TL;DR:

  • Florida attorney general James Uthmeier has issued subpoenas to OpenAI as part of a newly-escalated criminal investigation, citing claims that ChatGPT “offered significant advice” to the gunman who killed two people at Florida State University last April.
  • The probe follows a civil lawsuit from the family of victim Robert Morales alleging the chatbot discussed weapons, ammunition and target selection with the accused attacker.
  • OpenAI says ChatGPT “provided factual responses to questions with information that could be found broadly across public sources” and denies responsibility, but has already shared a suspected-shooter account with law enforcement.

The Florida subpoena is the first criminal-process action of its kind against a frontier AI lab over chatbot output, and it lands into an already-live civil docket alleging AI-mediated harm. What was a policy argument about intermediary liability is now a concrete evidentiary one, and OpenAI will have to disclose how its safety layers handled the specific conversations at issue.

Uthmeier’s statement — “if this were a person on the other end of the screen, we would be charging them with murder” — is rhetorical, but the subpoenas themselves test a narrower question: whether OpenAI “knew what, designed what or should have done what” in the months before the attack. US Section 230 protections for interactive computer services face mounting pressure where generative output is involved; several pending federal cases are probing whether AI-generated advice counts as “content developed” by the platform, which would strip the Section 230 shield. The Florida probe sharpens that question because it adds criminal scrutiny on top of the civil suits.

UK parallel: Online Safety Act provisions

For UK businesses deploying chatbots, the relevant analogue is the Online Safety Act’s illegal-content duties, which came into force last year and explicitly cover AI-generated content where a platform “facilitates” harm. Ofcom has issued enforcement notices on generative systems before, but not on this factual pattern. UK deployers should take the Florida filing as a reminder that prompt-refusal logs and safety-layer audit trails are now courtroom evidence — not compliance paperwork.

Looking forward

Expect two things to move in the next 90 days. First, OpenAI will file to narrow or quash parts of the subpoena, which will produce the first public US court opinion on the scope of AI-company discovery in a criminal matter. Second, other state attorneys general — Texas and California have both signalled interest in similar AI-harm investigations — will watch the procedural path and likely copy successful elements. The AI-liability perimeter is being drawn in real time, and UK compliance teams should be reading the pleadings, not just the press releases.