Demian Ahn

Subscribe to Demian Ahn's Posts

Key Takeaways

  • The Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security (Order), directs the creation of a framework for developers of advanced frontier models to engage with the federal government for a voluntary pre-release review of the models.
  • The Order also directs the Treasury Department, together with the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), to establish a clearinghouse to coordinate cyber vulnerability scanning, discovery, and patch distribution, in collaboration with private sector artificial intelligence (AI) and critical infrastructure companies.
  • CISA must issue Binding Operational Directives (BODs) and other guidance to expedite cyber defense of civilian federal systems and expand use of AI-enabled defensive tools.
  • The Order directs the Attorney General to prioritize prosecution of AI- and AI agent- facilitated computer crimes, identity theft offenses, and wire fraud schemes.
  • Developers considering engagement with the federal government for model pre-release review will need to assess the scope of pre-release access and the safeguards available during the early access window.
  • Companies seeking to become trusted partners should engage carefully with the U.S. government; those trusted partners may receive early access to covered frontier models, but also may be asked to disclose sensitive information and agree to continuing collaboration with the government.
Continue Reading Trump Administration Issues Executive Order on Advanced AI Innovation and Security

Key Takeaway

A publicly disclosed and widely unpatched zero-day vulnerability, named YellowKey, permits anyone with physical access to a device running Windows 11 or Windows Server 2022/2025 to bypass BitLocker full-disk encryption (Microsoft’s built-in tool that acts like a digital vault for a computer’s entire hard drive) and read protected data without a password or recovery key. Organizations that rely on BitLocker as a primary or sole data-protection control should reassess their risk posture immediately.

Continue Reading YellowKey Zero-Day and the BitLocker Bypass: Compliance and Incident Response Implications

Key Takeaways

  • CB Financial Services, Inc. filed the first SEC Form 8-K under Item 1.05 triggered by an  unauthorized use of an artificial intelligence (AI) tool, not an external cyberattack.
  • A cybersecurity incident caused by insider misuse of AI (known as Shadow AI) should be assessed for disclosure under SEC rules.
  • The four-business-day disclosure clock under Item 1.05 starts at the materiality determination, not at detection of the incident.
  • Shadow AI should be considered as a cybersecurity risk as part of a company’s enterprise risk management framework.
  • Financial institutions face layered exposure: federal banking guidance, state breach notification laws, and class action litigation.
  • Suggested actions companies could take in reaction to Shadow AI developments are included below.
Continue Reading “Shadow AI” Triggers First SEC Form 8-K for Unauthorized AI Use: What Financial Institutions and Public Companies Need to Know

While the EU Artificial Intelligence (AI) Act has set forth a relatively uniform framework for AI regulation in the EU, U.S. AI regulation has so far primarily consisted of a patchwork of state laws—which continue to evolve at a rapid pace. Despite the Trump administration calling for Congress to pass AI legislation that would preempt overly burdensome state laws in its National Policy Framework for Artificial Intelligence, many states appear to be actively moving ahead with new legislation. Here are the top areas the states are targeting, followed by some key takeaways:

Continue Reading Recent AI Regulatory Developments in the United States

Key Takeaways

  • The newly announced “Cyber Strategy for America” (Cyber Strategy) marks an expansion and tonal shift from the previous National Cybersecurity Strategy, emphasizing a proactive stance against foreign adversaries and cybercrime through offensive operations and enhanced collaboration with the private sector.
  • While the Cyber Strategy does not impose direct obligations on businesses, it signals an increasing market of government contracts for commercial cybersecurity firms, including via the recent appropriation of $1 billion from the One Big Beautiful Bill.
  • The administration aims to simplify cyber regulations, potentially impacting compliance frameworks.
Continue Reading President Trump Issues a “Cyber Strategy for America” and an Executive Order on Combating Cyber-Enabled Crime

In 2026, businesses will face an increasingly complex regulatory environment for Artificial Intelligence (AI). With new state laws and various federal action on the horizon, here’s our top 10 list of what businesses should watch out for in the AI regulatory space in 2026:

Continue Reading 2026 Year in Preview: AI Regulatory Developments for Companies to Watch Out For

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:

Continue Reading 2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction