stanford University CodeX Center for Legal Informatics.
ABA Standing Committee on Ethics and Professional Responsibility, Formal Opinion 512: Generative Artificial Intelligence Tools, July 2024. Affirms that attorneys using AI tools remain subject to existing professional conduct obligations including competence, supervision, and candor to the tribunal.
Sermo / Healthcare Brew / Medical Economics, multiple reports, 2025–2026. As of mid-2026, no landmark AI medical malpractice cases have reached verdict on the core liability question; expert consensus is that the legal framework being built now will govern future claims.
Thaler v. Perlmutter, 130 F.4th 1039 (D.C. Cir. March 18, 2025). D.C. Circuit affirmed that human authorship is required for copyright protection and that an AI system cannot be recognized as an author under the Copyright Act of 1976. Certiorari denied, Supreme Court of the United States, March 2, 2026 (Case No. 25-449).
U.S. Copyright Office, Copyright and Artificial Intelligence, Part 2: Copyrightability, January 2025. Reaffirmed human authorship requirement; concluded that prompts alone are insufficient to establish human authorship; declined to draw a bright line for AI-assisted works pending further judicial guidance.
OpenAI, Terms of Use, openai.com, March 2024. Microsoft, Azure OpenAI Service Terms, January 2025. Google, Gemini Terms of Service, February 2025. Anthropic, Usage Policy, anthropic.com, current. All contain liability disclaimers, warranty exclusions, and "as is" service provisions.
Bennett Jones LLP, "We signed what?!": The Hidden Hazards of Vendor AI Terms and Conditions, November 2025. Analysis of data use provisions across major AI vendor agreements at consumer and SMB tiers.
Chen, L., Zaharia, M., & Zou, J. (2023). How is ChatGPT's behavior changing over time? arXiv:2307.09009. Documents statistically significant behavioral changes in GPT-4 and GPT-3.5 between versions, including regressions in factual accuracy and instruction-following.
Johnson v. Dunn et al., Case No. 2:21-cv-1701 (N.D. Ala., July 23, 2025). Attorneys disqualified and referred to state bar for submitting AI-hallucinated citations; court noted that "if fines and public embarrassment were effective deterrents, there would not be so many cases to cite."
Whiting v. City of Athens, Nos. 24-5918/5919, 25-5424, 2026 WL 710568 (6th Cir. 2026). First circuit-level sanctions ruling on AI-generated fake citations; Rule 38 sanctions imposed for citing over 24 fabricated cases; court held the conduct was "misconduct in arguing the appeal," not mere sloppiness.
AI Driven, Zero Cloud AI: What Law Firms and Medical Practices Need to Know, aidriven.pro/whitepaper.html, May 2026.
AI Driven, The Model Collapse Problem: Why Your Cloud AI May Be Getting Dumber, aidriven.pro/whitepaper3.html, July 2026.