Who Owns AI-Refactored Code?
Human edits, contracts, and documentation determine whether AI-refactored code can be owned or remains legally unprotected.
Ownership of AI-refactored code depends on human involvement, documentation, and legal agreements. AI tools can modernize legacy codebases, but U.S. copyright law requires human authorship for protection. Key points to consider:
- Human Contribution: AI-generated code is not copyrightable unless humans significantly modify or direct it.
- Derivative Works: Refactored code is a derivative of the original, and ownership depends on the original code's rights.
- Contracts: Clear agreements with AI vendors and consultants are essential to assign ownership and manage risks.
- Documentation: Recording human edits, prompts, and decisions strengthens copyright claims.
- Licensing Risks: Open-source components and AI training data can introduce compliance challenges.
To safeguard ownership, businesses must combine strong contracts with detailed documentation and governance practices. Without these measures, AI-refactored code may lack clear legal protections.
What Is AI-Refactored Code and How Is It Used?
Defining AI-Refactored Code
AI-refactored code refers to the process of using advanced tools like large language models and machine learning to restructure existing codebases while keeping their external behavior intact. It’s like upgrading the infrastructure of a house - keeping the structure but modernizing the internal systems.
This approach allows for the transformation of millions of lines of code in just hours, a task that would otherwise take experienced engineers months. Tasks such as renaming variables, removing unused code, and applying consistent design patterns are automated. However, these tools often lack the deep understanding of business context that seasoned developers bring to the table.
"The hardest, most expensive part of modernization isn't writing new code; it's understanding what the old code actually does." - Paresh Mayani, Co-Founder & CEO, SolGuruz
How Generative AI Refactors Legacy Code
Generative AI tools can analyze legacy code by breaking it down into structured formats like Abstract Syntax Trees (AST) or Low-Level Syntax Trees (LST). This helps the tools understand the hierarchy, data types, and logic of the code without altering its functionality. The process generally involves four steps: analysis, identification, transformation, and validation.
Take the case of 1Password in April 2026. They used an AI-powered toolchain to refactor a massive Go monolith, leveraging Go SSA analysis and SQL parsing to map domain ownership. Over 3,000 database transaction call sites were updated, replacing error-prone functions with improved error-handling mechanisms. This effort boosted productivity in service extraction tasks by 20–30%.
"The pattern that works is using agents to produce deterministic artifacts, then forcing execution through those constraints." - Tido Carriero, VP of Engineering, Cursor
Validation is a crucial step in the process. Without robust testing frameworks, AI-assisted refactoring only achieves accurate results 37% of the time. To mitigate this, leading teams implement characterization tests before making structural changes. These tests establish a clear behavioral baseline that the refactored code must meet.
AI Tools Used in Enterprise Code Refactoring
Enterprise-grade AI tools often use multi-agent systems, where each agent specializes in tasks like code extraction, planning, editing, or generating tests. This approach allows for managing large-scale migrations that a single language model couldn’t handle alone.
For example, in 2025, Thoughtworks introduced its internal AI tool, CodeConcise, to modernize a client’s COBOL system. This tool reduced reverse-engineering time from six weeks to just two weeks for every 10,000 lines of code, dramatically cutting costs during one of the most labor-intensive phases of legacy modernization.
| Modernization Strategy | AI's Role |
|---|---|
| Rehost | Automates VM-to-container migration and dependency mapping |
| Replatform | Generates configuration files, infrastructure as code, and CI/CD pipelines |
| Refactor | Speeds up code analysis, refactoring suggestions, and test generation |
| Rearchitect | Identifies capability boundaries and suggests service decomposition |
| Replace | Extracts business rules from legacy code for rebuilding specifications |
Across these strategies, AI acts as a tool for acceleration rather than a replacement for human expertise. As Niket Kapadia, CTO of Azilen Technologies, explains:
"AI works best as an accelerator within structured legacy modernization programs rather than as a fully autonomous coding solution." Organizations looking to navigate these complexities often partner with an AI consulting agency to ensure technical and legal alignment.
This technical groundwork lays the foundation for exploring how U.S. copyright law addresses ownership in AI-refactored projects.
sbb-itb-f123e37
Who Owns the Intellectual Property in the Output From AI Products?
How U.S. Copyright Law Applies to AI-Refactored Code
As businesses increasingly turn to AI for code refactoring, U.S. copyright law provides guidance on how ownership is determined in these scenarios.
