On April 7, 2026, Anthropic announced three startling developments with implications for cyber risk and governance. It said its Claude Mythos Preview (Mythos) frontier model, which is able to find and exploit software vulnerabilities, is too “dangerous” to release publicly; that Mythos already had identified weaknesses in critical software infrastructure underlying the internet and broader economy; and that Anthropic had launched Project Glasswing, a partnership with maintainers of key open‑source software and a dozen industry leaders across cloud infrastructure, operating systems, networking and finance to probe “the world’s shared cyberattack surface” and help shore it up.

Anthropic plans that the elite partners – including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks – using Mythos in the first phase of Glasswing will collaborate to test and patch bedrock software. They will then share information and recommended practices more widely, with the aim of enabling others to fix vulnerabilities across increasingly broader swaths of software and systems – before attackers access and wield Mythos or similar models for exploits.

One week after Anthropic’s announcement, on April 14, 2026, OpenAI revealed it also had developed a vulnerability-weaponizing model, GPT 5.4‑Cyber, which it will share with only its network of trusted cyber partners until further notice.

For now, most companies must wait for more information and the release of successive cascades of vulnerabilities and patches. Or must they? “Most companies don’t have access to Mythos, but they can take a lot of other steps now to prepare for this coming flood of vulnerability discovery and real strain on their security resources,” A&O Shearman partner Andrew Tannenbaum told the Cybersecurity Law Report.

Mythos’ emergence creates enterprise-wide risk that extends beyond cyber operations and traditional legal oversight. It could expose the sprawl of stale IT gear and software that no longer is patchable, Paul Weiss partner John Carlin warned. “If bad guys get access to a tool like this, they don’t need to be the most efficient or go after the biggest target. Likely they can just, at scale, target thousands and thousands of points at once,” finding vulnerabilities deep in companies’ systems, he told the Cybersecurity Law Report. At many companies, “roughly 40 percent of their technology is just not patchable,” leaving no singular cybersecurity fix. Rather, “they have to upgrade the whole IT system,” he added.

This article examines how standards for cyber programs may shift and what to watch in information sharing and cyber operations, and offers concrete steps that CISOs, GCs and boards should consider, with insights from Carlin and Tannenbaum, along with cybersecurity leaders from Akin, Alston & Bird, Cloud Security Alliance, Cyber Threat Alliance and Debevoise.

See our two-part series on AI agent security: “Companies See Rogue Incidents but Lag on Controls” (Mar. 18, 2026), and “What CISOs and GCs Need to Know to Defend the Enterprise” (Mar. 25, 2026).

Anthropic’s Plan

The Glasswing Project begins with a limited group of vetted partners and may grow in scope over time, Anthropic said. The company will report publicly within 90 days of the launch on what participants have learned, including vulnerabilities fixed and improvements made (unless too sensitive).

Partners are expected, “to the extent possible,” to share information and best practices among themselves, with broader dissemination to follow “through leading security organizations,” according to Anthropic. The company also said project partners will collaborate on practical recommendations for how security practices should evolve in the AI era, potentially spanning “vulnerability disclosure, software update processes, open‑source and supply‑chain security, secure‑by‑design development practices, regulated‑industry standards, and automation for triage and patching.”

Glasswing has started as a coordinated, top-down campaign and may turn into the biggest penetration test in history. Anthropic has included competitors – Microsoft and Google, for example – in phase one, as well as “maintainers of really core, highly important and valuable critical infrastructure open-source projects,” Cloud Security Alliance chief analyst Rich Mogull told the Cybersecurity Law Report. It has pledged $100 million in credits to these latter organizations to conduct vulnerability probes. “Access to the model is subsidized because it’s very expensive to run,” he said.

See “Gauging Uptake of AI in Cybersecurity” (Nov. 12, 2025).

The Challenge of Information Sharing

Glasswing’s understandably closed structure exemplifies the dilemmas around central control with cybersecurity information sharing, said Cyber Threat Alliance (CTA) CEO Michael Daniel. “This is going to require continuous oversight and attention” by Anthropic or another administrator to route the crucial details downstream, decide how thoroughly to vet any organizations receiving findings and determine whether to classify shared details by sensitivity. “They want to get information out as broadly as they can to the end users – but as soon as they really start pushing it to the end users, the bad guys are going to become aware of it. It’s just inevitable,” he said.

The CTA, whose members primarily are cybersecurity companies, is an existing conduit that could disseminate Glasswing findings discreetly, as are the 30 information-sharing and analysis centers (ISACs). “We specialize in sharing this information. I’m hoping our members who are part of Project Glasswing can then share [identified] vulnerabilities and mitigations with the rest of the CTA members,” and in turn work with customer companies to cement the fixes into place without broadcasting details publicly.

The ISACs “are more important than ever as the critical bridge between the mass of companies, the software companies and the solutions companies” that will help implement the fixes, Akin partner Evan Wolff told the Cybersecurity Law Report.

Pressure will build on Glasswing until Anthropic explains how Mythos-generated findings will reach companies through existing channels, including vendor advisories, cybersecurity service provider feeds, sector ISAC alerts, and the registry of common vulnerabilities and exposures (CVE). “Companies should not count on their one‑to‑one relationships with cyber companies to resolve” the vulnerabilities that Glasswing exposes, Daniel observed.

Moreover, to handle the Mythos-class models’ compressed discovery-to-exploitation timelines, existing information-sharing channels, including the CVE system, will need procedural upgrades and technical improvements to create a faster, more-evolved process to replace the existing 90‑day disclosure cycles and pay more attention to remediations, Wolff noted.

See “Cyber Information Sharing Leader Discusses Frenemies, AI and Key Law Soon to Expire” (Aug. 6, 2025).

Alerting the Board and Leadership

Glasswing is a warning flare that companies’ performance in vulnerability and patch management is now a red-hot enterprise risk that must be governed, funded and documented. Mythos-class capabilities surely will be in the hands of both defenders and malicious actors soon. Accordingly, experts agreed, CISOs and GCs should alert management and directors immediately. “Boards typically should be briefed on emerging risks. And this is certainly an emergent and rapidly developing risk. These models are getting stronger and stronger every week,” Tannenbaum warned.

“The message to the board is, ‘we are going to need to rethink a core part of our cybersecurity program,’” Alston & Bird partner Kimberly Peretti told the Cybersecurity Law Report. “Vulnerability and patch management, a core part of security, is now being changed and turned on its side,” she said.

“Leaders should understand that many of the vulnerabilities being identified by Mythos are unpatched, and there may be a short window to patch when these vulnerabilities are made public, so additional resources may be needed to prepare for that,” Debevoise partner Avi Gesser told the Cybersecurity Law Report.

The high-level corporate discussion is also urgent because eliminating unpatchable software and gear requires costly, organization-wide technology replacement – a “tech debt,” Carlin warned. “CISOs often do not control the IT. In board briefings, I’ve heard CISOs say, ‘Every problem I see has a solution and I’m putting the patch in.’ But that misses the tech debt problem, which they don’t own and don’t see. That may sit with the CTO or IT side of the house,” he elaborated.

See “Five Steps for Effective Board Oversight on Cybersecurity Breach Response” (Jan. 15, 2025).

Upgrading the Cyber Program

The projected impact of Mythos-class models on cyber defenders may seem extreme. Constraints on attackers approach zero, while their destructive reach expands exponentially. For example, with a Mythos-class model in malicious hands, the mean time between discovery and exploitation, which used to be months, tightens toward nothing. “We’re going to need to patch very, very quickly,” Mogull cautioned. Additional impacts may include the following:

• Zero Day Every Day. The severity of many exploits will be maximal. “[Cyber teams] will be dealing with multiple zero‑day exploits on a daily basis,” Mogull said, adding that “zero day every day” may be a fact of life.
• Efficiencies for Bad Guys. Attackers’ efficiency may find no bounds. “The cost of entry becomes near zero on deploying this new AI tool and using it at scale to chain exploits together,” Carlin noted.
• Pervasive Risk. No background or secondary software or system can be considered safe. With many companies relying on more than 150 software providers or service vendors, failures can surface anywhere on any day.

Still, these are emerging threats. Defenders have some room – more than zero – to start maneuvering and take recommended steps.

See “Six Steps for Improving Cloud Security From CSRB’s Report on Microsoft Intrusion” (Jun. 12, 2024).

Refresh Vulnerability Management

Vulnerability management is a first area where CISOs might “prepare, test and think through how companies can deploy AI as part of their security programs,” Tannenbaum said.

The reassessment starts with a basic review. “Companies should revisit their vulnerability management program and processes” to manage it, Tannenbaum suggested. Steps include confirming who will receive escalated vulnerability alerts, who will validate them and which executives can authorize emergency remediation steps.

To identify vulnerabilities, even without Mythos, organizations can use available commercial large language models (LLMs) and vendor services to pressure-test their systems. “Other available LLMs may not be quite as powerful as Mythos at the moment, but they certainly have the ability to discover vulnerabilities and misconfigurations,” Tannenbaum highlighted.

Once identified, the work involved in managing vulnerabilities may be complicated by scale. The most immediate operational shock may be the pace of disclosed vulnerabilities to take in and track.

Ultimately, prioritization is crucial because much incoming vulnerability intelligence will be low-value noise, Daniel cautioned. “Not all vulnerabilities are created equal. Historically, over the last 15 years say, only about five to six percent of discovered vulnerabilities have been exploited,” he said. The goal is to “identify, out of the sea of vulnerabilities, which ones the bad guys are going to use and prioritize fixing those,” which means “we need predictive tools on steroids.”

See our three-part series on vulnerability management: “What You Don’t Know From Your External Scans Can Be Used Against You” (Oct. 14, 2020), “Understanding the Risks of External Scanning” (Oct. 28, 2020), and “Increasing Communication to Prevent Problems From Hiding in Plain Sight” (Nov. 4, 2020).

Improve Patch Management

CISOs should seek to strengthen patching programs. “Measure your current velocity for critical vulnerabilities honestly and work on shrinking it,” Mogull advised. “The metrics I would look for are comprehensiveness of coverage and time to patch. Critical and high vulnerabilities that took two weeks need to be patched in minutes to hours,” he said.

With attackers able to quickly discover vulnerabilities and achieve near-continuous exploitation, defenders lose the ability to rank, prioritize, test and deploy patches on typical timelines, such as weekly.

Even with regular patching, teams struggle with thoroughness given the challenges of elusive and longstanding vulnerabilities. “As of 2025, two of the top 10 exploited vulnerabilities, causing billions and billions, if not trillions, of dollars’ worth of damage, are over 10 years old – which tells you how difficult it is to patch,” Carlin highlighted. Of the top 100 exploited vulnerabilities, one third were over 10 years old, he added, citing a Cisco Talos report.

While faster patching is required, it must be accompanied by verification. Patching at speed has created systemic outages, such as in the case of the 2024 update to CrowdStrike software. “We can now use AI to validate the patching,” Wolff said, though manual checking is still advisable. “As with everything with AI, trust but verify,” he instructed.

See “Benchmarking Threats and Approaches to SaaS Security” (Sep. 3, 2025).

Embrace Cyber Defense Fundamentals

Even if the tempo of defense changes, companies should focus on baseline practices. “Defense architectural principles remain important. Companies still need to implement multi-factor authentication, segmentation and zero trust,” Daniel urged.

More than acquiring “magic AI defenders, companies need solid security fundamentals,” Mogull agreed. One piece of good news in Anthropic’s Mythos report was that the model failed to exploit remotely many of the myriad Linux architecture vulnerabilities that it identified, he highlighted. The cost of turning a possible exploit into a working attack depends “on how much defensive engineering sits between the bug and the asset,” he stressed.

Mythos-class models still may stumble if a company aggressively segments and isolates parts of its network. “Treat every boundary as load bearing,” Mogull urged. “Compartmentalizing and segmenting environments, and isolating older technologies” are key preventive steps now that companies cannot assume patching is a primary defense, he said. For operational technologies and control systems, “I would stick two firewalls from two different vendors in front of them and make sure they’re all current, patched and updated. That will have meaningful effect in creating complexity for attackers,” he offered.

Asset management and inventory tools also remain key. If a company does not know which versions of software it runs and which employees control them, it will not be able to benefit from Glasswing’s vulnerability information, Mogull noted.

See “Strategies for Addressing Cybersecurity Threats to a Prime Critical Infrastructure Target – Data Centers” (Sep. 24, 2025).

Implement AI Security Tools

Buyers of cybersecurity services should expect providers to embed AI throughout their scanning and testing tools. Cybersecurity companies across the board already have started integrating AI capabilities into all their services. “Red teaming, vulnerability discovery [and] code review are all services that can be provided” on the market and are important for companies to consider using going forward, Tannenbaum suggested.

“Frequently there’s a new attack vector to secure,” Wolff said, but now systemic autonomous exploitation upends traditional expectations. New tools may help manage scale and volume, but companies must adjust their core defense processes, which involves engineering AI security implementations to fit their idiosyncratic environments, he pointed out.

See “Benchmarking AI Uptake by Compliance Functions” (Dec. 3, 2025).

Adapting Governance and Policies

Companies must consider the implications of Mythos-class models for their third-party risk management, incident response programs and secure-by-design coding, experts stressed.

Update Third-Party Management

Expectations around vendor’s security practices are going to change overnight, Peretti predicted. “Vendor contracts will need to be reviewed” for requirements on “identifying and fixing vulnerabilities, time frames and communications with the customer company,” she advised.

“We need to start being harder on our security vendors and asking the tough questions,” Mogull contended, like “What’s your secure software process? How are you protecting yourself? What are your patching update cycles?”

Diligence questions for vendors should consider criticality to the business and level of data exposure. And when the responses come in, “companies should be tiering the vendors and weighting them, because not all vendors are created equally,” Wolff recommended. At the same time, companies “need to rethink what information they are giving vendors.”

Companies will want to see suppliers using technology as close to Mythos as they can obtain. When contracting with third parties, companies should at least require “that their providers are using AI on their back end to ensure the security of their products and services. The bar has been raised. Expectations will be that vendors will use sophisticated language models to review their code, release safe code and avoid vulnerabilities where possible,” Tannenbaum said.

See “Contracting With Vendors to Mitigate Third-Party AI Risk” (Feb. 18, 2026).

Revise Cybersecurity Documentation

Written information security policies (WISPs) will need to explicitly address AI’s potency. “Many WISPs will start to reflect the increased need for continuous AI-powered vulnerability discovery and mitigation, and that will likely shift the standard for what is ‘reasonable security,’” Gesser predicted.

Public companies should consider whether disclosures capture the landscape changes and the governance response. “Take a look at your 10‑K and make sure that you’re adequately disclosing this overall risk,” Carlin advised. “A lot of the potential liability in this area, in civil suits and with regulators, all revolves around reasonableness,” the standard for which will likely change, he added.

Reassess Bug Bounty and Incident Response Programs

Vulnerability research and disclosure programs have been valuable, but reassessment is needed for “how a bug bounty program operates in the age of AI‑identified vulnerabilities at scale,” as AI slop is proliferating in many companies’ portals, Peretti said. Some companies, Tannenbaum added, may also reconsider whether they want the administrative burden of a traditional bug bounty program as vulnerability discovery becomes increasingly automated by both companies and their security providers.

Similarly, companies must revisit and scale their incident response programs to consider growing noise fed by automation. “There are going to be more alerts of incidents, and companies will need better triage,” Peretti recommended. Odds are more consequential incidents will occur, so companies may explore adjustments for greater volume.

See “Survey Finds Cybersecurity Budgets Rising and Increased Incident Response Confidence” (May 8, 2024).

Raise Security Standards for Company Engineers

If the Glasswing Project flourishes for months before bad guys get hold of Mythos-class capabilities – the best-case outcome – it would support the ability to secure popular sets of code in GitHub and central open-source libraries that company developers rely on for much of their coding, Mogull noted. Unfortunately, as it currently stands, decades of custom enterprise code are a vast attack surface for bad guys with AI models, he warned.

Software “development security standards must change” in companies, Mogull urged. In many companies, “custom code is often deployed without checking with a CISO. That’s just how organizations tend to work,” Carlin observed.

Fortunately, engineers in 2026 can integrate myriad security agents to secure the development process. “If your company’s pipelines can’t host an agentic security step today, start by ensuring they can,” Mogull advised. Every piece of code he writes has “a designer agent, an architect agent, an engineering agent that uses test-driven development and builds tests before it deploys, a quality assurance agent, a security agent, and then automated test harnesses,” he said.

See “Adopting a Cloud-First Mindset: How Operational Resilience and Security Issues Change Without On-Premises Infrastructure” (Jul. 28, 2021).

Stay Alert and Try to Keep Up With the Changes

The attack surface is vast, including “legions of unpatchable devices, routers nobody will ever touch again” and critical operational technologies that are erratically protected, Mogull noted.

The risks in the Mythos moment are only beginning to emerge, with implications extending beyond cybersecurity programs, into procurement, IT holdings and corporate treasury – which will pull into conversations the CISOs, GCs, compliance teams, risk managers, top management and boards.

At least in cyber defense, time is tight and the overall “process needs to be rethought because the OODA loop,” the traditional military guide for decision-making – Observe, Orient, Decide and Act – “is no longer sufficient for the current situation,” Carlin reflected. Mythos may fix some problems for private-sector organizations, but the technology delivers humans both a tough deadline and unsettling decisions to make.

The connectedness of today’s cars to the broader digital ecosystem introduces cybersecurity risks that original equipment manufacturers (OEMs) must identify and address. These risks include not only a data breach that could expose the intimate details of an individual’s life but, even more critically, threats to the physical safety of a vehicle’s occupants.

