What is a Fractional General Counsel?

A Fractional GC gives you senior-level legal leadership — the kind of judgment you'd get from a $250K+ in-house hire or $900/hour Big Law partner — on a predictable monthly retainer. You get the expertise without the overhead.

What types of startups do you work with?

We work primarily with venture-backed startups from pre-seed through Series B across SaaS, fintech, healthtech, and emerging technology.

How is this different from a traditional law firm?

Traditional firms bill by the hour, staff junior associates on your work, and take days to respond. Flux provides senior counsel directly, charges a flat monthly fee, and communicates on Slack, email, or video — however your team works.

What does flat-fee pricing include?

Each tier includes a defined scope of legal support. No hourly tracking, no surprise invoices. If something falls outside your plan, we'll tell you upfront before any additional work begins.

Can you help with fundraising?

Yes — from SAFEs and convertible notes to priced equity rounds. We handle investor negotiations, term sheet review, deal documentation, and closing execution for Seed through Series B.

What's the relationship between Flux and Rubicon Law?

Flux is a productized offering powered by Rubicon Law, a boutique firm with 20+ years of experience advising hundreds of startups. You get Rubicon's depth of experience in a streamlined, subscription-based format.

How quickly can I get started?

Book a free intro call. If we're a fit, most clients are onboarded within a week. No lengthy engagement letters or committee approvals.

AI and IP Ownership: Who Owns What Your Startup Builds with AI Tools

Your engineers use GitHub Copilot. Your marketing team generates copy with ChatGPT. Your designers create mockups with Midjourney. Your product team prototypes with AI coding assistants that write entire modules from a prompt.

Here's the question most startup founders haven't asked: do you actually own any of it?

The legal framework for AI-generated intellectual property is unsettled, evolving, and — for startups building on AI-assisted workflows — a source of real commercial risk. This matters because your IP is likely your most valuable asset. It's what investors are underwriting, what acquirers are buying, and what your competitive moat depends on. If the ownership of that IP is uncertain, everything built on top of it is uncertain too.

This post covers the current state of AI and IP ownership: what the U.S. Copyright Office has said, how courts are trending, what your employment agreements may or may not cover, how investors evaluate AI IP risk, and the practical policies every startup should implement.

The Copyright Office Position on AI-Generated Works

The U.S. Copyright Office has issued increasingly detailed guidance on AI-generated content, and the core principle is clear: copyright requires human authorship.

The Thaler Cases

In February 2022, the Copyright Office refused to register a visual artwork created autonomously by an AI system called DABUS, finding that copyright law requires a human author. The D.C. District Court affirmed this decision in Thaler v. Perlmutter (2023), holding that "human authorship is a bedrock requirement of copyright."

This means purely AI-generated works — content created by an AI system without meaningful human creative input — are not copyrightable. They enter the public domain upon creation.

The Zarya of the Dawn Decision

The more nuanced — and more practically relevant — guidance came from the Copyright Office's 2023 decision on Zarya of the Dawn, a graphic novel that combined human-authored text with AI-generated images from Midjourney.

The Copyright Office registered the copyright in the human-authored text and the overall selection and arrangement of the work, but denied copyright in the individual AI-generated images. The key distinction: elements where a human made creative choices (selecting, arranging, editing) were protectable. Elements generated autonomously by the AI were not.

The 2023 Registration Guidance

In March 2023, the Copyright Office issued formal registration guidance requiring applicants to:

Disclose AI-generated content in copyright applications
Disclaim AI-generated portions of the work that lack human authorship
Demonstrate that human authors exercised creative control over the AI-generated elements — not merely by providing prompts, but through selection, arrangement, and modification of the output

The 2025 Report and Beyond

The Copyright Office's ongoing study of AI and copyright has produced additional reports addressing training data, licensing, and the scope of human authorship. While legislation is pending, the current framework rests on the human authorship requirement with an increasingly detailed analysis of what constitutes sufficient human involvement.

