The AI-Era Hiring Guide
AI screens resumes faster than any human, but speed without judgment is a lawsuit. A practical guide to using AI in your ATS without losing the candidate, the law, or your hiring manager's trust.
Where AI helps (resume extraction, summarization, scheduling), where it hurts (rank-ordering candidates, predicting performance, "culture fit" scores), and how to deploy it under NYC LL144, the EU AI Act, and the Colorado AI Act without slowing your team down.
What AI does well in an ATS
Three uses of LLMs are already net-positive in recruiting, with the disclaimers that always follow: resume extraction, summarization, and scheduling. All three replace tedious work that humans were doing badly anyway, none of them rank-orders candidates, and all of them are auditable.
Resume extraction turns unstructured text into structured fields — current role, employer, education, total years of experience, a skills list. Done well, it is dramatically more accurate than the keyword-tokenizers built into legacy ATS platforms. Done badly, it hallucinates seniority. The fix is not to skip AI — it's to expose source attribution to every reviewer (declared vs extracted) and a confidence score that defaults “low confidence” fields to be re-read by a human.
What AI does badly — and why it matters legally
The minute an AI model produces a number — a fit score, a ranking, a recommend/reject signal — that materially influences a hiring decision, you have crossed a regulatory line. NY Local Law 144 requires an annual bias audit for any “automated employment decision tool.” The Colorado AI Act adds a broader risk-management framework. The EU AI Act classifies hiring tools as high-risk. Title VII liability for disparate impact applies regardless.
The practical posture: AI can read, summarize, and route; it cannot rank, score, or decide. The human reviewer remains the accountable decision-maker. That is the only stance the law currently accepts and the only stance the public will accept.
The vendor questions you have to ask
- Will my data train your models? If yes, this is a CCPA “sale” under most readings and requires opt-in. If no, get it in writing. (Anthropic's commercial terms say no by default; many competitors don't.)
- Where do you process my data? US-only, EEA-only, or both? The answer drives your Standard Contractual Clauses paperwork.
- Do you maintain a documented bias-audit process? Required under LL144 for any vendor whose output affects a hiring decision.
- Can you produce a model card? Training data, known failure modes, evaluation suites. Anthropic publishes theirs; OpenAI publishes some.
- What's your data retention? “Indefinite” is the wrong answer.
The reviewer workflow that survives an audit
Every AI-touched field surfaces with three pieces of metadata beside it: source (declared vs extracted), confidence (high / med / low), and the verbatim source span the model used. A reviewer who unmasks an AI-extracted field is audit-logged. A reviewer overriding an extracted value is audit-logged. The record is exportable on a DSAR request. That posture is the difference between “we use AI” and “we use AI defensibly.”
What to ship in the next 30 days
- Decompose your current AI uses into the three buckets: extract, summarize, decide. Eliminate the decide bucket.
- Add source + confidence to every AI-touched field in your reviewer UI. Default low-confidence to require human verification.
- Stand up an audit log that captures unmask, override, and export with actor + timestamp + IP.
- If you operate in NYC, commission an LL144 bias audit. If you don't, do it anyway — the next state will mandate it within two years.
Build a consent-first hiring pipeline today.
Most of what you just read is built into SourceHire's free plan. Try it without talking to a salesperson.