The integration of artificial intelligence into companies’ business practices poses increased cybersecurity risks, which we have previously written about here. As AI systems become ubiquitous, they also become targets for cyberattacks due to their valuable data and operational significance, and because their rapid development may leave certain AI systems outside some of a company’s robust cybersecurity controls. As the U.S.…

On March 27, 2024, the U.S. Department of Treasury (“Treasury”) released a report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). The Report was released in response to President Biden’s Executive Order (“EO”) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which spearheaded a government-wide effort to issue Artificial Intelligence (“AI”)…

Key takeaways from March include: CNIL data security practice guide: The French DPA published an update of its data security practice guide for data protection officers, chief information security officers, computer scientists and legal experts. DPA powers to order deletion: Per a recent CJEU decision, DPAs can inquire whether personal data has been unlawfully processed and order the deletion without…

As artificial intelligence (“AI”) use and capabilities surge, a new risk is emerging for companies: AI whistleblowers. Both increased regulatory scrutiny over AI use and record-breaking whistleblower activity has set the stage for an escalation of AI whistleblower-related enforcement. As we’ve previously written and spoken about, the risk of AI whistleblowers is rising as whistleblower protections and awards expand, internal…

On April 29th, 2024 from 11:00 am to 12:00 pm (EDT) Debevoise partner Erez Liebermann will be joined in conversation with Todd Conklin, the Chief Artificial Intelligence Officer and Deputy Assistant Secretary of Cyber at the U.S. Department of the Treasury. They will discuss the recent report by the U.S. Department of the Treasury on “Managing Artificial Intelligence-Specific Cybersecurity Risks in the…

Online customer service chatbots have been around for years, allowing companies to triage customer queries with pre-programmed responses that addressed customers’ most common questions. Now, Generative AI (“GenAI”) chatbots have the potential to change the customer service landscape by answering a wider variety of questions, on a broader range of topics, and in a more nuanced and lifelike manner. Proponents…

On April 22, 2024 from 11:00 am – 12:00 pm (EDT), Luke Dembosky, Erez Liebermann, HJ Brehmer, and Stephanie Thomas from our Data Strategy and Security Group will host the next installment of our Data Security Webcast, where we will delve into the Cybersecurity and Infrastructure Security Agency (“CISA”) notice of proposed rulemaking (“Proposed Rule”) for reporting requirements for critical…

Adding to the growing number of cybersecurity incident reporting obligations, the Cybersecurity and Infrastructure Security Agency (“CISA”) has introduced a reporting requirement that will impact all critical infrastructure sectors, featuring highly detailed reporting duties that necessarily will require covered entities to maintain asset inventories, along with subpoena power and criminal enforcement authority. Back in March 2022, President Biden signed the…

Many public companies are starting to face increased risks of securities class action litigation based on statements about their use of AI that are alleged to have been false or misleading.  We have previously written about the legal risks that companies face if they oversell the capabilities of their AI systems, which is known as “AI washing.” In particular, the…

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under the new Item 1.05 of Form 8-K (“Item 1.05”).[1]  After the first 100 days of mandatory cybersecurity incident reporting, we examine the early results of the SEC’s new disclosure requirement.…