Tag: copyright and AI

Sony’s AI Music Attribution Tool: What It Actually Does (and What It Doesn’t)

As generative music systems like Suno and Udio move into the center of copyright debates, one question keeps coming up: Can we actually tell which songs influenced an AI-generated track? And then can we use that determination in a host of other processes like royalty payments?

Recently a number of people have pointed to research from Sony AI as evidence that the answer might be yes. Sony has publicly discussed work on tools designed to analyze the relationship between training data and AI-generated music outputs.

But the reality is a little more nuanced. Sony’s work is interesting and potentially important—but it is often misunderstood. What Sony has described is not a magic detector that can listen to a generated song and instantly reveal every recording the model trained on.

Instead, Sony is describing something more modest—and in some ways more useful.

Let’s unpack what the technology appears to do right now.

Two Problems Sony Is Trying to Solve

Sony AI has publicly discussed research in two related areas.

The first is training-data attribution. This means trying to estimate which recordings in a model’s training dataset influenced a generated output.

The second is musical similarity or version matching. This involves detecting when two pieces of music share meaningful musical material even if they are not exact copies of each other.

Sony has framed both efforts as research directions rather than a finished commercial product. In other words, this is still a developing technical approach, not a turnkey system that can produce definitive copyright answers.

Training Data Attribution in Plain English

The most relevant Sony work is a research project titled Large-Scale Training Data Attribution for Music Generative Models via Unlearning.

That title sounds intimidating, but the basic idea is fairly intuitive and also suggests the project is part of the broader machine unlearning academic discipline.

The system does not operate like Shazam. It does not simply listen to an AI-generated song and say:

“This track was trained on Song X, Song Y, and Song Z.”

Instead, the approach works more like this.

Imagine you already know—or at least suspect—which recordings were used to train the model. You have a candidate set of training tracks.

The system then asks:

Among these training recordings, which ones seem most likely to have influenced this generated output?

In other words, the system ranks influence among known candidates.

The research approach borrows from an area of machine learning called machine unlearning, which studies how particular training examples affect a model’s behavior. In simplified terms, researchers can test how the model behaves when certain training examples are removed or adjusted. If the output changes meaningfully, that suggests those examples had measurable influence.

The important point is that this is an influence-ranking tool, not a forensic detector.

It tries to answer:

“Which of these known training tracks mattered most?”

Not:

“Tell me every song the model was trained on.”

Sony’s Other Idea: Smarter Music Comparison

Sony has also described work on musical similarity detection.

Traditional audio fingerprinting systems—like those used by Shazam or Audible Magic—are very good at identifying identical recordings. If you upload the same song or a slightly altered version, the system can match it.

But generative AI raises a different problem. An AI output might resemble a song musically without copying the recording itself.

Sony’s research tries to detect those kinds of relationships.

For example, a system might notice that two tracks share melodic fragments, rhythmic patterns, harmonic progressions, or musical phrases even if the arrangement, production, or instrumentation is different.

In plain English, this kind of tool tries to answer a different question:

“Are these two pieces of music related in substance?”

Not:

“Are they the exact same recording?”

The Big Limitation: You Still Need the Training Dataset

Here’s the key limitation that often gets overlooked.

Sony’s attribution approach appears to depend on having access to the candidate training dataset.

The system works by comparing a generated output against recordings that are already known or suspected to have been used during training. It estimates influence among those candidates.

That means the system answers the question:

“Which of these training tracks influenced the output?”

But it does not answer the question:

“What unknown recordings were used to train this model?”

If the training corpus is hidden or undisclosed, the attribution system has nothing to test against.

This makes the technology conceptually similar to many machine-learning research experiments, which measure influence using known datasets. Researchers can test influence among known training examples, but they cannot reconstruct an unknown dataset from outputs alone.

What This Could Look Like in the Real World

If the training corpus were known, a practical workflow might look like this.

First, the recordings in the training corpus would be identified. Audio fingerprinting systems could match those recordings to commercial releases.

That step answers the question:

What copyrighted recordings appear in the training data?

Then an attribution tool like the one Sony describes could be used to analyze generated outputs and estimate which of those known recordings appear to have influenced them.

This would not prove copying in every case. But it could dramatically narrow the analysis—from millions of possible influences to a smaller list of likely candidates.

What Sony Has Not Claimed

Sony’s public statements do not suggest that the attribution problem is solved.

Sony has not announced a system that automatically calculates track-by-track royalty payments for AI-generated songs. Nor has it described a tool that conclusively proves copyright copying from an AI output alone.

Instead, the work is framed as research aimed at improving transparency and accountability in generative music systems.

Why Labels Might Still Be Interested

Even with these limitations, the idea could be attractive to rights holders.

If training datasets were known, attribution tools could theoretically support new ways of analyzing how music catalogs interact with generative AI systems.

For example, such tools might help support:

  • royalty allocation models
  • influence-weighted compensation frameworks
  • catalog analytics
  • AI audit trails showing how repertoire contributes to model behavior

In other words, the technology could potentially become a measurement tool for how music catalogs influence generative systems.

What Sony did and did not do (yet)

Sony’s work does not magically reveal every song an AI model trained on. And it does not eliminate the need to know what is in the training dataset.

Instead, its value appears to lie after the training data is known.

Once you have a candidate training corpus, tools like the ones Sony describes may help analyze which recordings influenced particular outputs.

That makes the technology best understood as a post-disclosure attribution layer, not a substitute for knowing what recordings were used in training in the first place.

Infrastructure, Not Aspiration: Why Permissioned AI Begins With a Hard Reset

Paul Sinclair’s framing of generative music AI as a choice between “open studios” and permissioned systems makes a basic category mistake. Consent is not a creative philosophy or a branding position. It is a systems constraint. You cannot “prefer” consent into existence. A permissioned system either enforces authorization at the level where machine learning actually occurs—or it does not exist at all.

That distinction matters not only for artists, but for the long-term viability of AI companies themselves. Platforms built on unresolved legal exposure may scale quickly, but they do so on borrowed time. Systems built on enforceable consent may grow more slowly at first, but they compound durability, defensibility, and investor confidence over time. Legality is not friction. It is infrastructure. It’s a real “eat your vegetables” moment.

The Great Reset

Before any discussion of opt-in, licensing, or future governance, one prerequisite must be stated plainly: a true permissioned system requires a hard reset of the model itself. A model trained on unlicensed material cannot be transformed into a consent-based system through policy changes, interface controls, or aspirational language. Once unauthorized material is ingested and used for training, it becomes inseparable from the trained model. There is no technical “undo” button.

The debate is often framed as openness versus restriction, innovation versus control. That framing misses the point. The real divide is whether a system is built to respect authorization where machine learning actually happens. A permissioned system cannot be layered on top of models trained without permission, nor can it be achieved by declaring legacy models “deprecated.” Machine learning systems do not forget unless they are reset. The purpose of a trained model is remembering—preserving statistical patterns learned from its data—not forgetting. Models persist, shape downstream outputs, and retain economic value long after they are removed from public view. Administrative terminology is not remediation.

Recent industry language about future “licensed models” implicitly concedes this reality. If a platform intends to operate on a consent basis, the logical consequence is unavoidable: permissioned AI begins with scrapping the contaminated model and rebuilding from zero using authorized data only.

Why “Untraining” Does Not Solve the Problem

Some argue that problematic material can simply be removed from an existing model through “untraining.” In practice, this is not a reliable solution. Modern machine-learning systems do not store discrete copies of works; they encode diffuse statistical relationships across millions or billions of parameters. Once learned, those relationships cannot be surgically excised with confidence. It’s not Harry Potter’s Pensieve.

Even where partial removal techniques exist, they are typically approximate, difficult to verify, and dependent on assumptions about how information is represented internally. A model may appear compliant while still reflecting patterns derived from unauthorized data. For systems claiming to operate on affirmative permission, approximation is not enough. If consent is foundational, the only defensible approach is reconstruction from a clean, authorized corpus.

The Structural Requirements of Consent

Once a genuine reset occurs, the technical requirements of a permissioned system become unavoidable.

Authorized training corpus. Every recording, composition, and performance used for training must be included through affirmative permission. If unauthorized works remain, the model remains non-consensual.

Provenance at the work level. Each training input must be traceable to specific authorized recordings and compositions with auditable metadata identifying the scope of permission.

Enforceable consent, including withdrawal. Authorization must allow meaningful limits and revocation, with systems capable of responding in ways that materially affect training and outputs.

Segregation of licensed and unlicensed data. Permissioned systems require strict internal separation to prevent contamination through shared embeddings or cross-trained models.

Transparency and auditability. Permission claims must be supported by documentation capable of independent verification. Transparency here is engineering documentation, not marketing copy.

These are not policy preferences. They are practical consequences of a consent-based architecture.

The Economic Reality—and Upside—of Reset

Rebuilding models from scratch is expensive. Curating authorized data, retraining systems, implementing provenance, and maintaining compliance infrastructure all require significant investment. Not every actor will be able—or willing—to bear that cost. But that burden is not an argument against permission. It is the price of admission.

Crucially, that cost is also largely non-recurring. A platform that undertakes a true reset creates something scarce in the current AI market: a verifiably permissioned model with reduced litigation risk, clearer regulatory posture, and greater long-term defensibility. Over time, such systems are more likely to attract durable partnerships, survive scrutiny, and justify sustained valuation.

Throughout technological history, companies that rebuilt to comply with emerging legal standards ultimately outperformed those that tried to outrun them. Permissioned AI follows the same pattern. What looks expensive in the short term often proves cheaper than compounding legal uncertainty.

Architecture, Not Branding

This is why distinctions between “walled garden,” “opt-in,” or other permission-based labels tend to collapse under technical scrutiny. Whatever the terminology, a system grounded in authorization must satisfy the same engineering conditions—and must begin with the same reset. Branding may vary; infrastructure does not.

Permissioned AI is possible. But it is reconstructive, not incremental. It requires acknowledging that past models are incompatible with future claims of consent. It requires making the difficult choice to start over.

The irony is that legality is not the enemy of scale—it is the only path to scale that survives. Permission is not aspiration. It is architecture.