90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-030
Recruitment technology · United States · 2025 · Algorithmic discrimination

A man applied to over 100 jobs, was rejected every time, and a US court let him sue the AI screening vendor, not just the employers

By Ellie Harris · Filed Filed 21 February 2023

Alleged: Workday developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

A man applied to over 100 jobs, was rejected every time, and a US court let him sue the AI screening vendor, not just the employers

What happened

Derek Mobley, a Black man over the age of forty who lives with anxiety and depression, applied for more than a hundred jobs between 2017 and 2023. Every one of those employers used Workday, one of the largest providers of hiring and human-resources software, to screen applicants. He was rejected every time, sometimes within hours, sometimes in the middle of the night, faster than a human could have read his application.

In February 2023 he sued in the US District Court for the Northern District of California. His claim was unusual. He did not only sue the employers who rejected him; he sued Workday, the company whose software did the screening, arguing that its algorithmic recommendation tools had a discriminatory effect on applicants by race, age, and disability, and that Workday should be liable under federal anti-discrimination law as the employers’ agent. He was not alone for long: four other older applicants later joined as opt-in plaintiffs, each describing the same pattern, hundreds of applications through Workday-screened employers and near-uniform rejection, which reframed the case from one man’s experience into an alleged pattern.

The argument was tested. The court dismissed an early version of the complaint but let Mobley amend it, and in July 2024 Judge Rita Lin allowed the case to proceed, but only in part. She accepted the theory that a company supplying and operating screening tools can be treated as an “agent” of the employers using it, while dismissing Mobley’s separate claim that Workday was itself an “employment agency,” which she found it did not meet the statutory definition of. The ruling was a partial denial, not a clean win: Workday’s broader defence prevailed on the employment-agency point, and the narrower, more novel agent theory was what survived. The US Equal Employment Opportunity Commission had filed a brief supporting that theory, arguing that AI vendors are not exempt from Title VII, the ADA, or the age-discrimination law simply because they are software companies rather than employers.

On 16 May 2025, Judge Lin granted preliminary, conditional certification of a nationwide collective, and only under the Age Discrimination in Employment Act: applicants aged forty and over who were denied recommendation through Workday’s tools since September 2020. The race and disability claims did not reach collective certification at this stage; it is the age claim that advanced. Opposing notice, Workday argued the potential collective could reach hundreds of millions of people; the court answered that “allegedly widespread discrimination is not a basis for denying notice.” Conditional certification is a low first step that Workday can still contest after discovery, and no finding of discrimination has been made. In February 2026 the court authorised notice to potential members, the most recent step. The case is ongoing. What has already changed is the principle that the maker of the algorithm can be made to answer for it.

What an auditable version would have shown

The hardest thing to establish in a case like this is also the most basic: did the tool treat similar people differently, and can anyone prove it from the inside. Mobley and the four other plaintiffs inferred bias from their own experience, hundreds of rejections between them, many near-instant. What none of them could see is the system’s own record of how it scored and sorted applicants over time and across protected groups. An auditable version would record each screening decision as it happens, the model version, the inputs, the recommendation, signed and preserved, and would compute signed aggregate metrics over those records: selection and rejection rates broken down by age and other protected characteristics, with the aggregate cryptographically bound to the underlying events. A MetricRecord of that kind is what lets an employer, a vendor, a regulator, or a court ask “is there a disparate impact here” and get an answer backed by evidence rather than by inference from a handful of rejected applicants.

Where the gap was

The gap, in other words, was that automated screening operated at enormous scale with no built-in, verifiable account of its own fairness. A tool can reject applicants at scale and leave behind only the outcome, hired or not, with no durable, tamper-evident record of how it decided or how those decisions distributed across groups the law protects. When the question finally arrives in court, the data has to be reconstructed, and reconstruction is contestable. A ConductRecord captures each decision when it is made; a MetricRecord turns those decisions into signed, checkable measures of impact. Together they make the difference between a vendor that can demonstrate its tool’s effect on older applicants and one that can only assert it. The screening did not have to be intentional to be unlawful; under a disparate-impact theory, a neutral-looking rule that falls harder on a protected group is enough, and the court here accepted only that disparate-impact theory, not a claim of intentional discrimination. Measuring the impact is the only way to find it before a plaintiff does.

What governance should have looked like

The significance of Mobley v. Workday is that it moves accountability up the supply chain, to the company that builds and runs the model. A vendor selling automated screening to thousands of employers should be able to show, on demand, how its tool performs across protected groups, because it, not each individual employer, holds the system and the data. That means measuring disparate impact continuously from signed records, not auditing for it once a lawsuit is filed.

Workday’s tools sat between applicants and more than a hundred employers in Mobley’s case alone. What was missing was a verifiable record of how those decisions were made and a signed measure of how they landed across age groups. Building both is ordinary practice in a mature governance framework, and far cheaper than a conditionally certified nationwide collective.

The reference implementation of ConductRecord and MetricRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Workday could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →