Executive Risk Briefing

The EU AI Act (Article 99) explicitly sets fines for prohibited AI practices (Article 5 violations, such as manipulative techniques or biometric categorization) at up to €35 million or 7% of total worldwide annual turnover, whichever is higher. This is higher than GDPR (which caps at 4%).

The FTC has successfully enforced "Algorithmic Disgorgement" in multiple settlements (e.g., Everalbum, Weight Watchers/Kurbo, Cambridge Analytica). In these cases, companies were ordered to delete not just the data, but the algorithms and models trained on that data. If a model is trained on "poisoned" (illegally obtained) data, the model itself is considered "fruit of the poisonous tree" and must be destroyed.

Recent reports show the number is likely higher. A 2025 analysis found 98% of organizations have employees using unsanctioned AI tools. Specifically, 78% of employees bring their own AI tools (BYOAI) to work. Furthermore, 43% of employees admitted to sharing sensitive work information with these tools.

While a specific "<1%" census is hard to pin down, the market for "AI Red Teaming" is in its infancy compared to general cyber (approx. 15% of the size). Microsoft explicitly notes that manual AI red teaming is a "bottleneck" and "resource intensive," implying most teams lack the capacity. The "Builders vs. Breakers" conflict is a standard cybersecurity axiom; internal teams rarely have the "adversarial" training specific to *cognitive* attacks (prompt injection) versus code attacks.

In early 2024, a Hong Kong finance worker paid out $25 million after a video call with their "CFO" and several other colleagues. Everyone on the call except the victim was a deepfake. The employee initially suspected fraud but was convinced by the realistic video and voice of the CFO. This demonstrates a near-100% failure rate for human detection in high-sophistication attacks.

This is recognized as a top threat (OWASP Top 10 for LLMs). Attackers can embed invisible instructions (e.g., in white text on a white background) in emails or resumes. When an RAG system (Enterprise Search) ingests this document, the "poisoned" text overrides the system instructions, allowing data exfiltration. Microsoft and CrowdStrike classify this as a "blind spot" where the user never sees the attack.

Insurers like Coalition are introducing "Affirmative AI Endorsements" to clarify coverage, which implies standard policies may *not* cover it by default. Legal analysis confirms that "deliberate acts" or "willful violation of law" (e.g., using unauthorized data for training) are standard exclusions. If you cannot prove you audited your data sources (Standard of Care), a claim for copyright or data breach could be denied.

Studies show 75% of businesses observe AI performance declines (drift) when unmonitored. Unlike software bugs that crash the system, drift is "silent"—the model continues to run but makes increasingly wrong predictions (e.g., denying good loans). Error rates can jump 35% in six months due to changing market conditions.

In 2024, a Canadian Tribunal ruled that Air Canada was liable for its chatbot giving wrong refund advice. The company tried to argue the chatbot was a "separate legal entity," but the court rejected this, stating the company is responsible for all information on its site, human or AI.

Companies building "wrappers" on top of OpenAI/Anthropic are subject to retroactive policy changes. For example, OpenAI's recent policy updates explicitly limit liability for professional advice (medical/legal), shifting the risk entirely to the deployer. If a vendor deprecates a model version (e.g., GPT-3.5 to GPT-4o), downstream applications that relied on the specific behaviors of the old model can break instantly.