Nowhere Left to Hide: How AI Hiring Lawsuits Reach Both Vendor and Employer
NEW YORK | June 22, 2026 — For years, the comfortable answer to "what if our hiring software discriminates?" was some version of: that's the vendor's problem, not ours, we just license the tool. It was never airtight, but it felt safe enough that most companies signed the standard contract, accepted the standard liability cap, and moved on.
But as every employer is learning, past practice seldom provides proper protection in the age of artificial intelligence. The old comfort rested on a tidy line: a company answers for its own hiring decisions, not for bias buried inside a tool it merely licensed. Vendors leaned on the same line from the other side, providing the platform without owning the practice. It was a convenient arrangement for everyone but the rejected applicant, and it held only as long as no one tested it.
Two lawsuits are now testing it, from opposite directions, and the line is buckling under both. On one side, courts are beginning to treat AI hiring vendors as if they were the employer, answerable for the screening they perform on a company's behalf. On the other, employers are discovering they can be held to account for the tool they deployed and for how it collected and used applicants' data, no matter who wrote the code. The buffer each party assumed it had is thinning from both ends at once.
Whichever side of that contract you sit on, the lesson is the same. If you buy AI hiring software, "our vendor handles that" is no longer a place to hide. If you build it, "we only supply the tool" is no longer a wall you can stand behind. Here's what changed, and what each side should be checking before the next agreement is signed.
Two cases, two theories, one collapsing line
The first case is Mobley v. Workday, and its quiet progress through the courts should have everyone in the hiring-tech chain paying attention. Filed in 2023, it has done something unusual at each stage: gotten bigger rather than smaller. In 2024, a federal court in California let a novel theory proceed, holding that an AI hiring vendor can be directly liable for discrimination as an agent of the employers who use it. The court reasoned that software that scores, ranks, and recommends candidates is not a passive instrument; it is doing the very work the employer would otherwise do by hand. Those actions may pull the vendor inside the legal definition of "employer." Building on that theory, the court in 2025 certified a collective action on an age-discrimination claim, opening the door to a large group of older applicants who say the screening worked against them. In March 2026, it went further, rejecting Workday's argument that the age-discrimination law's disparate-impact protection reaches only employees and not applicants. Job seekers, the court held, can bring these effect-based claims too. As the Workday case grows, so too does the exposure it implies.
The second case arrives from a direction most employers never think to watch. In Kistler v. Eightfold AI, applicants allege that the hiring platform was quietly operating as an unregistered consumer reporting agency under the federal Fair Credit Reporting Act, assembling reports on candidates from things like online activity and inferred traits without the disclosures, consent, and accuracy safeguards the FCRA demands. Here is the part that should stop a reader cold: the theory does not require proving the algorithm was biased at all. It asks a narrower and harder question. Were the legally required steps for compiling a report on a person actually followed? FCRA damages run per violation, which is precisely what turns a screening tool into a class-action engine.
The two cases attack the same wall from opposite sides. Mobley closes the gap between vendor and employer by pulling the vendor into the employer's shoes. Kistler comes at it through the data, where the duties fall on whoever uses a "consumer report" to make a hiring call, which points straight back at the employer. Different doctrines, same result: the tidy line between "the tool" and "the decision," the line the whole neutral-tool defense rests on, no longer holds.
Why it reaches both sides of the contract
Employers are tempted to file these cases under the vendor's problems and move on. But the current state of the law affords no such comfort. When an applicant believes a hiring process wronged them, they rarely sue a single link in the chain; they name everyone who touched the decision, the company that made it and the company whose software shaped it alike. Even when the vendor is the one ultimately held responsible, the employer is often a defendant first, carrying its own legal fees, its own discovery burden, and its own reputational bruise long before any of that gets sorted out. And this is the moment most buyers learn that the contract they signed was never built to protect them. The standard agreement disclaims responsibility for how the tool's outputs are used, caps the vendor's total liability at roughly one year of fees, and says nothing about who absorbs a discrimination claim or a regulatory audit. When a six-figure problem lands and the contract limits the vendor's exposure to the price of the seats, the remainder does not vanish. It settles quietly onto the employer.
