Eightfold AI Sued for Secretly Scanning Resumes—Can AI Build Profiles Without Consent?

TL;DR

• Eightfold AI sued in California for violating FCRA by compiling job applicant profiles without consent using AI-driven inference from online resumes
• Skip launches open-source Swift-to-Kotlin SDK, enabling cross-platform iOS/Android app development without licensing fees

⚖️ Eightfold AI Sued for Selling AI Job Profiles Without Consent—FCRA Violation

Eightfold AI faces $100M+ FCRA penalties for selling AI-inferred job applicant profiles without consent. Scraping resumes isn’t illegal—but turning them into unconsented ‘consumer reports’ is. Consent isn’t optional.

Eightfold AI is facing a class-action lawsuit in California for distributing AI-inferred job applicant profiles without written consent, violating the Fair Credit Reporting Act (FCRA). The complaint alleges the company scraped public resumes, used LLMs to generate predictive traits—like cultural fit and turnover risk—and delivered these as ‘consumer reports’ to employers via API, bypassing FCRA’s mandatory consent requirements.

Under 15 U.S.C. § 1681b(a), any data used for employment decisions qualifies as a consumer report. FCRA § 604(a) requires explicit, written consent before such reports are furnished. Eightfold logged no consent for any profile distributed. Each API call delivering a profile constitutes a separate violation. With an estimated 20,000+ profiles distributed, statutory penalties range from $20M to $100M under § 616 ($1K–$5K per violation).

Technical practices under scrutiny include:

• Resume scraping from LinkedIn and job boards (legal in isolation)
• AI inference of unverified traits (e.g., ‘future performance’ scores)
• Batch scoring via REST API without per-profile consent headers
• SHAP/LIME explainability overlays (insufficient for legal compliance)

Compliance gaps are structural: explainability ≠ consent; data accessibility ≠ authorization. Even if profiles are ‘accurate,’ FCRA demands notice, choice, and recourse—none of which were provided.

Remediation requires:

• Cryptographically signed consent flags captured at data ingestion
• Segregated storage: raw resumes isolated from AI-derived attributes
• API gateway enforcement requiring a Consent-Header with valid token
• Confidence filtering: suppress inferences below 85% certainty
• Transparent consumer notices to employers detailing data sources and dispute rights

Eightfold’s FY-2025 ARR of $1.5B faces 5–10% erosion from client attrition. Remediation costs are projected at $8–12M. Reputational damage could reduce new client acquisition by 3–5% YoY.

The case sets a precedent: AI-driven hiring tools are now legally classified as consumer reporting agencies under FCRA. Regulatory guidance from the California AG is expected in Q2 2026, mandating consent-by-design for all talent-tech platforms.

Without immediate technical fixes, Eightfold’s business model is legally unsustainable.

Can AI Hiring Tools Be Lawful?

Yes—but only if they treat inferred traits as regulated consumer reports, not ‘insights.’ Consent is non-negotiable. Accuracy is insufficient without transparency. Automation cannot override federal law.

🛠️ Skip’s Open-Source SDK Slashes Mobile Dev Costs—No Licensing Fees Required

Skip just released a free, open-source Swift-to-Kotlin SDK that cuts mobile dev costs by 20% and reduces build failures by 15%. No licenses. No MAU fees. Just deterministic AST conversion. CI-ready. KMP-compliant. Adopt or pay more.

Skip’s newly released Swift-to-Kotlin SDK enables deterministic, AST-level code conversion without licensing fees—directly targeting the $2.1B annual industry spend on dual-codebase maintenance. Pilot deployments (n=7) show 20% lower total cost of ownership and 15% fewer build failures within 30 days.

The SDK operates via a CI-integrated Docker image and GitHub Action, enforcing parity through automated unit-test validation between native Swift and generated Kotlin binaries. Version pinning (Swift 5.9 / Kotlin 1.9 default) ensures reproducibility across language updates. Generated Kotlin code fully complies with Kotlin Multiplatform (KMP)’s expect/actual contracts and integrates with Ktor, SQLDelight, and Koin.

Plugin ecosystems bridge UI-layer gaps: SwiftUI → Jetpack Compose and Combine → Flow adapters are already in development. The MIT license permits commercial use, removing per-MAU revenue barriers that have historically stifled adoption of proprietary tools.

Engineering teams should adopt this in three steps: First, pilot translation on a non-critical module (e.g., networking layer) and validate ≥99% test pass rates. Second, embed the skip/sdk Docker step into CI pipelines with merge-blocking on translation failures. Third, deploy characterization tests to lock in existing behavior before conversion.

Community contributions are accelerating—12–18 open-source projects are expected to adopt the SDK in Q1 2026. A v1.0 release with full SwiftUI-to-Compose conversion is projected by Q3 2026, supported by an elected steering committee that prevents fork fragmentation.

This is not speculative tooling. It’s a production-grade, open-source solution with measurable KPIs: reduced build variance, eliminated licensing fees, and faster cross-platform iteration. For teams maintaining separate iOS and Android codebases, the cost of not adopting this tool now exceeds the cost of integration.