Unauthorized AI

Subscribe to Unauthorized AI via RSS

Key Takeaways

  • CB Financial Services, Inc. filed the first SEC Form 8-K under Item 1.05 triggered by an  unauthorized use of an artificial intelligence (AI) tool, not an external cyberattack.
  • A cybersecurity incident caused by insider misuse of AI (known as Shadow AI) should be assessed for disclosure under SEC rules.
  • The four-business-day disclosure clock under Item 1.05 starts at the materiality determination, not at detection of the incident.
  • Shadow AI should be considered as a cybersecurity risk as part of a company’s enterprise risk management framework.
  • Financial institutions face layered exposure: federal banking guidance, state breach notification laws, and class action litigation.
  • Suggested actions companies could take in reaction to Shadow AI developments are included below.
Continue Reading “Shadow AI” Triggers First SEC Form 8-K for Unauthorized AI Use: What Financial Institutions and Public Companies Need to Know