Certified: The ISACA AAIR Audio Course

In this episode, we are going to tackle intellectual property risk in AI in a way that is clear for beginners, because this topic can feel confusing fast. People hear about models being trained on huge amounts of data and then generating new content, and they wonder what is allowed, what is fair, and what is legal. They also hear arguments that sound absolute, like everything is stolen or everything is fine, and neither extreme is helpful for risk decisions. Intellectual property risk is not just a legal topic, because it affects trust, partnerships, business strategy, and how safely an organization can use AI without stepping into avoidable disputes. The goal here is not to turn you into a lawyer, but to give you a stable mental model for the main risk questions. By the end, you should understand the difference between training data rights and output ownership, why both matter, and how governance reduces the chance of surprises.

Before we continue, a quick note: this audio course is a companion to our course companion books. The first book is about the exam and provides detailed information on how to pass it best. The second book is a Kindle-only eBook that contains 1,000 flashcards that can be used on your mobile device or Kindle. Check them both out at Cyber Author dot me, in the Bare Metal Study Guides Series.

A good first step is to define intellectual property (I P) in plain language, because the term covers several related but different ideas. I P is the set of legal rights that protect creations of the mind, like writings, images, music, designs, inventions, and brand identifiers. The most common types people run into in AI discussions are copyright, which protects original creative expression, and trade secrets, which protect valuable confidential information kept secret by the owner. You also hear about patents, which protect certain inventions, and trademarks, which protect brand names and symbols that identify the source of goods or services. AI risk can touch all of these, but copyright and trade secrets tend to show up most often when talking about training data and generative outputs. Even at a beginner level, it helps to see that I P is about rights and control, meaning someone has a claim to how their work is used and how others can profit from it.

Now we can separate the two big areas in the title: training data rights and output ownership. Training data rights are about whether you have permission or a legal basis to use certain data to train, fine tune, or improve an AI model. Output ownership is about who owns, controls, or can legally use the content the model generates, and whether that content might infringe on someone else’s rights. These are related but not identical risks, because you could have training data that is properly licensed but outputs that still cause problems, or you could have outputs that seem harmless but training data practices that create legal exposure. A good risk mindset is to treat these as two separate questions that both need answers. If you only focus on outputs and ignore training data, you might miss the source of the biggest legal dispute. If you only focus on training data and ignore outputs, you might deploy a system that produces risky content in public.

Training data rights start with a basic idea: data is not automatically free to use just because it is easy to access. Data can be public and still be protected by copyright, and data can be internal and still be protected as a trade secret. For example, content on a website might be visible to anyone, but the creator may still retain rights and may have terms that restrict reuse. Internal documents might include proprietary methods, customer information, or confidential contracts, which are valuable and protected even if they are not formal I P like a patent. When an AI system is trained on data, it can encode patterns from that data, and that is part of why training data rights matter. If training practices violate rights or confidentiality expectations, the organization can face legal claims, reputational damage, and operational disruption. For beginners, the key point is that training is not just a technical process; it is a form of data use that must be governed.

A practical way to think about training data rights is to ask three questions: where did the data come from, what rights apply to it, and what permissions do we have. Where it came from includes whether it was created internally, licensed from a third party, scraped from the open web, or obtained through a partnership. What rights apply includes whether it is copyrighted, whether it contains confidential information, whether it includes personal data that triggers privacy obligations, and whether it is subject to contractual restrictions. What permissions exist includes licenses, terms of use, contracts, or explicit consents that define allowed use. These questions are simple, but they force clarity, and clarity is what reduces risk. If you cannot answer where the data came from, you cannot defend how it was used. If you cannot describe permissions, you cannot confidently claim the organization has the right to train on it.

Trade secret risk is especially important for training data because organizations can accidentally feed confidential information into systems that are not meant to hold it. For example, employees might paste internal documents into an AI tool to summarize them, not realizing that the tool could retain the text for further processing or that the vendor might use it for service improvement. Even without deep technical knowledge, you can see how that creates exposure, because it breaks the promise that the information stays internal. Trade secret protection depends on keeping information secret and taking reasonable steps to protect it, so careless sharing can weaken protection. This is why AI governance often includes clear rules about what can and cannot be used as input, especially for external services. If confidential information becomes part of a model’s training data, it can create long lasting risk, because you cannot easily pull specific secrets back out once they are learned.

