Clearly not limited to the legal
profession…
https://www.bespacific.com/exposing-the-risk-surface-of-agentic-ai-in-the-practice-of-law/
Exposing
the Risk Surface of Agentic AI in the Practice of Law
Murray,
Michael D., Exposing the Risk Surface of Agentic AI in the Practice
of Law (April 14, 2026). Available at
SSRN: https://ssrn.com/abstract=6576480
or http://dx.doi.org/10.2139/ssrn.6576480
This article
examines how the legal profession’s shift from passive generative
AI tools to autonomous or semi-autonomous agentic AI systems
dramatically expands the “risk surface” of AI in law practice.
It argues that once AI systems can plan, use tools, access files,
interact with other agents, and take actions in the world, the
ethical and professional risks move far beyond confidentiality and
fabricated output to include unauthorized acts, tool misuse, memory
leakage, cross-agent cascading failures, shadow AI, and compromised
permissions. The article explains how these risks implicate a wide
range of duties under the Model Rules of Professional Conduct,
including competence, confidentiality, candor, scope of
representation, supervision, fees, and unauthorized practice of law.
It concludes by outlining practical governance responses for law
firms and courts, including secure deployment environments,
zero-trust architecture, human-in-the-loop review, and
least-privilege access, while emphasizing that the human lawyer
remains ultimately responsible for the actions of digital agents in
legal practice.
New Jersey did
this? Amazing.
https://pogowasright.org/new-jersey-enacts-broad-data-broker-law-with-costly-fees-and-severe-fines/
New
Jersey Enacts Broad Data Broker Law with Costly Fees and Severe Fines
A
newly enacted law is causing shock waves. David Stauss of Stauss
Law writes:
The
risks and costs of being a data broker in the United States just went
up — again. On 30 June 2026, Gov. Mikie Sherrill, D-N.J., signed A
5328 into
law, making New Jersey the seventh state to enact a data broker law,
and the second this year, following Connecticut.
New Jersey’s data broker law stands out
for its breadth and cost. It covers not just data brokers but also
“data collectors” – entities with a direct relationship to
consumers who sell their data to data brokers. Its biggest impact is
a tiered annual registration fee: up to $1.5 million for the largest
data brokers/collectors. Registration failures or outdated filings
also carry significant fines. The law also bans sale of sensitive
data – both directly and via an amendment to New Jersey’s general
consumer privacy law – with violations carrying a steep
$50,000-per-record penalty.
In
this article for
the IAPP, David Stauss and Cobun Zweifel-Keegan examine the new law
and its potential impact on businesses
Expect
to see a lot more coverage of this law.
Evolving
surveillance. (Next? Facial recognition without the face.)
https://www.schneier.com/blog/archives/2026/07/flock-cameras-can-surveil-cars-without-license-plates.html
Flock
Cameras Can Surveil Cars Without License Plates
This
is from a 2024 company
presentation:
Officers can also tap into data showing a
car’s decals, bumper stickers, back and top racks—along with
temporary and unique state tags.
Flock calls it a “Vehicle Fingerprint”
and it’s touted as a way for law enforcement officials to get more
information “even when you don’t have full plate information,”
the company’s presentation shows.
The company gives police officers the
ability to search that data as well, to “build stronger cases with
less information upfront.” That includes being able to locate
multiple vehicles law enforcement officials believe are moving
together and what Flock calls a “multi geo search.”
This
kind of thing is older than AI; I wrote about it in my 2014
book Beyond
Fear. Edward Snowden revealed that the NSA was using cell
phone location data to track phones that were habitually near each
other.
As
bad as Flock is, remember that anyone with broad access to cell phone
location data can do the same thing.
Imagine
thousands of copies…
https://thenextweb.com/news/ai-agent-first-end-to-end-ransomware-attack
Researchers
say an AI agent just ran a ransomware attack from start to finish,
with no human at the keyboard
Ransomware
has always needed a skilled human somewhere in the loop. Security
firm Sysdig says that just changed. It has documented what it calls
the first ransomware attack run from start to finish by an AI agent,
with no human at the keyboard.
The
researchers named the attacker JADEPUFFER, and say a large language
model handled the entire job. It broke in, stole credentials, moved
deeper into the network, planted a backdoor, then encrypted and
destroyed a company’s production database. Sysdig’s Threat
Research Team laid out the case in a detailed
write-up.