This final installment in a four-part article series on connected cars explores the technical and legal issues surrounding the cybersecurity of connected cars. It provides an overview of the legal regime governing vehicle cybersecurity, examines potential vulnerabilities and offers best practices for implementing a cybersecurity and incident response framework, with insights from Exponent, McDermott, Will & Schulte and Morrison Foerster. Part one covered FTC enforcement activity related to connected vehicles, part two discussed the legal framework and part three examined privacy compliance issues.

See “What International Companies Should Do to Comply With the E.U. Cyber Resilience Act” (Jan. 28, 2026).

E.U. and U.S. Legal Landscape

The cybersecurity of connected cars is governed by different legal frameworks in the U.S. and E.U., as well as by industry standards and best practices. While other countries have relevant requirements, the discussion below addresses U.S. and E.U. laws and guidance.

U.S.

Connected cars are a “highly unregulated industry right now,” Summer Fowler, corporate VP and principal at Exponent, told the Cybersecurity Law Report.

At a high level, connected car companies can be subject to overlapping cyber frameworks, but it depends on a number of factors and where they sit in the regulatory ecosystem. In general, the U.S. has a somewhat “disjointed approach” to regulating cybersecurity since “there isn’t one single uniform law that applies across the board,” Morrison Foerster partner Kaylee Bankston said. The various regulators, each with their own jurisdiction, approach cybersecurity from different angles, she noted.

Many existing laws regulating cybersecurity that would be applicable to connected cars focus on prohibiting unfair and deceptive acts and practices and protecting individual privacy rather than mandating prescriptive safety measures, Bankston explained. The FTC is “generally viewed as the lead federal regulator in the U.S. on cyber and privacy matters under its Section 5 authority,” with a main focus on protecting against unfair and deceptive acts and practices, she said. 

To the extent automakers are public companies, they also would be subject to SEC cybersecurity rules that require disclosure of material cyber incidents and disclosures regarding the company’s approach to cyber risk management and governance.

State unfair, deceptive or abusive acts or practices laws are also leveraged to regulate cybersecurity (as well as privacy) from a consumer protection standpoint, Bankston noted. Similar to the FTC Act, they prevent consumer harm by prohibiting false or misleading statements about a company’s cybersecurity policies, she stated.

In addition, every state has a data breach notification law that primarily focuses on “notification obligations when an individual’s personal information has been subject to a security breach,” she explained.

Furthermore, Bankston continued, proposed regulations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) are pending. They would impose a short timeframe (72 hours) for mandatory reporting on critical infrastructure industries whose systems are affected by covered cyber incidents, “though it is unclear how the final rules may differ from the current proposal,” she noted. “As proposed, CIRCIA would be a marked shift in U.S. cybersecurity notification laws, emphasizing operational disruption and system resilience rather than the traditional focus on breaches of personal information,” she emphasized.

There is a trend toward more prescriptive cybersecurity requirements, as reflected in some state regulations and consent orders issued in enforcement actions brought by the FTC and state AGs, Bankston observed. Whereas five or 10 years ago regulations may have afforded great flexibility for a company to determine what constitutes “reasonable” cybersecurity protection for its organization, “we’re seeing more regulators and legislators trying to tell companies what reasonable is by setting forth specific security controls that need to be implemented,” she observed.

See “CISA’s Proposed Rule for Critical Infrastructure Cyber Incident Reporting: How Organizations Can Prepare and Engage” (May 29, 2024).

Europe

In the E.U., applicable cybersecurity laws and regulations include the NIS2 directive, the Cyber Resilience Act (CRA) and General Safety Regulation (GSR) (EU) 2019/2144, Alex van der Wolk, a partner at Morrison Foerster, told the Cybersecurity Law Report.

The NIS2 regulates cybersecurity at the organizational and manufacturing levels. In turn, the CRA and GSR concern products with digital elements, with the GSR regulating the cybersecurity of the vehicle as a product, and the CRA regulating the non-vehicle components of the car, for example, the car app or charging stations, van der Wolk said. The CRA and GSR in regard to vehicles are “different sides of the same coin,” he explained.

The GSR does not contain cybersecurity requirements itself but operates by incorporating UN Regulations Nos. 155 and 156, which contain detailed cybersecurity rules throughout the vehicle lifecycle and software updates, van der Wolk clarified.

In addition, the Radio Equipment Directive governs the wireless connection between the key or app and the car, van der Wolk said.

Other Guidance

In addition to laws and regulations, OEMs look to guidance from other sources that do not have the force of law.

The standards that the U.S. auto industry primarily looks to are published by the International Organization of Standards (ISO) - particularly ISO 21434, which addresses cybersecurity engineering across vehicle life cycles; ISO 26262, which relates generally to functional safety; and ISO 21448, which concerns the safety of the intended functionality of vehicles, Fowler explained. Additionally, for automated vehicles, the Society of Automotive Engineers has some taxonomies and standards for cybersecurity, she said.

Some guidance is issued by U.S. administrative agencies. For instance, the National Highway Transportation Safety Administration has issued cybersecurity best practices guidance for connected cars, Fowler noted.

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) 2.0 also provides guidance. “The NIST CSF is one leading recognized framework, particularly in the U.S. So, if companies in this space are aligning to that, they are heading in the right direction,” Bankston remarked.

Connected Vehicle Vulnerability and Risk

Vulnerability Points

Connected car vulnerabilities can arise at every stage of the vehicle lifecycle, from initial design through end of life.

A vehicle’s connection to outside systems “in and of itself creates potential vulnerability and exposure,” Bankston explained. In addition, “multiple parties may be involved in developing the different systems – the firmware and the software – that are leveraged by the vehicle,” she noted. This creates supply chain risks that must be managed, she said.

“Any time a system takes inputs from another system, there’s a susceptibility, there’s some risk,” McDermott partner Stephen Reynolds told the Cybersecurity Law Report. As cars become increasingly connected, there is more risk that some of the inputs that they receive, whether through over-the-air software updates or by talking to each other, contain malware, he said.

Reynolds suggested that malware is “less likely” to be introduced via software updates because hash values can help verify an update’s integrity. Rather, the “greater risk” comes from the use of open-source code or a software library that contains malicious code, he explained. “We haven’t seen that specifically in the automotive industry, but we have seen that generally in cyberattacks,” he stated.