What This Means for Startups

The Copyright Office position creates a spectrum:

Level of Human Involvement	Copyright Status
Fully autonomous AI output (no human creative input)	Not copyrightable — public domain
AI output selected and arranged by human	Potentially copyrightable in the selection/arrangement, not the individual outputs
AI-assisted creation (human provides substantial creative direction, edits, modifies)	Likely copyrightable
Human creation with AI as a tool (like spell-check or autocomplete)	Copyrightable — AI is merely a tool

Most startup use of AI falls in the middle two categories. Your engineers aren't having AI write entire codebases autonomously — they're using Copilot to generate functions they then review, modify, integrate, and debug. Your designers aren't accepting raw Midjourney outputs — they're iterating, composing, and refining.

The question is whether the human involvement in your specific workflow is sufficient to support copyright. And the honest answer, today, is: it depends, and the law hasn't fully resolved where the line falls.

Ownership of AI-Assisted Code

For technology startups, code is the primary IP asset. AI coding assistants are now ubiquitous — GitHub Copilot, Cursor, Amazon CodeWhisperer, Tabnine, and others. The ownership question is layered.

Layer 1: Is the Code Copyrightable?

As discussed above, code produced with meaningful human involvement — writing prompts, reviewing suggestions, modifying output, integrating into a larger codebase, debugging, and testing — is almost certainly copyrightable. The AI is functioning as a tool, analogous to an IDE's autocomplete, not as an autonomous author.

However, a block of code generated entirely by an AI from a simple prompt, accepted verbatim without modification, and used as-is may not be copyrightable. In practice, this describes very little production code — engineers almost always modify, integrate, and test AI suggestions before committing them. But the risk exists at the margins.

Layer 2: Who Owns the Copyright?

Even if the code is copyrightable, the question of who owns it depends on:

Work for hire. If an employee creates the code within the scope of their employment, it's a work made for hire under Section 101 of the Copyright Act. The employer is the author and owns the copyright. This applies regardless of whether the employee used AI tools — the AI is a tool, like a compiler or an IDE.

Independent contractors. Work made for hire rules are narrower for contractors. The company needs an explicit IP assignment agreement to own contractor-created code. If the contractor used AI tools and the resulting code isn't copyrightable, there may be nothing to assign.

AI tool terms of service. Most AI coding tools assign output ownership to the user:

GitHub Copilot: GitHub's terms state that suggestions belong to the user. GitHub does not claim copyright in Copilot output.
OpenAI (ChatGPT, API): OpenAI assigns all right, title, and interest in output to the user, subject to the terms of service.
Anthropic (Claude): Similar — output ownership is assigned to the user.

But these assignments are only meaningful if the output is copyrightable in the first place. If the AI-generated code isn't copyrightable, the tool's ToS assignment is assigning rights to something that doesn't have rights to assign.

Layer 3: Training Data Contamination

AI coding assistants are trained on vast repositories of open-source and proprietary code. There is a non-trivial risk that AI-generated suggestions reproduce, substantially or verbatim, code from training data that is subject to:

Open-source licenses (GPL, AGPL, MPL, LGPL) that impose copyleft obligations — meaning your entire codebase could be subject to open-source licensing requirements if AI-generated code triggers copyleft provisions. See our post on open-source licensing for a deep dive on copyleft risk.
Proprietary licenses that prohibit reproduction without authorization
Copyright held by third parties who did not consent to their code being used as training data

The Doe v. GitHub class action (filed 2022, still pending as of early 2026) directly challenges whether AI coding tools that reproduce licensed code violate open-source licenses and copyright. Regardless of how that litigation resolves, the risk that AI-generated code contains fragments of copyrighted or copyleft-licensed code is real and should be managed.

CIIA Implications: Can Employees Assign AI-Generated Work?

Your Confidential Information and Inventions Assignment (CIIA) agreement is the bedrock document that ensures the company owns what employees create. But CIIAs were drafted for a world where humans authored inventions and works. Does the standard CIIA cover AI-assisted output?

The Assignment Clause

A typical CIIA assignment clause reads something like:

Employee hereby assigns to the Company all right, title, and interest in and to all Inventions and Works of Authorship that Employee makes, conceives, reduces to practice, or creates, either alone or jointly with others, during the period of employment...

