In the rapidly evolving world of AI technology, many businesses find themselves weighing increased efficiency against new risks. The goal for businesses shouldn’t be to work towards the impossible goal of eliminating risk entirely, it should be to become more risk-aware. Your business should be working to better understand the underlying legal, structural and evidentiary shifts that come with the technology.
Attorney Client Privilege Meets AI Risks
One of the most immediate risks associated with AI technology is found with attorney client privilege. In United States v. Heppner, a CEO had used a public AI tool to evaluate his legal situation and draft defense strategies based on his prompts. The court ruled that this act broke confidentially since public AI models often train on user input data. As a result, chats with a “publicly available, non-enterprise” AI tool was not a communication with an attorney, and therefore the chats were not privileged.
On the flip side, in Warner v. Gilbarco, the court took a different approach. It viewed AI as more of a “sophisticated tool” like a word processor. These cases emphasize that the choice of AI tool and context are everything. To protect attorney-client privilege, it’s recommended to use enterprise-grade solutions where data training can be turned off, and to be very cautious when feeding information into an LLM for litigation purposes.
The Real Risk of “AI Scribes”
In fictional legal dramas, one side often pulls a key witness out of thin air to win the case. This storytelling trope can become reality with AI scribes. AI scribes that join meetings to record, take notes, transcribe and summarize are a common practice to help drive efficiency. When a business does this, they’re essentially creating a new source of discoverable evidence. In “all-party consent” states like California, turning on an AI scribe without permission could even technically be a criminal wiretap violation.
It’s also important to keep AI hallucinations in mind with these tools. For example, an AI transcript with errors could be used against a company in future discovery. The risk-aware approach is to promptly review AI generated transcripts for accuracy and/or practice defensive deletion which means to delete any AI notes that you’re not legally required to keep. Also, capture consent of all parties when AI transcription is used.
Agentic AI – A Risk Multiplier
Agentic AI, systems that can take autonomous action are becoming common for many businesses. While this technology adds plenty of operational efficiency, it also introduces new areas of risk to be aware of:
- Probabilistic Failure: With AI, this refers to situations where the tool is operating on likelihoods or probabilities instead of fixed rules. This can lead to inaccurate and unreliable outputs.
- Excessive Agency: Without the right controls, an AI agent could escalate its own permission within sensitive parts of your business network that it shouldn’t touch.
- Vibe Attacks: Elite hacking skills are no longer needed to effectively breach businesses. Bad actors now just have to be “persuasive” enough to nudge AI agents past established safeguards.
Who Owns Innovations When AI is in the Picture?
Who owns innovations or intellectual property when an AI tool(s) was used in its creation? According to current U.S. law, every listed inventor on a patent has to be a person. Even though AI technology can help build out or optimize a process, it cannot “invent” in a legal sense. The current designation states that invention requires “conception,” a moment of creation that only happens in the human mind.
If you have engineers using AI tools to help them write code or algorithms without documenting the human work behind it, any IP could be legally unprotectable.
How Can Your Business Stay Ahead of the Risk Curve?
To help navigate the new risks around AI, businesses should consider the following next steps to help mitigate risk:
- Adopt an Agent Development Life Cycle (ADLC) to help manage AI agents and audit their work.
- Look into deploying AI-specific firewalls to inspect prompts for “vibe” attacks.
- Audit third-party prompts (i.e., skills) before they’re allowed to run on your network. Make sure that all code is vetted to help reduce risk.
Don’t Risk Surprises in Digital Debt Collection – Get Retain
Retain white-label debt collection software has advanced built-in controls and features to boost your in-house recovery compliance. You can automate digital collections with software that’s backed by a robust AI governance framework and legal experts that stay on top of the latest regulatory updates. Trade in AI risk for stronger recovery performance, contact our team today.