One way bad actors create vulnerability is through a denial-of-service attack, in which an attacker floods a target such as the vehicle’s telematics or infotainment interface, a companion mobile app/API or even the OEM’s backend servers with traffic or messages until the system becomes overwhelmed, Reynolds added.

Safety and Data Breach Risks

Cybersecurity concerns about connected cars center on safety and data protection.

Safety Risks

Most cybersecurity concerns about connected cars relate to vehicle actuation – the control of car systems such as acceleration, braking and steering – which implicates safety, Fowler observed. That is more of a critical concern than the negative consequences that could flow from a data breach, she opined.

The principal security issue, van der Wolk concurred, is the risk that “someone takes over your car.” A bad actor could lock someone out of their car or tamper with the vehicle’s safety features, he said.

Data Breach Risks

Data can be vulnerable regardless of whether it is stored on a vehicle, in the cloud or in transit, Fowler emphasized.

Because the data collected by a connected car creates an intricate profile of a user, there is a real risk that in the event of a breach the data could be exploited for nefarious purposes, van der Wolk cautioned.

To access proprietary and confidential information, bad actors could hack a company’s servers and then threaten to publish the information if they are not paid, Reynolds explained. There is also the risk of a ransomware attack, where a bad actor hacks an OEM’s system, encrypts files that prevent the computer systems with which cars interface from running and demands money in exchange for the keys, he added.

See “Strengthening Cyber Defenses in an Ever-Evolving Threat Landscape” (Jun. 4, 2025).

Managing Cybersecurity Across the Vehicle Lifecycle

Managing connected car cybersecurity requires applying core information security principles across the vehicle lifecycle – from design and supplier management to authentication, layered defenses, updates and incident response.

Apply General Security Principles

Information security protections and principles that apply generally apply equally to connected cars, Reynolds noted. “A good cybersecurity framework is built on security by design. Some applicable general protections and principles include, according to Reynolds:

• Failing Safely. Since, more so than in other domains, safety in the automotive space is “paramount,” OEMs should apply the fail-safe principle. That concept holds that a failing system should default to a predefined safe state. For example, if for some reason a computer cannot access a server for authentication, it could either use a fallback authentication method or deny the request.
• Layering Defense. Another guiding principle is defense-in-depth. OEMs should utilize multiple defense layers – a good analogy is a medieval castle with a moat, gates and archers.
• Strict Access Controls. One example is multifactor authentication, for both humans and between connected car systems.
• Strong Supply Chain Management. As discussed more fully below, reasonable due diligence of suppliers and vendors to ensure partners maintain defensible security practices is important.
• Updates. Automatically installing critical updates or checking for updates prior to installing new software is another good practice.
• Zero Trust Architecture. OEMs should assume a zero-trust environment – that an attacker will access the system – and have the tools in place to monitor them.

Take a Lifecyle Approach

An OEM designing a connected vehicle and related software should take a lifecycle approach to cybersecurity, Fowler recommended. Cybersecurity planning needs to start early in the development cycle and cannot be “screwed on to the end,” she emphasized.

Software should be code signed, that is, the developer should attach a digital signature using cryptography, to ensure that the software engineering and booting processes are secure, Fowler advised. That way, the OEM can be sure that code booted onto the vehicle, either initially or through an over-the-air update, is what it says it is, she explained. Companies can also conduct secure code analysis, a process by which software is run through software composition analysis tools that look for known vulnerabilities or bad practices, such as hard-coding passwords, she recommended.

The vehicle should also have a secure communications architecture among its various systems – for example, signals a camera sends to the automated driving system (ADS) – to ensure that those systems communicate with the same path and those communications are secure, Fowler suggested. This can be done through certificates, encryption and secure tunneling paths, she said.

Communications with external systems such as satellites, other vehicles or infrastructure such as stoplights should also be made secure, Fowler urged.

Measures also should be taken to ensure that a vehicle’s code is not modified during maintenance, Fowler advised.

Likewise, there should be an end-of-life process that secures the information after the car is retired, Fowler said. “It’s layering security at every single point that things happen,” she explained.

Undertaking a Risk Assessment

Conducting a risk assessment is an essential part of an effective cybersecurity plan for OEMs.

Begin at the Design Phase

Like the implementation of cybersecurity measures, a risk assessment should also begin in the design phase. At this stage, companies should evaluate the vehicle’s overall system design and conduct an attack surface analysis, Fowler advised.

The assessment involves identifying where an attacker could potentially enter or move through the system (including interfaces and data flows) and mapping key trust boundaries, such as points where data or commands cross from one component to another, Fowler continued. It also should identify risks posed by external attack surfaces, such as internet-facing systems, and by internal attack surfaces that facilitate lateral movement within the network, she instructed.

Understanding the intended use of data is a critical part of the analysis. How data will be stored, transmitted and used will help determine the scope of the attack surface, Fowler noted, which can extend across virtually all of the vehicle’s components.

Decisions about data storage, however, are less about selecting the “most secure” location and more about applying appropriate controls, Fowler explained. Wherever data resides, the level of controls should match its criticality, she advised.

Conduct Regular Penetration Testing and Threat Modeling

OEMs should routinely conduct penetration testing and threat modelling to uncover any vulnerabilities that can be exploited and what risks that poses, Bankston suggested.

A holistic approach to cybersecurity requires OEMs to test system defenses by actively trying to “break the car,” including individual components, van der Wolk added.

Seek Stakeholder Input

A comprehensive risk assessment process should seek input from a company’s stakeholders. “Oftentimes we just interview key stakeholders,” Reynolds said. Open-ended questions offer employees an opportunity to discuss their cybersecurity concerns, he stated. “We often start with somewhat of a questionnaire” from which we put together a “risk matrix” outlining the highest risks and what can be mitigated and then develop a roadmap and set priorities, he explained.

Develop a Mitigation Plan

Once the assessment has identified the risks, companies should start mitigation planning, including examining what type of authentications and encryption is needed to reduce vulnerabilities, Fowler said. Business considerations and trade-offs come into play here, since “the greatest and most secure system is probably unaffordable,” she explained. The starting point is addressing anything that could put people at risk and then working outwards from there, she suggested.

