Friday, July 03, 2026

Clearly not limited to the legal profession…

https://www.bespacific.com/exposing-the-risk-surface-of-agentic-ai-in-the-practice-of-law/

Exposing the Risk Surface of Agentic AI in the Practice of Law

Murray, Michael D., Exposing the Risk Surface of Agentic AI in the Practice of Law (April 14, 2026). Available at SSRN: https://ssrn.com/abstract=6576480  or http://dx.doi.org/10.2139/ssrn.6576480

This article examines how the legal profession’s shift from passive generative AI tools to autonomous or semi-autonomous agentic AI systems dramatically expands the “risk surface” of AI in law practice. It argues that once AI systems can plan, use tools, access files, interact with other agents, and take actions in the world, the ethical and professional risks move far beyond confidentiality and fabricated output to include unauthorized acts, tool misuse, memory leakage, cross-agent cascading failures, shadow AI, and compromised permissions. The article explains how these risks implicate a wide range of duties under the Model Rules of Professional Conduct, including competence, confidentiality, candor, scope of representation, supervision, fees, and unauthorized practice of law. It concludes by outlining practical governance responses for law firms and courts, including secure deployment environments, zero-trust architecture, human-in-the-loop review, and least-privilege access, while emphasizing that the human lawyer remains ultimately responsible for the actions of digital agents in legal practice.





New Jersey did this? Amazing.

https://pogowasright.org/new-jersey-enacts-broad-data-broker-law-with-costly-fees-and-severe-fines/

New Jersey Enacts Broad Data Broker Law with Costly Fees and Severe Fines

A newly enacted law is causing shock waves. David Stauss of Stauss Law writes:

The risks and costs of being a data broker in the United States just went up — again. On 30 June 2026, Gov. Mikie Sherrill, D-N.J., signed A 5328 into law, making New Jersey the seventh state to enact a data broker law, and the second this year, following Connecticut.
New Jersey’s data broker law stands out for its breadth and cost. It covers not just data brokers but also “data collectors” – entities with a direct relationship to consumers who sell their data to data brokers. Its biggest impact is a tiered annual registration fee: up to $1.5 million for the largest data brokers/collectors. Registration failures or outdated filings also carry significant fines. The law also bans sale of sensitive data – both directly and via an amendment to New Jersey’s general consumer privacy law – with violations carrying a steep $50,000-per-record penalty.
In this article for the IAPP, David Stauss and Cobun Zweifel-Keegan examine the new law and its potential impact on businesses

Expect to see a lot more coverage of this law.





Evolving surveillance. (Next? Facial recognition without the face.)

https://www.schneier.com/blog/archives/2026/07/flock-cameras-can-surveil-cars-without-license-plates.html

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation:

Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags.
Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to get more information “even when you don’t have full plate information,” the company’s presentation shows.
The company gives police officers the ability to search that data as well, to “build stronger cases with less information upfront.” That includes being able to locate multiple vehicles law enforcement officials believe are moving together and what Flock calls a “multi geo search.”

This kind of thing is older than AI; I wrote about it in my 2014 book Beyond Fear. Edward Snowden revealed that the NSA was using cell phone location data to track phones that were habitually near each other.

As bad as Flock is, remember that anyone with broad access to cell phone location data can do the same thing.





Imagine thousands of copies…

https://thenextweb.com/news/ai-agent-first-end-to-end-ransomware-attack

Researchers say an AI agent just ran a ransomware attack from start to finish, with no human at the keyboard

Ransomware has always needed a skilled human somewhere in the loop. Security firm Sysdig says that just changed. It has documented what it calls the first ransomware attack run from start to finish by an AI agent, with no human at the keyboard.

The researchers named the attacker JADEPUFFER, and say a large language model handled the entire job. It broke in, stole credentials, moved deeper into the network, planted a backdoor, then encrypted and destroyed a company’s production database. Sysdig’s Threat Research Team laid out the case in a detailed write-up.



No comments: