Care before you share: Potential risks to IP rights from disclosure to AI assistants

AI assistants, when used appropriately, can significantly accelerate the arduous process of innovation. However, using these tools without full awareness of how different AI assistant platforms handle user inputs, data, and commercially sensitive information, could potentially and irreversibly compromise intellectual property rights, including patent rights, before a patent application is even filed.

Could the use of AI assistants be considered “public disclosure” of an invention?

A fundamental legal principle is that patent rights depend on novelty of the claimed invention. In most countries any non-confidential/public disclosure of the invention before filing a patent application can compromise, or entirely destroy, the ability to obtain patent protection. Importantly, the legal standards and circumstances that determine what constitutes a novelty destroying public disclosure event vary significantly between jurisdictions.

For example, in the U.S. non-confidential disclosure of an invention prior to filing of a corresponding patent application generally only becomes prior art if the information is made publicly accessible prior to the filing date. Thus, in the U.S., merely inputting invention details into a consumer AI tool that stores, but does not make the invention details publicly accessible, is unlikely to be considered a novelty destroying disclosure. However, the U.S. position is the exception rather than the rule.

Europe, China, Japan, Korea, and Australia all apply stricter public disclosure/novelty standards than the U.S. For example, in considering whether divulged information is considered a “public disclosure”, European patent law focuses heavily on whether confidentiality was maintained, not merely on whether someone actually accessed or read the information. If invention details are entered into a consumer AI platform operating without a binding confidentiality obligation, a European patent examiner or opponent could argue that the invention was disclosed to an uncontrolled third party outside any obligation of secrecy. The fact that no human being may ever have reviewed the query would not necessarily be a complete defence, although this has not yet been tested in a European court.

Due care - know your AI platforms and agreements

Unlike patent attorneys and in-house counsel, AI platforms do not, by default, owe a user a duty of confidentiality. Any confidentiality obligations should therefore be expressly established through binding contractual arrangements. Importantly, where no enforceable confidentiality obligation exists, disclosing confidential information of an invention to an AI platform might in at least some jurisdictions, be considered equivalent to any other non-confidential disclosure of the invention.

The challenge with many AI assistant platforms is that users often have little to no control over what happens to the information once it is entered into the platform. Thus, depending on the AI assistant and the AI assistant settings, sensitive information provided to an AI system may be stored, reviewed by human personnel, used to train or improve AI models, and/or potentially be reconstructed or inferred through outputs generated for other users.

A silver lining - understanding different risk categories

The good news is that the risk of “public disclosure” to an AI agent can be greatly mitigated by being aware of the relevant agreements governing the use of an AI platform. Based on the terms of such agreements, AI assistants/platforms can be broadly divided into three general risk categories:

High Risk

The “high risk” category refers to publicly accessible AI tools. This category commonly includes free versions of widely used AI chatbots, (e.g., ChatGPT, Gemini, Claude, and DeepSeek), when used under standard public consumer terms. These platforms can retain user inputs, permit human review, and use submitted information for future model training or optimisation.

From an IP rights perspective, any sensitive technical information entered into a public consumer AI platform should be treated as potentially disclosed to the public.

Middle Risk

The “middle risk” category includes paid consumer tiers of major AI platforms. This category commonly includes paid consumer subscription to platforms such as ChatGPT Plus, Claude Pro, or Gemini Advanced. These services often provide additional privacy controls compared with free public versions, including settings that may allow users to opt out of their data being used for model training. However, the risk still remains because users must actively verify and correctly configure those settings, and the services are still generally designed for broad consumer use rather than highly confidential legal or commercial work.

Thus, where such platforms are used in connection with information used to develop inventions, users should actively verify the relevant privacy and training settings and maintain records of those settings where possible throughout the invention period prior to filing a patent application, and, indefinitely, in the case of trade secrets.