An OEM should approach a risk assessment by thinking like the adversary – asking what bad actors could do if they gain control of a car system and reviewing the mitigations in place to prevent such harms, Bankston advised. The company should review whether its controls are defensible and document its analysis and conclusions as proof of review, she added, recommending that, for each system, the degree of controls should be appropriate to the level of risk.

See “Unifying Risk Assessments: Breaking Silos to Enhance Efficiency and Manage Risk” (Jan. 29, 2025).

Securing the Supply Chain

Good cybersecurity practices require good supply chain hygiene. Both vehicle manufacturers and suppliers should conduct reasonable due diligence of their respective suppliers and vendors to ensure that their partners maintain defensible security practices, Bankston recommended.

Vehicle manufacturers can ask suppliers about security practices related to product development, including how vulnerabilities are identified and tested, and the company’s incident response capabilities, Bankston elaborated. They can also ask for a SOC 2 report, which is a third-party evaluation of a company’s security practices, she suggested. Suppliers should extend similar diligence to their own suppliers, “reinforcing a cascading approach to supply chain risk management,” she said. As technology evolves, manufacturers and suppliers should periodically revisit these questions at “reasonable intervals” to ensure that their respective suppliers’ practices continue to be defensible, she recommended.

Supplier contracts should contain adequate representations regarding the security practices associated with the development of their product and requirements to timely report any vulnerabilities, Bankston instructed. Ideally, the contracts should grant the right to assess or audit the vendor’s security practices, she stated.

Since software is often changing, it requires constant monitoring for vulnerabilities and necessary patching. Thus, manufacturers and suppliers should also ensure that software and firmware contracts specify who is responsible for testing, validation and maintenance, Bankston suggested.

Establishing Organizational Governance

“In today’s world, it’s pretty well accepted that cybersecurity is an enterprise-level risk,” Bankston observed. Information security governance extends “all the way to the top,” with increasing expectations that a company’s board and executive team understand the cybersecurity risks to their organization, she said. In addition to the IT and security teams, companies should involve their executive, legal and business line teams as appropriate to create a “strong security culture,” she stated. And since “humans will always be the weakest link,” employee training and awareness is critical, she advised.

Planning and Implementing Incident Response

One thing that sets connected car incidents apart from other IoT products is that an incident can put lives at risk, van der Wolk said. “The worst-case scenario for the automotive industry is pretty much as bad as it gets,” he emphasized. An incident response plan should account for that possibility, he advised.

“A good incident response plan will essentially serve as an incident remediation roadmap, featuring key stakeholders, communications protocol and the steps needed to get systems back up,” Reynolds said.

Creating an Actionable Playbook

An incident response plan should be an actionable framework document, sufficiently detailed to give direction and the authority to execute on specific tasks, yet allowing for the flexibility that will “inevitably” be needed during a security incident, Bankston advised.

The plan should clearly assign roles – who is in charge, who is taking notes, who is capturing the logs, Fowler recommended. Establishing clear communication paths – knowing who should communicate with whom and who should prioritize what – is also extremely important, she said.

A good plan has “everyone singing from the same song sheet, particularly as it relates to escalations, prioritization, and decision-making authority,” Bankston emphasized.

Testing the Plan

The incident response plan should also be tested – technical or executive tabletop exercises can give stakeholders an opportunity to speak freely and openly about any security gaps, Bankston said. These can be “really helpful in bringing to life the controls that the company has on paper,” she stated. A tabletop exercise may reveal deficiencies that were not apparent when conducting the risk assessment or formulating the incident response plan, she explained.

See our two-part series on a ransomware tabletop’s 360‑degree incident response view: “Days One to Four” (Jan. 4, 2023), and “Day Five Through Post-Mortem” (Jan. 11, 2023).

Navigating the Response

Following Internal and External Communications Protocols

“Communications are a critical part of any security incident response” and are “often where companies get it wrong, either because they try to inadvertently downplay the incident or the opposite,” Bankston cautioned.

For client communications, it is essential to set up a secure channel, Reynolds stated. “I don’t want the hackers reading my messages to my client or knowing what we plan to do,” he emphasized. Establishing, prior to the breach, a communications protocol for outside parties is also necessary to ensure that company messaging is truthful, accurate and consistent, and includes all relevant facts, he explained. “It’s important to make sure folks are sticking to a known set of facts and not speculating,” he stressed.

Regardless of the audience – a vendor, the government, a partner – companies should not say anything misleading, Bankston insisted. If a company interacts with more than one entity or audience, it should be consistent in its messaging, she said. “Consistency . . . is critical truth,” she emphasized.

See “When the Phones Ring: What 100 Security Breaches Reveal About Candor, Fear and Trust in Crisis” (Apr. 1, 2026).

Eradicating the Threat

Another crucial early step following a breach is eradication, which involves containing and expelling the attackers from all systems. After that, the company should monitor to ensure that all systems are clean, Reynolds said. These tasks are usually done by a third-party forensics vendor or consultant that also furnishes information to outside counsel so they can provide legal advice regarding the incident, he explained.

During this process, data preservation is essential to maintain the company’s ability to determine the root cause of the incident, Fowler highlighted.

Conducting an Investigation

Following eradication, the focus shifts to investigation, which is important because it may be difficult to identify the attacker’s entry point, Reynolds said. “Finding the entry point for any attacker is difficult, but especially for an attacker that might be leveraging a system remotely,” he noted. To help mitigate future risks, the company should create an attack timeline that highlights what vulnerabilities were leveraged, he stated.

Determining Reporting Obligations

The OEM must also determine what its legal obligations are with respect to the incident, including any reporting obligations to consumers, vendors and regulators, Reynolds said.

In the U.S., when CIRCIA provisions become effective, they will require critical infrastructure entities, which are defined broadly, to report any cybersecurity incidents within 72 hours, Reynolds noted. Public companies may also have SEC reporting deadlines, he said, adding that reporting periods under state breach laws are longer, between 10 and 30 days. Further, companies may also be contractually required to notify vendors.

