We just got back from the AIPLA Spring Meeting in San Francisco, and we’re still sorting through pages of notes. It was a packed two days. Panels on AI authorship and trade secrets, hallway conversations with practitioners wrestling with the same questions our clients raise every week, and a chance to compare battle scars with attorneys from across the country. The collegial energy was a reminder that the IP bar, for all its specialization, still moves through the world by handshake.
The throughline of the meeting was the speed at which doctrinal upheaval is hitting software companies on multiple fronts at once. The Supreme Court has just reshaped secondary copyright liability. The Copyright Office has redrawn the lines around AI-assisted authorship. Trade-secret discovery looks different than it did eighteen months ago. And every panel returned to a single operational refrain: document human involvement, do not rely on default vendor terms, and treat AI outputs as both an asset and a liability surface. Effective project management and oversight of the entire development lifecycle are essential to ensure compliance, operational efficiency, and successful outcomes for software companies.
Here are the five takeaways most worth your attention:
-
VENDOR TIERS: If your team is using consumer-tier AI tools (free or paid-individual ChatGPT, Claude, or Gemini accounts) to work on proprietary code, customer data, or anything you treat as a trade secret, you may be destroying trade-secret status the moment that input hits the model. Enterprise tiers contractually prohibit training on customer content; consumer tiers generally do not. The fix is policy, contract, and enforcement, not a hopeful conversation after the leak. Before evaluating any vendor, it is crucial to clearly define your goals and success metrics to guide the selection process and ensure alignment with the vendor’s capabilities.
-
TRAINING DATA PROVENANCE: If your company builds, fine-tunes, or integrates AI models, where your training data came from is now a first-order legal asset, not a footnote. Courts are sorting “fair use” claim-by-claim and dataset-by-dataset. Even where training is defensible, retaining pirated material creates separate, independent liability. Public availability is not a license, and platform terms of service are being enforced against scrapers regardless of what robots.txt says.
-
HUMAN AUTHORSHIP: Copyright still requires a human author, and the Copyright Office now applies a three-scenario framework to AI-assisted works. Whether AI-assisted code, UI assets, documentation, or marketing copy can be registered (and therefore enforced) depends almost entirely on contemporaneous documentation of human creative input. If your company is generating commercial work with AI tools, you need a recordkeeping practice that can survive examination. This process demands technical expertise from skilled software engineers to maintain robust solutions that support business growth and ensure high-quality, compliant deliverables.
-
TRADE-SECRET PARTICULARITY: Generic descriptions of “our algorithms” or “proprietary software” will not survive a trade-secret case. Courts continue to require plaintiffs to identify each asserted trade secret with specificity, including its exact identity, content, boundaries, and combinative elements. Recent appellate decisions have wiped out eight- and nine-figure verdicts where the plaintiff fell short. The time to build that catalog is before you need it, not in response to a discovery dispute when the meter is running. Leveraging industry expertise and operational efficiency is key to building and maintaining detailed trade-secret catalogs that withstand legal scrutiny.
-
SECONDARY LIABILITY AFTER COX: The Supreme Court’s March 2026 decision in Cox Communications v. Sony Music narrowed contributory copyright liability for ISPs, SaaS providers, and platforms. Plaintiffs can no longer prevail simply by showing that a service provider knew about user infringement and failed to terminate accounts; they have to plead inducement or a service tailored to infringement. The edges still bite, though. Services designed or marketed to facilitate infringement remain exposed, and a sound repeat-infringer policy is still worth having.
It was good to be back in a room full of people who think hard about these questions for a living, and we came home with a sharper picture of where software-company exposure is heading over the next twelve months. If any of the above sounds like it touches your business, think it through now, before a dispute lands on your desk. Creating, distributing, and maintaining digital programs, applications, and platforms, and integrating cybersecurity from the start of the development lifecycle is always more cost-effective than retrofitting security later.
