Jul. 1, 2026

A Curated Roundup on How to Mitigate AI Risks

As companies integrate AI into core business functions, legal and compliance teams are confronting a new layer of operational, regulatory and litigation risk. From model-driven decision-making to AI-enabled products and services, gaps in governance, documentation and oversight can quickly translate into exposure. This collection of Cybersecurity Law Report articles highlights practical analysis examining areas where AI is having significant impact and how lawyers can help strengthen controls.

Checklist for Contracting With AI Vendors to Mitigate Risks

In 2026, every vendor is effectively an AI vendor, as the technology is embedded deeper into products and services, reshaping cybersecurity and contracting considerations. That shift is creating tension in negotiations, with vendors and customers both seeking to reap AI’s business benefits. This checklist offers a structured approach to navigating those pressures, providing detailed advice for crafting vendor contracts involving AI tools and services. It includes preparatory steps for negotiations as well as six core AI-specific clauses to address risk.

Navigating Insurance Coverage Issues for AI‑Related Losses

The rapid adoption of AI is amplifying cybersecurity and other business risks, while creating new liabilities. Although existing insurance policies are generally broad enough to cover many AI-related exposures, increased use is likely to drive higher claim frequency and severity, prompting insurers to tighten underwriting and, in some cases, introduce AI-specific exclusions. This article, distilling insights offered during a Barbri program featuring partners from Anderson Kill, Duane Morris and K&L Gates, examined key AI-related risk areas, the coverage available for such risks under legacy policies, potential AI policy exclusions and how organizations can assess their coverage.

AI Agent Security: What CISOs and GCs Need to Know to Defend the Enterprise

AI agents introduce an array of threats to companies distinct from those arising with traditional software. In multiple ways, agents expand the attack surface that organizations must defend. This article, the second in a two-part series on real-world security for AI agents, provided an action plan for CISOs and lawyers to strengthen security and reduce risks around AI agents, with expert perspectives from agent security specialists at Barndoor, Gravitee, Gray Swan, Skyflow and ZwillGen. Part one discussed corporate benchmarks revealed in three reports on actual incidents involving agents, and the safeguards and security measures that companies have begun to apply to agents.

How Tech CLOs Think Attorneys Should Be Using AI

AI is fundamentally changing the practice of law, but many attorneys are confused or even frightened about what the technology may mean for their careers. Legal tech tools have evolved from basic spelling and grammar checks to document review and drafting, and now include sophisticated AI agents capable of handling complex tasks independently. Chief legal officers at technology companies are uniquely situated to see both sides of this evolution as they serve as the nexus between their business partners and outside counsel. This article summarized key takeaways from a panel of lead counsel at Google, Anthropic, Liberty Mutual and IBM, who spoke at the ABA White Collar Crime Institute regarding how lawyers can adapt and thrive during this continuing wave of change.

Tool or Third Party? Courts Differ on AI’s Role in Privilege and Work-Product Protections

Two U.S. federal court decisions – both issued in February 2026 – reached opposite conclusions on whether interactions with generative AI platforms are protected by attorney‑client privilege or the work‑product doctrine. In the Southern District of New York, in United States v. Heppner, Judge Jed Rakoff ruled that a criminal defendant’s exchanges with Claude were not protected. Yet, in the Eastern District of Michigan, in Warner v. Gilbarco, Inc., Magistrate Judge Anthony Patti held that documents and information related to a pro se plaintiff’s use of ChatGPT were shielded from discovery. With insights from BakerHostetler, Hunton Andrews Kurth and Morrison Foerster partners, this article parsed the courts’ analyses, examined the implications of this developing body of case law and offered practical takeaways regarding protections of AI inputs and outputs.

Perspectives From Judges on Privacy Protections and Impact of AI in Federal Courts

What privacy issues keep federal judges up at night? How is the judiciary adapting to AI while addressing issues like hallucinations and deepfakes? To answer these questions and more, Michael Sussmann, a partner at Fenwick, spoke to Chief Judge James Boasberg of the U.S. District Court for the District of Columbia and Judge Allison Burroughs of the U.S. District Court for the District of Massachusetts at the IAPP Global Summit 2026. The judges shared their perspectives on balancing litigants’ concerns over privacy and confidentiality with the public’s right to open judicial proceedings; government surveillance; the complex technological issues they must address; how AI, other technological changes and cybersecurity concerns are affecting litigation and courts; and issues around class action and multidistrict privacy litigation. This article synthesized their insights.

A Baker’s Dozen AI Governance Resolutions for 2026

Many companies spent 2025 scrambling to integrate AI into all aspects of business, just as a second transformative technology, which allows for independent decision-making by an AI agent, was entering early adoption. With pressure that was building throughout the business environment to incorporate these new technologies, the humans responsible for corporate AI efforts needed to pause to reflect on how risks were evolving. The Cybersecurity Law Report asked a group of experts, including presenters at the AI Summit NYC conference in December 2025, what company leaders should resolve to do for their AI governance efforts in 2026. They recommended a baker’s dozen practical resolutions for organizations to develop greater trust in their AI use, advance responsible AI development, mitigate the technology’s array of risks and respond in a balanced way to the AI-related pressure building inside and outside organizations. This article detailed those resolutions.