A cybersecurity breach raising a physical safety issue may warrant quicker notification than a pure PI breach even if not strictly legally required “because the consequences of security vulnerabilities potentially impacting the physical operation of a vehicle could be grave,” Bankston noted.

Conducting a Postmortem

One important step that often gets overlooked is conducting a postmortem analyzing not only how the incident happened, but also how the company could have responded better to the incident and what incident responses or procedures should be changed, Reynolds observed. The postmortem process “will vary drastically between organizations and between the type of cyber event, but I think it’s a very important step and helps folks get better,” he emphasized.

AI is fundamentally changing the practice of law, but many lawyers are confused or even frightened about what the technology may mean for their careers. Legal tech tools have evolved from spelling and grammar checks to simple AI document reviews, to AI-based document-writing programs, to today’s sophisticated AI agents that are capable of performing complex tasks independently.

Chief legal officers (CLOs) at technology companies are uniquely situated to see both sides of this evolution as they serve as the nexus between their business partners and outside counsel. During a panel at the March 2025 ABA White Collar Crime Institute, panel moderator Halimah Prado, vice president and GC at Google, joined Jeff Bleich, GC at Anthropic; Damon Hart, executive vice president and CLO at Liberty Mutual; and Anne Robinson, senior vice president and CLO at IBM to discuss how lawyers can adapt and thrive during this continuing wave of change. They provided insights and advice on how AI is changing the work of GCs and CLOs and how attorneys should learn to use AI in their personal lives and practices, and encourage its use by their teams. This article summarizes the key takeaways from the panel.

See “Benchmarking AI Uptake by Compliance Functions” (Dec. 3, 2025).

Focusing on the Good Stuff

While many lawyers have been cautious – and even frightened - of the adoption of AI, the panelists sounded a positive note, highlighting the benefits AI can bring to the legal profession and that attorneys can bring to AI.

Lawyers Have a Leg Up

When it comes to working with AI, lawyers have a leg up. The best attorneys are ones who ask good questions, whether during cross examination or in a meeting – a skill also central to crafting prompts for an AI program, Bleich noted. AI provides “the opportunity to really think hard about what question to ask,” which has forced him “to be a better listener [and] a better questioner,” when he is not getting the results he wants from an AI prompt. AI will “make us all better lawyers and happier lawyers,” he predicted.

AI enables CLOs and in-house legal departments, alongside outside law firms with special expertise, to focus on the question of how to advance a company’s business strategy within the parameters of the law, Robinson said. In her work for IBM, she strongly encourages law firms “to lean in and embrace AI as a way of getting to the good work, the work that really matters.”

Law is a language-based discipline that fits well with the large language models (LLMs) that power generative AI, Hart observed. His early career involved reviewing boxes full of documents for thousands of billable hours, but now that work can be done by AI, freeing junior lawyers to focus on thinking creatively and strategically.

More Practical Legal Training

The rise of AI has also given the legal profession, particularly in the U.S., an opportunity to rethink law school. The changes brought about by the technology should shift the focus of law schools toward clinics and the European notion of teaching to actually understand the practice of law and not just the regurgitation of memorized information, Prado suggested.

In the near future, new lawyers will be able to use AI to help them create “brilliant briefs” by taking all the combined knowledge of the best legal minds and using that as a starting point, Bleich said. They will never have to spend “2,400 hours a year sitting in a chair grinding” through documents, looking for a single word. They will be rewarded for being capable of communicating effectively with other humans and bringing them to a consensus on important issues. Such future lawyers will have the ability to create work of a quality that is “far beyond anything that I was ever capable of producing as a lawyer,” he concluded.

Use of AI in the legal context has also given attorneys an opportunity to reinvigorate the notion of legal counsel that is not tied to billable hours, Prado added.

Encouraging Your Team to Use AI

Legal teams can be encouraged to use AI through both an AI-accepting culture and training, the panelists suggested.

Acknowledge the Elephant in the Room

The first step that Prado took with her legal team at Google was to “acknowledge the elephant in the room” – their concern that AI will take their jobs. She followed that with an explanation of why in-house lawyers will remain important at the company. She told them that Google’s lawyers are vital because, for example, they “are the folks that sit down with an engineer to think through how to deploy a given sort of service in a country and defend it against [regulators].” She admitted that there are aspects of their work that AI will take over but stressed that this will give them more free time to fill with strategic work.

Culture

An AI adept legal team begins by fostering a forward-looking culture that values experimentation.

CLOs should seek team members who are adaptable, which “means that they have to be low ego,” Bleich advised. They need to accept that the person on a team who knows the most or has the best ideas will be the one to engage in meetings with the company’s leaders. They should be motivated not by getting face time with leaders or making money or other “totems of success,” but by wanting to make customers happy, solve problems and make the world a better place. “The teams that we have developed [at Anthropic] are using that as the standard,” he said. “Their curiosity about AI and their desire to do good with it has been a terrific formula for building a really strong team, but not a conventional team.” In order to get people up to a higher level with AI, there has to be a “sense of openness and vulnerability and an awareness that we are all learning our way through this,” he emphasized.

It is important to encourage team members to be constantly asking themselves how to make their routine tasks more efficient, Robinson explained. When team members take agency to do this every day at their desktops, that creates a culture where members define their roles broadly and think about how to leverage tools to be more effective, not just on their desktops or in the legal department, but across the company. “That is the defining characteristic of what I would like to see in my legal department,” she said.

Room to Play

There is no predictable playbook on how attorneys should learn to use AI, Bleich said. The learning path should be non-linear and reward constant adaptation, like a jazz musician, he added.

One way to build a legal team’s AI skills is to set up a “grassroots experimental lab,” in which they are given approved AI products and allowed to “play” with them, Prado suggested. Lawyers at Google started with AI “baby steps” such as email drafting and meeting scheduling, she noted. Then her team began experimenting with using AI for routine legal tasks such as responding to document requests from regulators. She noted that past requests and past responses to them are a “wonderful hotbed of data for us from an AI perspective,” enabling her legal team’s AI to become able to write the first drafts of responses. Negotiating contracts and settlements has also been an area in which experimenting with AI has given good results to Google’s legal team, she added.

