Posts

Showing posts with the label NIST

Compliance Is Quietly Becoming an Evidence Problem

For most of my career, enterprise trust has worked one way: you prove you’re trustworthy by writing it down. Policies, audit reports, screenshots, certifications. Produce enough paperwork showing your controls exist and work, and you’ve shown you can be trusted . That worked for a long time, for one reason: the paperwork could keep up. Software shipped a few times a year, infrastructure sat still for months, and proving you were compliant once a year was a fair stand-in for being secure the other 364 days. But the systems we govern today look very different from the ones that shaped this model. We’re auditing a photo of a moving car Today, infrastructure spins up and tears itself down automatically. Teams ship to production dozens of times a day. Models get retrained, prompts drift, agents do work people used to. Modern systems are built to move, yet most of how we prove trust still assumes they’ll hold still long enough to pose for a photo. This creates a growing challenge at the hear...

Managing Agentic AI in Real‑World Use: From Outputs to Actions

Agentic artificial intelligence (AI) is the next frontier for companies and organizations that are using AI. Agentic AI can select and carry out actions on a user’s behalf based on instructions, context, and the permissions it has been configured to use . As organizations integrate these systems and capabilities, they face an additional layer of legal risks and governance concerns. As companies begin to use agentic AI, they should consider key risk management practices to ensure responsible adoption . This includes aligning with emerging best practices and standards being studied and promoted by the National Institute for Standards and Technology (NIST) around agentic AI, including the Center for AI Standards and Innovation (CAISI) AI Agent Standards Initiative and the National Cybersecurity Center of Excellence Project addressing Software and AI Agency Identify and Authorization . For example, organizations utilizing agentic AI should look more closely at how the authority of AI age...

Quantum Computing is Coming: The Threat to Today’s Encryption

About eight years ago, toward the end of a panel I was moderating on cybersecurity, I turned to the panelists and asked them to tell me what to expect when quantum computing would come online. I got blank stares. Quantum computing, and its implications for national security and cybersecurity, had not yet made its way into the consciousness of most experts. Today, that has changed and lawyers, particularly those advising on system and data security issues, need to get ahead of the upheaval that is coming. For those unfamiliar, quantum computing is based on the principles of quantum physics, which govern matter and energy at atomic and subatomic levels, where classical physics ceases to apply . Quantum tech has already begun to influence areas like  medical imaging . Once they become commercially viable, quantum computers will launch a sea change in many additional areas of technology. Quantum computers’ use of qubits that can hold multiple values simultaneously will inaugurate an e...

The Future of Privacy Enforcement? California Introduces Privacy Whistleblower Law

On February 17, 2026, California Assembly Member Pilar Schiavo introduced  California Assembly Bill 2021  (AB 2021), which would amend the California Consumer Privacy Act of 2018 (CCPA) to create a formal whistleblower complaint and award program administered by the California Privacy Protection Agency (CalPrivacy). The concept of a whistleblower program was first discussed at CalPrivacy’s Board meeting in late 2025 and could have significant implications for companies doing business in California. AB 2021’s Whistleblower Regime If passed, AB 2021 would establish a program for individuals to submit whistleblower complaints to CalPrivacy regarding companies’ privacy practices. CalPrivacy could then designate those complaints for administrative enforcement. If the administrative enforcement process were to result in a monetary settlement or penalty, an eligible whistleblower could potentially receive an award between 15 and 33 percent of collected fines or settlement proceeds. N...

The Growing Cyber Risks from AI — and How Organizations Can Fight Back

Artificial Intelligence (AI) is transforming businesses—automating tasks, powering analytics, and reshaping customer interactions. But like any powerful tool, AI is a double-edged sword . While some adopt AI for protection, attackers are using it to scale and intensify cybercrime. Here’s a high-level discussion at emerging AI-powered cyber risks in 2025—and steps organizations can take to defend. AI-Generated Phishing & Social Engineering Cybercriminals now use generative AI to craft near-perfect phishing messages—complete with accurate tone, logos, and language—making them hard to distinguish from real communications . Voice cloning tools enable “deepfake” calls from executives, while deepfake video can simulate someone giving fraudulent instructions. Thanks to AI,  according to Tech Advisors , phishing attacks are skyrocketing—phishing surged 202% in late 2024, and over 80% of phishing emails now incorporate AI, with nearly 80% of recipients opening them. These messages are b...

US Department of Labor announces framework to help employers promote inclusive hiring as AI-powered recruitment tools’ use grows

  Seeks to reduce risks of discrimination, yield benefits for disabled job seekers WASHINGTON  – The U.S. Department of Labor today announced the publication of the  AI & Inclusive Hiring Framework  a new tool designed to support the inclusive use of artificial intelligence in employers’ hiring technology and increase benefits to disabled job seekers.  Published by the  Partnership on Employment & Accessible Technology  the framework will help employers r educe the risks of creating unintentional forms of discrimination and barriers to accessibility as they implement AI hiring technology . Funded by the department’s  Office of Disability Employment Policy , the initiative will also help workers and job seekers navigate the potential benefits and challenges they may face when encountering AI-enabled technologies. PEAT’s framework is based on the  National Institute of Standards and Technology’s AI Risk Management Framework and includes...