The Human Authorship Requirement
Under U.S. copyright law, authorship is reserved for humans. This means that AI-generated code, unless significantly modified by a person, is considered to fall into the public domain. The U.S. Copyright Office emphasizes the importance of human creative input in determining copyright eligibility. Simply using AI for routine tasks doesn’t disqualify a work from protection, as long as a person is actively directing the creative choices.
The U.S. Copyright Office clarifies its stance on prompts:
"Prompts function as instructions that reflect a user's conception of the idea but do not control the expression of that idea." - U.S. Copyright Office
In other words, even a highly detailed prompt isn’t enough to claim authorship over AI-generated output. To qualify as the author, the individual must contribute by shaping the structure, making decisions, and refining the content. These principles also influence the legal treatment of derivative works.
Derivative Works and Legacy Code Ownership
When AI refactors existing code, the resulting output is considered a derivative work of the original code. According to U.S. copyright law, only the owner of the original code has the exclusive right to authorize derivative works. For example, if your company owns the original code and uses AI to refactor it, your company retains ownership of the portions of the code that remain identifiable in the new version. Without proper authorization, a developer can only claim rights to their unique contributions - not to the underlying code owned by someone else.
A notable case occurred in March 2026 when developer Sigrid Jin used OpenAI's Codex to rewrite Anthropic's Claude Code (originally in TypeScript) into Python. This example highlights the complexities of cross-language refactoring. Anthropic issued DMCA takedowns against direct copies of the original TypeScript code but initially refrained from targeting the Python rewrite. As project management consultant Marc Bara explained:
"The clean-room rewrite may successfully avoid infringing Anthropic's copyright in the original TypeScript. But the resulting Python code... may itself be uncopyrightable."
Key Factors That Determine Ownership
Several factors influence ownership claims when AI is involved:
| Factor | What It Means for Ownership |
|---|---|
| Degree of human involvement | Greater human editing and decision-making bolster copyright claims. |
| Nature of AI-made changes | Unedited, AI-generated sections are unlikely to qualify for protection. |
| Original codebase licensing | The rights of the original owner extend to derivative works. |
| Prompt complexity | Even intricate prompts don’t establish authorship. |
| Documentation of contributions | Keeping detailed records of changes strengthens copyright claims. |
Maintaining thorough documentation is critical when asserting ownership and managing legal risks.
It’s worth noting that AI tool providers typically do not claim ownership of the outputs generated by their platforms. For instance, after the November 2025 GitHub Copilot settlement, it was confirmed that using the tool does not transfer ownership of the code to GitHub. Ownership remains with the human users or their organizations, making clear human involvement and meticulous record-keeping essential.
"The inclusion of elements of AI-generated content in a larger human-authored work does not affect the copyrightability of the larger human-authored work as a whole." - U.S. Copyright Office
Who Owns AI-Refactored Code in Common Enterprise Scenarios
Who Owns AI-Refactored Code? Key Ownership Factors & Legal Rules
Ownership of AI-refactored code in enterprise settings depends heavily on who is doing the refactoring, the tools being used, and the nature of the legacy code. Each scenario brings its own challenges, and outcomes often hinge on documented human contributions and clear contractual terms.
Using AI Tools In-House on Company-Owned Code
When a company’s internal developers use AI tools to refactor proprietary code, the company typically retains ownership. But there’s a catch. Under the work-made-for-hire doctrine, any contributions made by employees within their job responsibilities belong to the employer. However, issues arise when parts of the code are purely AI-generated. For instance, if a developer relies on an AI tool to autonomously rewrite a legacy module with minimal human involvement - sometimes called "minimal input coding" - the resulting code might not qualify for copyright protection. This creates what legal experts call a "copyright gap", where the code cannot be exclusively owned.
One way to address this is through enterprise-tier AI agreements. Companies like Anthropic offer contracts that explicitly assign ownership of AI-generated output to the customer. While this doesn’t create copyright protection where none exists, it does provide a contractual claim to the code. Ultimately, human oversight and detailed documentation are critical in asserting ownership.
"If code generated largely by AI is not protected by copyright, the company for which it was developed may not enjoy the same proprietary exclusivity it would ordinarily expect." - Ran Vogel, S. Horowitz & Co.
