LR-101 · Module 2

Red Flags in AI Contracts

4 min read

I keep a running list of contract provisions that make me pause. Not ambiguous provisions — those are everywhere and usually fixable. I mean provisions that are designed to shift risk disproportionately, and they show up in AI contracts more often than they should. Here are the ones that should stop you mid-read.

Do This

  • Cap mutual indemnification at total contract value with carve-outs for gross negligence
  • Retain ownership of your proprietary methods, frameworks, and pre-existing IP
  • Specify exactly which data the provider can retain and for how long
  • Require mutual NDA protections that cover AI model architecture and training data

Avoid This

  • Accept uncapped indemnification — "all damages arising from" with no ceiling is unlimited exposure
  • Sign broad IP assignment clauses that transfer ownership of your work product to the client's AI stack
  • Agree to "perpetual, irrevocable license" to your data without understanding what that enables
  • Accept unilateral confidentiality obligations that protect them but not you

Uncapped indemnification is the most dangerous clause I encounter. In plain English: if something goes wrong, you pay everything — no ceiling, no limit, no cap. In a traditional software engagement, the realistic exposure is bounded by the scope of the software. In an AI engagement, where the system generates novel content that could infringe IP, provide harmful advice, or process data in unexpected ways, the exposure is theoretically unlimited. I have seen uncapped indemnification in contracts from Fortune 500 companies. They know what it means. You should too.

IP assignment clauses deserve special attention in AI contracts. Some agreements include provisions that assign to the client all intellectual property created "in connection with" the engagement. In a traditional consulting engagement, this might be reasonable — they are paying for deliverables. In an AI engagement, "in connection with" could be interpreted to include your proprietary frameworks, your prompt engineering methods, your fine-tuned model configurations, and your integration architecture. [REDLINED]. Always narrow the scope to specific deliverables, not everything created in connection with the work.