At Anthropic, to boost the legal department’s AI capabilities, Bleich set aside the first week of the year, when the legal team was still moving slowly after returning from holiday breaks, to brainstorm ways to use AI to reduce the time spent by lawyers on routine tasks by 10 percent. The goals were meant to be modest, and the real focus was on getting the legal team to loosen up around using AI and think creatively. “It worked extremely well,” he noted. “We created some plugins . . . that were useful enough that after about a month we sent them to the product team . . . to see if they may be helpful to others and they really took off and are being used.”

Training

The on-the-job training of lawyers has been fundamentally changed by AI, Hart observed. In the past, junior lawyers learned a lot about contracts, for example, by doing thousands of hours of contract review, work that AI has largely taken over. Much like how GPS programs have led to many people never learning how to read a map, AI’s ability to do work such as contract review risks causing junior lawyers to not develop the fundamentals of contract-reading, making them reliant on AI to do work that they lack the experience to understand themselves. “How do we get somebody to be proficient without that ‘map reading’ stage, where we are having them dig into the boxes and learn discovery?” he asked. “As leaders in the law, we need to think about how we train our people to do what this new job is, because it is a fundamentally different job.”

Law firms should concentrate on teaching junior lawyers persuasive skills – something at which humans are intrinsically superior to AI – by putting them in court, mediations and other situations where they can apply their understanding of human nature and emotional resonance, Bleich suggested.

Proceed With Caution

Since generative AI was introduced, several lawyers have landed in hot water for filing AI-written briefs that cite non-existent cases. To prevent this happening to members of their teams, CLOs should ensure they are aware of the relevant ABA Rules – in particular, the duties of competence, candor and supervision – as well as ABA Model Rule 512. In addition, CLOs should instill in team members the habit of reading and understanding all the citations in all the documents they submit. “Treat AI like a very good intern,” Hart said. “I would never take something an intern gave me and submit it to a court, or my boss or a peer” without a thorough review, he said.

AI is in its “adolescent” stage of development and risks such as made-up citations are part of this stage, Bleich said. As AI moves into its “adult” stage, its risks will dramatically increase; for example, future AI may make it easy for ordinary people to build bioweapons and nuclear bombs, he warned. Lawyers should be thinking not only about how to adapt AI to their current practices but also about future risks. “How can lawyers perform our professional responsibility of making sure that technology is used in a rules-based system that is responsive to the needs of everyone?” he asked.

See “A Baker’s Dozen AI Governance Resolutions for 2026” (Jan. 7, 2026).

AI Challenges

While the CLOs strongly supported adoption of AI tools by legal departments and their outside counsel, governance is critical.

AI is a “runaway technology that is moving at an exponential pace,” while governance of AI has failed to keep up, Bleich suggested. It normally takes a while for governance to catch up with new technologies, but CLOs still “really need to accelerate governance.” Even with Model Rule 512, there are still many important ethical questions about AI in the legal profession that “no one has stepped up” to address, he said.

Another challenge is the gap between the skills that led to people being hired for in-house legal teams and the skills that they now need, Bleich noted. “Everyone, including myself, feels like an imposter” when it comes to the work needed to change a legal department to embrace AI, he added.

AI is not the only technology that will likely revolutionize how lawyers work, Robinson said, giving the example of quantum computers – which are much more powerful in many ways than traditional computers because they use qubits, which can process much more information than the binary bits used in traditional computers. Sometimes new technologies introduce new risks that are not understood or foreseen, she said. CLOs should think proactively about new technologies before they arrive and “use this moment to think about the principles around ethics and governance that could be applied to emerging technology and not just AI,” she said.

In dealing with new technologies and future developments of AI, it is vital to keep in mind the first principles of legal practice, which include ethical considerations and social implications, Prado said. CLOs need humility to acknowledge the gaps where the old way of doing things no longer meets the needs of the present and the “courage” to tackle these gaps comprehensively, she said. There is a responsibility on the legal industry to ask questions about AI that are not being asked and to be a vocal participant in the conversation about solutions, guardrails and responsible ways to deploy AI, she concluded.

See “AI Governance: Striking the Balance Between Innovation, Ethics and Accountability” (Feb. 12, 2025).

Getting Hired

As the CLO of a technology-forward AI company, Robinson tells all of the outside law firms that IBM works with that they must be experimenting with AI. Any of them that hesitate to do so are encouraged to “come talk with us,” she said, because it “is everybody’s responsibility to be engaging with” AI.

However, sometimes outside counsel’s claims of using AI are mere pandering, Prado warned. Google expects outside counsel to explain exactly what AI tools they are using and how they bring value to the services they provide. Google even wants to know about AI tools that the outside counsel uses with other clients or internal processes, she noted. “That is instructive for us. It has opened our aperture as to how firms are thinking about using AI.”

See “Managing Third-Party AI Risk” (Aug. 20, 2025).

InfoLawGroup has welcomed Lael Bellamy as a partner in the firm’s data privacy and security, AI, technology and adtech practices. She arrives from DLA Piper.

Bellamy has more than three decades of experience advising clients on privacy, data protection and cybersecurity laws with a focus on adtech, AI, data use and governance, M&A, consumer protection and data breaches. She helps clients to operationalize data protection requirements globally, including conducting website, cookie, pixel and tracking assessments and remediation; building governance and privacy programs; negotiating and drafting privacy, data protection and security agreements; advising on risk management; and conducting privacy impact assessments. She also counsels clients on optimizing their strategic initiatives and responsible AI and data use.

Most recently, Bellamy was a partner at DLA Piper. Prior to that, she spent a majority of her career in-house supporting CIOs and chief marketing officers. She also served as CPO of Voya/ING and The Weather Channel (later IBM). Earlier in her career, she led the privacy office at The Home Depot, where she addressed privacy and data use globally.

For insights from InfoLawGroup, see “Enforcement Lessons From Disney and Four Other FTC Children’s Privacy Actions” (Jan. 28, 2026).