Hiring External Consultants for AI-Driven Refactoring
Outsourcing AI-driven refactoring comes with its own risks, especially around ownership. Standard consulting agreements, particularly older ones, often don’t address AI-assisted work. By default, contractors own the rights to their work unless a written agreement specifies otherwise. And if the refactored code is primarily machine-generated, there may be no copyright to transfer.
When engaging firms like NAITIVE AI Consulting Agency, contracts should explicitly outline which parts of the refactored code involve human authorship, confirm that the consultant’s AI vendor allows for commercial assignment of outputs, and require the consultant to document how they evaluated and modified AI-generated suggestions.
There’s also a trade secret concern. If a consultant uses a consumer-grade AI tool on proprietary code, that data could end up training public models. Courts increasingly view enterprise-tier agreements with "no-training" clauses as the baseline for protecting trade secrets. Clear contracts are essential to ensure that both human contributions and AI outputs result in assignable rights.
Refactoring Code That Includes Third-Party or Open-Source Components
The complexity grows when refactoring involves legacy code that includes third-party or open-source components. Open-source licenses remain in effect even if AI tools refactor the code. For instance, a module under a GPL license that is refactored by an AI tool still carries its copyleft obligations, meaning the resulting code may need to remain open-source regardless of the level of AI or human involvement. Here again, human oversight and careful documentation are vital to managing licensing requirements.
Another challenge is that AI tools may inadvertently replicate code segments from their training data, which could carry licensing obligations not present in the original codebase. Studies have shown that 35% of code generated by tools like GitHub Copilot contains licensing inconsistencies, potentially exposing companies to compliance risks.
To mitigate this, enterprises should integrate automated license scanning tools - such as FOSSA, Snyk, or Black Duck - into their CI/CD pipelines. Treat AI-refactored code like any third-party dependency: scan it before merging.
"When a development team integrates AI-generated output without knowing whether it is based on pre-existing code... the company may discover too late that the real risk lies... in the chain of rights behind it." - Ran Vogel, S. Horowitz & Co.
How to Protect Ownership and Reduce Risk
Contract Terms That Define Ownership
Start protecting your intellectual property before any code refactoring begins. Your agreements with AI tool vendors or external consultants should include an explicit ownership clause that ensures all generated and refactored code, including derivatives, belongs to you. Standard intellectual property (IP) language written before the rise of generative AI won't cover this.
Two additional clauses are critical: a no-training restriction to prevent vendors from using your source code or outputs to train their models, and strong IP indemnification to shield against third-party infringement claims. Anthropic's $1.5 billion copyright settlement over training data is a clear example of the financial risks involved. To mitigate these risks, negotiate indemnification terms that go beyond standard liability caps.
You should also require vendors to disclose the AI models they use and allow your team to audit their data handling practices. If a vendor embeds their own background IP into your refactored code, ensure the licensing terms are broad enough to let you use, modify, and maintain the software independently.
In addition to strong contracts, implementing internal policies can further protect your ownership rights.
Internal Policies for AI Code Refactoring
Contracts alone aren't enough - you need internal policies that document and attribute AI-assisted changes to your codebase. For example, record key decisions, prompt iterations, and manual edits to show meaningful human involvement in the final product.
Set up a governance framework that classifies AI usage by risk level. For example:
- Low risk: Documentation and test cases
- Medium risk: Feature code with peer review
- High risk: Core proprietary algorithms
For medium- and high-risk tasks, require developers to review and approve all AI-generated code before it’s committed. Use tools like pull request templates or commit trailers (e.g., AI-Assisted: cursor 0.45) to track which parts of the code were AI-generated and who reviewed them. Additionally, keep a default 7-year retention period for prompts sent to AI models to support future audits.
"If you do not have prompt logging, commit attribution, named review, and license scanning in place, you are accumulating risk that will surface at the next audit or the next regulator visit." - Daniella Mitchell, Compliance Engineering Lead, The BrightByte
Update employment and contractor agreements as well. Generic IP assignment clauses often don’t cover AI-assisted work. Include specific language that assigns ownership of AI-assisted code to the employer.
Reducing Legal and Operational Risk
To complete your ownership protection strategy, address potential legal and operational risks. This involves managing trade secret exposure and open-source license contamination.