The view from the vendor's side is no more comfortable. For years the selling proposition carried an unspoken promise: we supply the software, you make the decisions, the liability is yours. Mobley unsettles that promise. A vendor whose product scores and ranks applicants can now be named as an agent of every employer who deploys it, which means a single flawed model can draw claims across an entire customer base at once. Kistler adds a second front that has nothing to do with bias and everything to do with data discipline: how applicant information is gathered, what consents were obtained, whether the platform is quietly functioning as a credit-reporting agency. For the company that builds these tools, the contract is no longer just a sales document. It is the first place that exposure is either contained or left to compound.
Three clauses worth a fresh look, from both sides of the table
None of this is an argument for ripping out hiring technology or for vendors to stop building it. The tools are genuinely useful, and these cases are about accountability, not abolition. It is an argument for reading the contract with open eyes before the next signature, because the same three clauses now carry far more weight than they did when most of these agreements were drafted. Each one looks different depending on which chair you occupy.
Indemnification: who defends and pays when a claim names you? Many HR-software contracts indemnify the customer for the vendor's intellectual-property troubles yet stay silent on discrimination or FCRA claims arising from the tool's outputs. For the buyer, that silence is the gap that matters most: if an applicant sues over how the software screened them, who actually carries the cost? For the builder, the mirror question is just as sharp: what exactly are you being asked to stand behind, and is it priced into the deal? This is the clause where the risk gets allocated, so it deserves the most deliberate negotiation on both ends.
The liability cap: is it sized to the real risk? A cap set at one year of fees made sense when the worst case was downtime. It makes very little sense when the worst case is a class action. The buyer wants to know whether that cap, and the carve-outs around discrimination and statutory-privacy claims, leaves them exposed for someone else's design choices. The vendor wants to know whether a single flawed model could uncap its liability across every customer at once. Same sentence in the contract, opposite anxieties, and both are now legitimate.
Audit and cooperation rights: can the obligations actually be met? A growing number of states require bias testing, disclosure, and recordkeeping for AI hiring tools. The buyer who does not secure cooperation, documentation, and audit access may be contractually unable to produce what a regulator asks of it. The builder who promises that access has to be able to deliver it without exposing proprietary models or other customers' data. Getting this clause right is how both sides stay able to answer a regulator instead of pointing at each other.
One honest caveat: these are questions to bring to counsel about your specific agreement, not a template to apply on autopilot. Contracts differ, and so does each company's appetite for risk and its footprint. The single durable point holds whichever side you are on. "That's the other party's problem" is no longer an assumption worth leaving untested.
Where this is heading
Both cases are still in progress, and neither has produced a final verdict that settles the law. But the direction is unmistakable. Courts and plaintiffs are finding more than one road to the companies that build and deploy hiring AI, and the old habit of treating the software as a liability-free black box weakens with each ruling. The companies that come through this well will not be the ones who panicked, whether by tearing out useful tools or pulling them off the market. They will be the ones who reread their contracts with clear eyes and made sure the risk came to rest where it belonged.
That is the part I help businesses work through, on either side of the agreement: not whether to use or sell hiring technology, but how to do it on terms you can defend. Whether you deploy these tools or build them, if you have not looked at your agreements through this lens, that is a conversation worth having before a claim arrives, not after. To review how these developments affect your business, contact Sharpe Counsel.
Zack G. Sharpe, IV is the founder of Sharpe Counsel, advising businesses, executives, athletes, and creators on employment, contracts, and the legal questions that come with growth.
Attorney Advertising. This article is general information about a developing area of law, not legal advice for any specific situation. Prior results do not guarantee a similar outcome.
