Buchalter’s Cyber Investigations and Data Rights Enforcement Group Issues Call to Action

The Industry Group, led by Doug DePeppe, Matthew Yarbrough and David Liu, along with other attorneys practicing in technology and risk management at Buchalter, provide the following brief alerts about two trends that require alerts to all Buchalter clients.

AI EXPONENTIALLY INCREASES RISK OF CYBER BREACH AND NEED FOR ACTION

Media, think tank and cybersecurity reports have revealed certain AI platforms having advanced hacking capabilities. For example, Anthropic’s Mythos is undergoing a limited rollout because of fears that hackers will exploit its capability for launching zero-day attacks (i.e., attacks on unreported vulnerabilities). Yet, last fall open-source AI hacking agents were already in the marketplace and could be used to automate hacking.  Like so many other AI advances, the era of automated hacking has arrived! The cybersecurity industry anticipates a spike in supply chain, ransomware and other cyberattacks using AI systems in 2026.  Buchalter attorneys in technology, AI, cybersecurity, and data privacy industry and practice groups are available to assist clients with improving preparedness, risk management, and compliance.    

INCREASED PRIVACY COMPLIANCE OBLIGATIONS CREATES PERSONAL EXPOSURE FOR C-SUIT

California Consumer Protection Act regulation complexities: With the new Jan 1, 2026, cybersecurity, AI and data privacy requirements now live, with more requirements coming in 2027, California businesses, or vendors, contractors and service providers of California businesses have substantial legal duties regarding personal information that are effective now. Moreover, along the lines of Sarbanes Oxley changes, executive level certification of compliance will potentially create individual liability for executives. Indeed, compliance not only affects those subject to CCPA, but covered businesses must ensure that their service providers and subcontractors are also fully compliant. Accordingly, there are widespread compliance obligations that involve ensuring the consumers have access and other rights associated with their personal data. The CCPA compliance burden is not widely understood and companies should not risk CCPA penalties for noncompliance, as CCPA also affords attorney fees and a private right of action for violations.

This communication is not intended to create or constitute, nor does it create or constitute, an attorney-client or any other legal relationship. No statement in this communication constitutes legal advice nor should any communication herein be construed, relied upon, or interpreted as legal advice. This communication is for general information purposes only regarding recent legal developments of interest, and is not a substitute for legal counsel on any subject matter. No reader should act or refrain from acting on the basis of any information included herein without seeking appropriate legal advice on the particular facts and circumstances affecting that reader. For more information, visit www.buchalter.com.