• |

    Mar. 18, 2026

AI Agent Security: Companies See Rogue Incidents but Lag on Controls

At many organizations, AI agents are no longer experimental. While use of this autonomous technology grows, companies are relying on immature controls to rein it in. Three recent reports detail multiple types of security and privacy breaches already occurring due to organizations’ inadequate policies, limited monitoring and failure to appropriately treat AI agents as risks in their systems. This article, the first in a two-part series on real-world security for AI agents, examines the reports’ benchmarks of incident types, and the safeguards and security measures that companies so far are applying to agents. Part two will provide a playbook for CISOs and their colleagues to strengthen security and reduce risks around AI agents. See “From CEO Deepfakes to AI Slop, AI Incident Tracking Ramps Up” (Jul. 30, 2025).

Tool or Third Party? Courts Differ on AI’s Role in Privilege and Work-Product Protections

Two recent U.S. federal court decisions reached opposite conclusions on whether interactions with generative AI platforms are protected by attorney‑client privilege or the work‑product doctrine. In the Southern District of New York, in United States v. Heppner, Judge Jed Rakoff ruled that a criminal defendant’s exchanges with Claude were not protected. Yet, in the Eastern District of Michigan, in Warner v. Gilbarco, Inc., Magistrate Judge Anthony Patti held that documents and information related to a pro se plaintiff’s use of ChatGPT were shielded from discovery. With insights from Baker Hostetler, Hunton Andrews Kurth and Morrison Foerster partners, this article parses the courts’ analyses, examines the implications of this developing body of case law and offers practical takeaways regarding protections of AI inputs and outputs. See our two-part series “Gen AI Chats Becoming Evidence”: Law Enforcement Warrants and Subpoenas (Dec. 3, 2025), and How Businesses Can Prepare for Requests (Dec. 10, 2025).

What “Back to Basics” Under Chair Atkins Means for SEC’s Division of Enforcement

Although every new administration brings a degree of change, developments at the SEC have been swift and significant following the end of Chair Gary Gensler’s tenure. Chair Paul S. Atkins has indicated that he intends to move away from “ad hoc enforcement” and toward a steadier, more principles-based approach that focuses on the SEC’s core mission. This article, distilling insights shared during a recent Gibson Dunn webinar, explores how leadership changes and new policy directions are reshaping the efforts of the SEC’s Division of Enforcement, as well as the implications for those navigating the evolving regulatory environment. See “What to Know About the Sleeping Giant That Is the SEC’s Amended Reg S‑P” (Dec. 10, 2025).

Mason Hayes & Curran Welcomes Former Data Protection Commissioner As Global Digital Regulatory Consultant

Former Irish Data Protection Commissioner Helen Dixon has joined Mason Hayes & Curran as a global digital regulatory consultant within its data & technology team. For commentary from Dixon, see “Irish Data Protection Commissioner Helen Dixon on Breach Notification, the Role of the DPO and a U.S. Privacy Law” (Jun. 5, 2019).

Most-Read Articles

Trailblazing Women – Contributions, Achievements and Observations of Outstanding Leaders

To mark International Women’s Day, Law Report Group editors, along with our colleagues across ION Analytics’ products, interviewed outstanding women in the industries and jurisdictions we cover. In this article, Jill Abitbol, Robin Barton, Rorie Norton and Megan Zwiebel profile notable women in the data privacy, cybersecurity, AI, private funds and anti-corruption law fields, including (i) Paula Howell Anderson, (ii) Gwendolyn Lee Hassan, (iii) Audrey Koh, (iv) Stacy Feuer, (v) Heather Egan, (vi) Jeewon Serrato, (vii) Stephanie Breslow, (viii) Anne Choe, (ix) Heather Wyckoff, (x) Angie Batterson, (xi) Jacqueline Eaves, and (xii) C. Dabney O’Riordan.

Enjoy reading their inspiring remarks here.