Copyright risk in training data is often discussed because people worry that models were trained on creative works without permission. From a risk management viewpoint, the important thing is not to pick a side in a philosophical argument, but to recognize that legal and regulatory environments may differ and may evolve. Organizations need to know what training sources were used, what licenses apply, and what commitments vendors make about their training practices. If you build your own model, you need clear records of data sources and permissions. If you use a vendor model, you need to understand what the vendor says about its data and what liability terms exist. Even if a practice is common in the industry, it can still create risk if courts, regulators, or public opinion shift. That is why governance emphasizes documentation, due diligence, and contractual clarity rather than assumptions.

Now let’s shift to output ownership, which is where many beginners assume the question is simple, like the person who typed the prompt owns the output. In reality, ownership and usage rights can be shaped by contracts, platform terms, and the nature of the output itself. Some organizations treat outputs as work product owned by the organization, especially when created by employees during work. Some vendors may grant users broad rights to use outputs, but may also include limitations or disclaimers. Output ownership also becomes complicated when the output resembles existing protected works, because even if you have rights to use the output, you might still face claims that it infringes on someone else’s copyright or trademark. The risk is not only who owns the output, but whether the output is safe to publish, sell, or rely on. For beginners, it helps to think in terms of rights to use, not just ownership as a label.

One of the most practical risks with outputs is unintended similarity, where generated content is close enough to a known work that it raises infringement concerns. This can happen with text, images, and code, especially when prompts ask for content in the style of a specific creator or when the system has seen a lot of similar patterns. Even if the output is not a perfect copy, similarity can still trigger disputes, and disputes can be expensive even if the organization believes it would win. Another risk is that outputs can include protected brand identifiers, like logos or trademarked phrases, which can create confusion about endorsement or origin. Output risk is also connected to privacy, because a model might generate personal details that should not be shared, especially if it was exposed to sensitive data. This is why output governance often includes review expectations for public facing content and guardrails for prompts in sensitive contexts.

Because output ownership can be messy, a strong governance approach focuses on how outputs will be used and what protections exist before they are used. If outputs are internal drafts, the risk might be manageable with training and review. If outputs are published externally, the stakes are higher and review should be stronger, especially for marketing, legal communications, and customer promises. If outputs are used in products, the organization may need a more rigorous approach, including checks for originality, checks for unauthorized inclusion of third party content, and clear records of how content was produced. The key is that ownership is not enough; you need a defensible process for safe use. A beginner can remember this as a simple rule: the more public and permanent the output, the more governance it needs.

Another important piece is how vendor relationships affect both training data rights and output usage rights. When you use an external AI service, the terms of service and contract may define whether your inputs can be used to train the vendor’s models, whether outputs can be used commercially, and what happens if a third party claims infringement. This is where risk teams pay attention to indemnification, which is a contractual promise about who pays and who defends if a legal claim happens. You do not need to be a lawyer to understand the risk: if the vendor does not offer meaningful protection and the organization relies heavily on outputs, the organization may bear the cost of disputes. Vendor due diligence also includes asking how the vendor prevents memorization of training data, how it handles copyrighted material, and what controls exist to reduce output infringement. Even if you cannot verify every detail, asking these questions and documenting responses is part of responsible governance.

As we conclude, handling I P risks in AI is about separating the problem into training data rights and output ownership, and then managing both with clear questions and disciplined governance. Training data rights require knowing where data came from, what rights apply, and what permissions exist, with special care for trade secrets and copyrighted works. Output ownership and usage require understanding how outputs will be used, what contractual rights apply, and how to reduce the risk that outputs infringe on others or reveal sensitive information. Over time, these risks are best managed through records, policies about acceptable inputs, review practices for high impact outputs, and thoughtful vendor agreements that clarify responsibilities. The goal is not to eliminate all uncertainty, because law and norms evolve, but to ensure the organization can show that it acted reasonably and took steps to prevent predictable harm. When you approach I P risk this way, you make AI adoption safer, more trustworthy, and less likely to be derailed by avoidable disputes.