The key verbs are "makes," "conceives," "reduces to practice," and "creates." When an employee uses an AI tool to generate code, did the employee "create" it? If the employee provided the prompt, reviewed the output, and integrated it into the codebase, the answer is almost certainly yes — the employee created it using AI as a tool.

But if the employee generated output that isn't copyrightable (because the human involvement was insufficient), there's an argument that there are no assignable rights to transfer. The CIIA assigns "all right, title, and interest" — but if there's no copyright interest, there's nothing to assign.

Updating Your CIIA

To address AI-specific gaps, consider updating your CIIA to:

Explicitly cover AI-assisted work. Add language stating that the assignment covers all work product created using AI tools, regardless of the level of AI involvement, to the fullest extent permitted by law.
Assign non-copyright rights. Even if AI-generated work isn't copyrightable, it may have value as trade secrets, or the company may have rights based on the compilation, selection, or arrangement. The CIIA should assign all rights, not just copyright.
Require disclosure of AI tool usage. Employees should be required to disclose when AI tools are used in creating work product. This allows the company to assess copyright status and manage risk.
Impose AI usage policies. The CIIA (or a referenced policy) should specify which AI tools are approved, what types of prompts are permitted (no proprietary code or confidential information in prompts), and what level of human review is required before AI-generated output is committed.
Address training data risk. Require employees to use AI tools with code-screening features enabled (e.g., Copilot's "filter matching public code" option) and to avoid knowingly incorporating AI-generated output that appears to reproduce third-party code.

The "Prior Inventions" Problem

Most CIIAs include a schedule where employees list prior inventions they want to exclude from the assignment. With AI tools, a new question arises: if an employee uses a personal AI tool to generate code outside of work, and that code is similar to work they later create for the company, does the CIIA's "prior inventions" exclusion apply?

This is an edge case, but it illustrates the broader point: CIIAs drafted before the AI era need updating. The core framework is sound — assign everything created during employment — but the definitions and procedures need to account for AI-assisted workflows.

How Investors Diligence AI IP Risk

If you're raising a round, expect investors (and their lawyers) to ask about AI IP. The sophistication of these questions has increased dramatically since 2023. Here's what they're looking for:

1. AI Tool Usage Inventory

Investors want to know which AI tools your team uses, for what purposes, and under what terms:

Which coding assistants are used? Which plans (free vs. enterprise)?
Are employees using consumer-grade AI tools (ChatGPT free tier) with different ToS than enterprise versions?
Is AI being used to generate customer-facing content, code, designs, or internal tools?
What percentage of your codebase was AI-assisted?

2. IP Assignment Chain

Investors trace the chain of title from creation to company ownership:

Are all employees and contractors under CIIAs with AI-specific provisions?
Do your CIIAs predate widespread AI tool usage? Have they been updated?
Are there gaps — contractors without IP assignments, founders who started coding before the company was formed?

For a comprehensive discussion of IP assignment chains and common gaps, see our post on IP assignment agreements.

3. Copyright Registration Strategy

Investors may ask whether you've sought copyright registration for key software:

Have you disclosed AI involvement in any copyright registrations?
Are you following the Copyright Office's guidance on AI-generated content?
What is your assessment of the copyrightability of your core codebase?

4. Open-Source and License Compliance

AI-generated code creates incremental open-source risk:

Do you use code scanning tools (FOSSA, Snyk, Black Duck) to detect license-contaminated code?
Have you identified any AI-generated code that appears to reproduce open-source licensed code?
What is your process for reviewing AI-generated code before it's merged?

5. Trade Secret Protection

Even if AI-generated work isn't copyrightable, it may be protectable as a trade secret:

Are employees inputting proprietary code, algorithms, or data into AI tools?
Are your prompts and fine-tuning data treated as confidential?
Do your AI tool agreements protect the confidentiality of your inputs?