Low Risk (Recommended)

The “low risk” category refers to enterprise AI assistant systems operating under negotiated contractual terms. This category commonly includes ChatGPT Enterprise, Microsoft Copilot for Microsoft 365, or a privately deployed internal AI model operating under negotiated commercial and confidentiality agreements. These systems are typically provided under enterprise contractual terms that expressly address data handling, confidentiality, security, and restrictions on model training. In many cases, customer data is not used to train public AI models, and organisations are given greater administrative and security controls.

Importantly, the relevant commercial arrangements should include express commitments that user data will not be used for model training, that information will remain isolated within dedicated environments, and that specified security and compliance standards will be maintained. For sensitive, patent, and other IP related work, this is generally the recommended AI assistant category to be used.

Additional considerations – moderation and filtering risks

An additional issue that applies to the “middle risk” and “low risk” categories is the concept of “moderation.” As part of their safety practices, many large technology companies monitor and filter prompts submitted to AI systems to detect potentially harmful content, for example prompts relating to self-harm, violence, or illegal activity. Accordingly, users should carefully review the applicable agreements to determine whether their prompts are exempt from moderation review.

Importantly, even enterprise AI subscriptions may still remain subject to moderation systems. For example, under enterprise Microsoft Copilot subscriptions, there remains a possibility that prompts containing flagged words or concepts could be reviewed by Microsoft personnel as part of the platform’s moderation processes.

One potential solution is to deploy a custom AI agent environment and obtain a moderation exemption from the relevant company (e.g. Microsoft). Once such an exemption is granted, filtering settings can be disabled within the agent configuration, thereby preventing prompt content from being filtered or escalated for human moderation review.

Practical advice – buyer beware…

Before using any AI tool for invention related work, it is worth carefully reviewing the “Terms of Service” or “Terms of Use”, the primary governing document for most consumer AI platforms. These types of agreements typically include the most important provisions around data use, training permissions, and user rights. In addition, users should carefully review the “Data Processing Agreement” (DPA), which is often the key contractual document governing how the provider processes data on behalf of the customer. Enterprise and Team tier subscriptions typically include a DPA that explicitly prohibits the use of customer data for AI model training. Consumer tiers typically do not offer a DPA at all.

Free consumer tools should generally be treated as inappropriate for sensitive technical material. Paid consumer platforms may provide better protection, but users should still carefully check privacy settings and data handling practices. Importantly, “paid” does not automatically mean “confidential.” While many users incorrectly assume that paying for a subscription guarantees privacy protections equivalent to professional confidentiality obligations, this is often not the case. Enterprise AI systems are more appropriate for confidential work, provided suitable contractual protections are in place.

Organisations should also implement clear internal AI use policies. In practice, the greatest risk is often not deliberate disclosure, but rather well intentioned employees pasting confidential technical information into consumer AI systems without appreciating the legal implications. Researchers, inventors, project managers, and commercial personnel should all understand the confidentiality risks associated with AI assisted workflows.

For highly confidential patent related work, it is important to review not only model training restrictions, but also whether moderation, filtering, and human review mechanisms apply. In some cases, greater protection may require a custom AI environment, with provider approved exemptions allowing moderation and filtering functions to be disabled.

Conclusion

The use of AI assistants is becoming an integral part of the R&D processes to develop and commercialise inventions. At the same time, these tools can present new and often unrecognised potential risks to IP rights of inventors and their organisations when used without fully understanding the associated confidentiality implications.

With a bit of diligence, users can choose an appropriate AI assistant platform that will ensure they exploit the power of these tools while ensuring that their sensitive data and inventions remain confidential.

DISCLAIMER: The views expressed in this article reflect the co-authors’ opinions and must not be relied on in lieu of advice from a qualified professional in respect of your particular circumstances. To the maximum extent permitted by law, FB Rice does not make, and excludes, any representation or warranty, express or implied, as to the accuracy, reliability, currency or completeness of any information in this article and FB Rice (collectively, with its partners, officers, directors, employees, agents and advisers) expressly disclaims any and all liability for any loss or damage, howsoever caused, relating to these materials or from acting in reliance on the information within it.