Still covered by attorney-client relationship?

https://www.bespacific.com/heads-up-for-lawyers-who-use-chatgpt-outside-firm-approved-systems/

Heads-up for lawyers who use ChatGPT outside firm-approved systems

Via Ray Lament, LinkedIn [click graphic to enlarge]

“On 13 May 2025 the US District Court for the Southern District of New York ordered OpenAI to preserve and segregate every chat record that would normally be deleted. The directive stands until the court decides otherwise. Surveys show plenty of practitioners have preferred the public version of ChatGPT to enterprise legal-AI tools, counting on auto-deletion to keep the risk down. This ruling shows a court can tell an AI provider to keep data you assumed had vanished, even if the order is later narrowed or overturned…”

Interesting that the obvious controls must be missing. This driver had too much access...

https://www.schneier.com/blog/archives/2025/05/doordash-hack.html

DoorDash Hack

A DoorDash driver stole over $2.5 million over several months:

The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office.

Interesting flaw in the software design. He probably would have gotten away with it if he’d kept the numbers small. It’s only when the amount missing is too big to ignore that the investigations start.