What Investors Are Really Asking

The meta-question behind all of this is: if someone challenged the company's IP ownership, would it hold up? Investors aren't expecting perfect legal certainty — the law is too unsettled for that. They're looking for:

Awareness — the company understands the risks
Process — the company has policies and procedures to manage the risks
Documentation — the company can demonstrate compliance
Defensibility — the company's IP position is as strong as current law allows

A startup that says "we use AI tools but haven't thought about IP implications" is a red flag. A startup that says "we use AI tools, here's our policy, here are our updated CIIAs, and here's our code review process" is well-positioned.

Practical Policies Every Startup Should Implement

1. AI Acceptable Use Policy

Create a written policy that covers:

Approved tools. Specify which AI tools are approved for use in creating company work product. Enterprise plans typically have better IP terms than consumer plans — GitHub Copilot for Business, for example, includes an IP indemnification that the individual plan does not.

Prohibited inputs. Employees should never input into AI tools:

Source code from proprietary projects (unless using an enterprise tool with data privacy protections)
Trade secrets, confidential business information, or customer data
Code subject to restrictive licenses
Information covered by NDA or attorney-client privilege

Required review. All AI-generated code should be reviewed by a human engineer before being committed to the repository. The review should assess:

Functionality and correctness
Potential reproduction of third-party code (flag anything that looks like a verbatim copy of a known library)
License compliance
Security vulnerabilities (AI-generated code has documented security weaknesses)

Documentation. Consider requiring engineers to tag commits that include significant AI-generated content. This creates an audit trail for future IP diligence.

2. Enterprise Tool Selection

Choose AI tools with startup-friendly IP terms:

IP ownership assignment. The tool's ToS should assign output ownership to the user/company.
Indemnification. Enterprise plans from GitHub, Microsoft, Google, and Amazon include IP indemnification for AI-generated output. This means the tool provider will defend you if someone claims the output infringes their IP. Individual plans typically don't include this.
Data privacy. Enterprise plans typically promise not to use your inputs (prompts, code) to train models. Consumer plans may not make this promise — meaning your proprietary code could end up in the training data for the next model version.
Code filtering. Some tools offer features that filter output matching known public code. Enable these.

3. Updated Employment Agreements

As discussed above, update your CIIA to explicitly cover AI-assisted work. Also update:

Offer letters to reference the AI acceptable use policy
Contractor agreements to include AI-specific IP assignment language
Consulting agreements to require disclosure of AI tool usage

4. Code Scanning and Compliance

Implement automated tools to scan your codebase for:

License compliance. Tools like FOSSA, Snyk Open Source, or Black Duck identify code that matches known open-source libraries and flag license conflicts.
Code similarity. Some tools can detect code that closely matches publicly available code, which may indicate AI-generated code that reproduced training data.
Security vulnerabilities. AI-generated code may contain security flaws that a human engineer might not have introduced. Automated security scanning (SAST/DAST) is essential.

5. Copyright Registration Strategy

For key IP assets, consider proactive copyright registration:

Register software, documentation, and content with the Copyright Office
Disclose AI involvement as required by the registration guidance
Claim copyright in the human-authored elements and the overall selection and arrangement
Keep records of the human creative process (design documents, iteration history, code review comments) that demonstrate human authorship

Registration isn't required for copyright to exist, but it's required to sue for infringement and provides significant damages advantages (statutory damages and attorneys' fees). For your core product, it's worth the effort.

6. Trade Secret Hygiene

Even if some AI-generated elements aren't copyrightable, your overall system — the combination of code, architecture, training data, prompts, fine-tuning, and business logic — is almost certainly protectable as a trade secret. Maintain trade secret protection by:

Restricting access to proprietary systems on a need-to-know basis
Using enterprise AI tools with data privacy protections
Not publishing proprietary prompts, fine-tuning data, or model weights
Including trade secret provisions in employee and contractor agreements
Marking confidential materials as confidential

Open-Source Model License Pitfalls

Many startups build products on open-source AI models — LLaMA, Mistral, Stable Diffusion, BLOOM, Falcon, and others. The licenses for these models are not traditional open-source licenses, and they contain provisions that can create significant commercial risk.

"Open Source" Doesn't Mean What You Think

Most AI model licenses are custom licenses that borrow some concepts from open source but include important restrictions:

Meta's LLaMA license restricts use by companies with more than 700 million monthly active users and prohibits using the model to train other models. It also includes an acceptable use policy that restricts certain applications.
Stability AI's licenses have varied across model versions, with some versions using Creative Commons (for research) and others using custom commercial licenses.
Mistral's licenses vary by model — some are Apache 2.0 (genuinely open source), others are custom.

Key Risks

Copyleft-like obligations. Some model licenses require you to share modifications, fine-tuned weights, or derivative models under the same license. This can conflict with your business model if you're building proprietary applications on top of the model.

Use restrictions. Many model licenses include acceptable use policies that prohibit certain applications (surveillance, weapons, deception). If your product evolves into a restricted use case, you may be in breach.

Attribution requirements. Some licenses require attribution in your product or documentation. Failing to provide required attribution is a license violation.

Output ownership. Some model licenses include provisions addressing output ownership. Read them carefully — you need to confirm that the license grants you rights to commercialize the model's output.

Indemnification gaps. Open-source model licenses typically provide no indemnification. If the model generates output that infringes a third party's IP, you bear the risk entirely.

Practical Steps

Read the actual license. Not the blog post about the license. The actual license text. For every model you use in production.
Track model versions. License terms can change between model versions. Pin your dependencies and review license terms when you upgrade.
Maintain a model inventory. Document which models you use, under which licenses, for which purposes. This becomes a diligence deliverable.
Consult counsel for non-standard licenses. If the license isn't Apache 2.0, MIT, or BSD, have your lawyer review it before you build on it.

For a comprehensive treatment of open-source licensing risks, including copyleft obligations and license compatibility, see our post on open-source licensing for startups.

The Emerging Litigation Landscape

Several pending lawsuits will shape AI IP law over the next few years:

Doe v. GitHub (N.D. Cal.) — challenges GitHub Copilot's reproduction of licensed code
Andersen v. Stability AI (N.D. Cal.) — artists claim AI image generators infringe by training on copyrighted images
New York Times v. Microsoft/OpenAI (S.D.N.Y.) — claims ChatGPT reproduces copyrighted news content
Thomson Reuters v. Ross Intelligence (D. Del.) — addresses whether training AI on copyrighted legal content constitutes fair use
Concord Music v. Anthropic (M.D. Tenn.) — challenges AI reproduction of copyrighted song lyrics

These cases are working through the courts as of early 2026, with no definitive rulings on the core training data questions. The outcomes will determine whether AI companies (and by extension, their users) face massive copyright liability — or whether training on publicly available data is fair use.

For startups, the practical implication is uncertainty. Build your policies and documentation as if the law will require disclosure, attribution, and rigorous IP management — because it very well might.

The Bottom Line

AI tools are transforming how startups build products. That's not going to stop, and it shouldn't. But the IP framework hasn't caught up to the technology, and startups that ignore the gap are creating risk that will surface at the worst possible time — during fundraising diligence, M&A, or a competitor's IP challenge.

The key actions:

Implement an AI acceptable use policy. Cover approved tools, prohibited inputs, required review processes, and documentation requirements.
Update your CIIA and contractor agreements. Explicitly address AI-assisted work product and ensure the assignment language covers the full spectrum of IP rights.
Use enterprise-grade AI tools. The IP indemnification, data privacy, and ownership terms are materially better than consumer plans.
Scan your codebase for license contamination. AI-generated code may introduce open-source license obligations you didn't intend.
Build an IP diligence file. Document your AI tool usage, policies, copyright registrations, and code review processes. Investors will ask.
Read your model licenses. If you're building on open-source AI models, understand the actual license terms — not just the marketing.
Treat trade secret protection seriously. Even where copyright is uncertain, trade secret law provides a parallel layer of protection for your proprietary systems.

The law will evolve. Your policies should be built to adapt. The startups that get this right will have a cleaner IP position, smoother fundraising, and stronger defensibility than those that wing it.

Building with AI and want to make sure your IP house is in order? Book a free call — we help startups structure IP ownership, update employment agreements, and prepare for investor diligence in the AI era.