On the trade secret front, the January 2026 ruling in Trinidad v. OpenAI highlighted that feeding proprietary code into consumer-grade AI tools without a confidentiality agreement can destroy its trade secret status. Use enterprise-grade AI tools exclusively and treat unauthorized uploads of proprietary code as a security breach requiring immediate action.
For licensing risks, integrate automated scanners like FOSSA, Snyk, or ScanCode into your CI/CD pipeline. These tools can detect AI-generated code snippets that might carry GPL or AGPL obligations before they make it into production. Additionally, ensure AI tools employ duplication filters to prevent exact copies of training data from being reproduced. For fully AI-generated code that might not qualify for copyright protection, trade secret laws become your fallback. However, this only works if you’ve documented reasonable efforts to maintain secrecy.
"AI cannot be an author. AI cannot be an inventor. The ownership of anything a company created with AI assistance depends entirely on what the humans on the team did, documented, and contractually secured." - Meetesh Patel, Founder, Consilium Law
Conclusion: Managing Ownership of AI-Refactored Code
With the U.S. Supreme Court's decision to deny certiorari in Thaler v. Perlmutter on March 2, 2026, it’s now firmly established that AI cannot hold copyright. This ruling underscores the importance of deliberate human involvement and documentation when determining ownership of AI-refactored code. Copyright law, as well as rules surrounding derivative works, hinges on clear evidence of human contributions throughout the process.
At its core, the requirement is simple: human input must be both visible and verifiable. This means keeping detailed logs of architectural choices, iterations of prompts, and manual edits. These records form the backbone of any potential copyright or patent claim. As attorney Michael R. Justus from Carlton Fields aptly put it:
"Copyright remains a central pillar of legal protection for software and demands careful planning. Build the copyright protection stack into coding workflows."
But documentation alone isn’t enough. Strong contractual frameworks are equally critical. By 2026, IP auditors routinely request AI Audit Reports to confirm a codebase's origins before acquisitions are finalized. Without updated agreements - whether with contractors, vendors, or internal teams - organizations may face significant risks during due diligence or litigation. This gap between standard IP agreements and the realities of AI-assisted development has become a pressing liability.
Given the prevalence of AI-generated or AI-assisted code, this is no longer a niche concern. It’s an operational risk on par with data security or regulatory compliance. Companies that fail to address AI governance as a priority could find themselves exposed to mounting risks over time.
For businesses navigating the complexities of AI-driven refactoring, working with experts like NAITIVE AI Consulting Agency can help establish secure AI workflows and governance systems. Such partnerships ensure alignment with intellectual property strategies, tying together the article's central themes of human oversight, thorough documentation, and proactive risk management into a well-rounded operational framework.
FAQs
How much human editing is enough to claim ownership?
Under U.S. law, there isn’t a specific percentage of editing required to claim ownership of a work. Copyright hinges on whether the final product demonstrates enough human creativity. Simple tasks like minor debugging or refactoring usually don’t meet this standard. On the other hand, making meaningful changes - such as rewriting core logic, tailoring algorithms, or blending AI-generated output with your own original code - can bolster your claim. To solidify your case, maintain detailed records of your creative contributions.
Can AI-refactored code be protected as a trade secret?
Yes, AI-refactored code can indeed be protected as a trade secret. Unlike copyright, trade secret laws don't hinge on human authorship. For the code to qualify, it needs to derive economic value from remaining confidential, and the owner must take reasonable measures to ensure it stays that way. NAITIVE AI Consulting Agency assists businesses in safeguarding proprietary workflows by enforcing strict access controls, establishing internal policies, and managing vendors effectively to uphold trade secret protection.
What should an AI refactoring contract require?
An AI refactoring contract needs to tackle current challenges that go beyond the usual work-for-hire terms. To safeguard ownership rights and ensure clarity, the agreement should:
- Transfer ownership of all outputs: This includes AI-generated code, prompts, and model weights, which should be assigned to the client once payment is made.
- Document human oversight: Proper documentation of human involvement is crucial to support the client’s copyright claims.
- Limit client data usage: The contract should prohibit using client data in public AI models to maintain confidentiality and control.
- Guarantee secure, high-quality deliverables: All outputs must meet high standards and be free from infringement risks.
- Store code in client-controlled repositories: This prevents vendor lock-in and ensures the client retains full control over the work.
By addressing these points, the contract can help navigate the complexities of AI-driven projects while protecting the client’s interests.
