Is AI Patent Infringement Detectable?

• Published date: 08 August 2022
• Subject Matter: Intellectual Property, Technology, Patent, New Technology
• Law Firm: Haseltine Lake Kempner LLP
• Author: Ms Kimberley Bayliss and Alex Roy

One of the things that is on our clients' minds when filing patents is whether the invention is detectable - after all, a patent is of limited use if you can't detect infringement.

There seems to be a general assumption in the industry that Machine Learning (ML) models can't be reverse engineered due to their black box nature, and that there is limited value in pursuing patents for 'hidden AI'.

To get to the bottom of the detectability question, we sat down with Chris Whittleston, Delivery Lead at Faculty, one of the UK's well known AI companies, for an informal chat about reverse engineering. We asked him what might be detectable in different scenarios; this is a summary of what we learnt.

If you can get hold of a software product, e.g. an executable file, then it is highly likely that you can get a handle on whether a machine learning model is being used

Many AI inventions fall into the category of what is known in Europe as 'Applied-AI'. That is, they use known AI models in an innovative way.

In this scenario, if an Applied-AI invention were incorporated into a product, it is highly likely that open-source libraries would be used to create and deploy the ML model. Afterall, open source libraries are reliable, well tested, and well, why re-invent the wheel? Various open-source libraries exist and the code is freely available for download.

If an opensource library were used in a product, then this would be detectable through decompilation. Decompilation is a reverse engineering technique which recreates high-level source code that is human readable, from compiled executable code (which is not human readable). Although decompilation allows an Engineer to reconstruct functions and variables called by the executable code, the original names and labels for these variables and functions are replaced with random character strings. The replacement is performed in a consistent manner however throughout the decompiled code, meaning that variables, function names and the like are each replaced with an individual random character string.

Whilst the names and labels given to the various functions in the decompiled code may be unintelligible, the structure of these functions can be cross-referenced to known functions found in open source libraries. Thus, through this cross-referencing, an Engineer can recognise and identify the functions being called upon in the decompiled code.

It is therefore likely to be possible to identify known neural network code structures...