Cybersecurity

Subscribe to Cybersecurity via RSS

Key Takeaways

  • The Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security (Order), directs the creation of a framework for developers of advanced frontier models to engage with the federal government for a voluntary pre-release review of the models.
  • The Order also directs the Treasury Department, together with the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), to establish a clearinghouse to coordinate cyber vulnerability scanning, discovery, and patch distribution, in collaboration with private sector artificial intelligence (AI) and critical infrastructure companies.
  • CISA must issue Binding Operational Directives (BODs) and other guidance to expedite cyber defense of civilian federal systems and expand use of AI-enabled defensive tools.
  • The Order directs the Attorney General to prioritize prosecution of AI- and AI agent- facilitated computer crimes, identity theft offenses, and wire fraud schemes.
  • Developers considering engagement with the federal government for model pre-release review will need to assess the scope of pre-release access and the safeguards available during the early access window.
  • Companies seeking to become trusted partners should engage carefully with the U.S. government; those trusted partners may receive early access to covered frontier models, but also may be asked to disclose sensitive information and agree to continuing collaboration with the government.
Continue Reading Trump Administration Issues Executive Order on Advanced AI Innovation and Security

Key Takeaways

  • CB Financial Services, Inc. filed the first SEC Form 8-K under Item 1.05 triggered by an  unauthorized use of an artificial intelligence (AI) tool, not an external cyberattack.
  • A cybersecurity incident caused by insider misuse of AI (known as Shadow AI) should be assessed for disclosure under SEC rules.
  • The four-business-day disclosure clock under Item 1.05 starts at the materiality determination, not at detection of the incident.
  • Shadow AI should be considered as a cybersecurity risk as part of a company’s enterprise risk management framework.
  • Financial institutions face layered exposure: federal banking guidance, state breach notification laws, and class action litigation.
  • Suggested actions companies could take in reaction to Shadow AI developments are included below.
Continue Reading “Shadow AI” Triggers First SEC Form 8-K for Unauthorized AI Use: What Financial Institutions and Public Companies Need to Know

The European Commission has published draft guidelines (Draft Guidelines) to clarify the classification of high-risk AI systems under the European Union’s Artificial Intelligence Act (EU AI Act). This classification is crucial, as it determines whether an AI system will be subject to the EU AI Act’s most burdensome obligations. The Draft Guidelines provide general principles which inform if an AI system is high-risk, as well as a non-exhaustive list of examples of high-risk AI systems across various sectors. Organizations can provide feedback on the Draft Guidelines via this survey until June 23, 2026.

Continue Reading Draft Guidelines Clarify Which AI Systems Are “High-Risk” Under EU AI Act

In its first year under the Trump-Vance administration, the Federal Trade Commission (FTC) has aggressively enforced consumer protection and privacy laws and initiated new rulemakings. Although the new rulemaking activity is somewhat surprising in a Republican administration, the FTC has expressed its intent to conduct a more rigorous economic analysis of the effects of any new regulations. Based on the FTC’s activity over the past year, we have identified the issues below as top FTC priorities and provided takeaways for companies to help steer clear of regulatory scrutiny.

Continue Reading Consumer Protection Update: Insights into the First Year of the Trump-Vance FTC

Developments in law, regulatory guidance, and enforcement practice across Europe are leading to meaningful changes in how online services are offered to minors. A steady stream of announcements in recent months makes clear that this area will continue to develop at pace, requiring providers of online services to keep their approach to age assurance under regular review.

Continue Reading What’s Next for Age Assurance Laws in Europe?

Key Takeaways

  • The newly announced “Cyber Strategy for America” (Cyber Strategy) marks an expansion and tonal shift from the previous National Cybersecurity Strategy, emphasizing a proactive stance against foreign adversaries and cybercrime through offensive operations and enhanced collaboration with the private sector.
  • While the Cyber Strategy does not impose direct obligations on businesses, it signals an increasing market of government contracts for commercial cybersecurity firms, including via the recent appropriation of $1 billion from the One Big Beautiful Bill.
  • The administration aims to simplify cyber regulations, potentially impacting compliance frameworks.
Continue Reading President Trump Issues a “Cyber Strategy for America” and an Executive Order on Combating Cyber-Enabled Crime

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:

Continue Reading 2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction