Articles

The Community Bank Wake-Up Call

ByKayne May 18, 2026May 18, 2026

Key quote:

Among the customer information the Bank has determined was disclosed are customer names, social security numbers and dates of birth.

Why it matters:

This probably isn’t just another boring data leak; it’s looks like this is the first time an employee YOLOed non-public banking data into a public LLM and forced their CEO to sign off on an uncomfortable SEC 8-K filing. Earlier in May, Community Bank discovered an internal incident where an unauthorized AI application handled sensitive customer info, triggering a disclosure on May 7. This shows some of the problems with the current gaps in governance. Gallup reported in January 2026 that while daily AI use in U.S. workplaces hit roughly 12% in Q4 2025 (spiking higher in knowledge roles), while Deloitte’s 2026 “State of AI in the Enterprise” found that only about 1 in 5 companies has a mature governance model for autonomous or agentic AI. That disconnect between having a PDF vs employees doing stuff is where the risk starts.

The real impact here isn’t going to be just the breach itself, but the legal and regulatory problems that are probably going to follow. With customers spread across southwestern Pennsylvania, Ohio, West Virginia, and parts of New York and Massachusetts, we could see NYDFS action alongside federal scrutiny. The Office of the Comptroller of the Currency (OCC) made it clear in their March 2026 guidance that banks are responsible for third-party AI tools, regardless of whoever approved them or didn’t. This incident proves that “shadow AI” is no longer an abstract “cybersecurity risk”; the use of shadow AI now can lead to a reportable security event to the regulator of your choice.

If a related class action investigation moves forward, the bank could face lawsuits for loss of privacy and out-of-pocket costs, turning a policy failure into a financial liability. That’d depend on determining if the system’s use directly led to harm, not just a potential risk to consumers; depending on jurisdiction and evidence that might be hard to prove unless an agentic AI goes on an identity theft spree with the exfiltrated SSNs, names, and birthdays.

Ultimately, this disclosure hopefully will cause a shift from theoretical “paper tiger” governance to actual, enforceable guardrails. The question for every CISO and compliance officer is no longer “should we allow AI?” but “how do we manage what’s already happening before the next SEC filing?”

Articles

Regulators Are Blinking. Your AI Risks Aren’t Waiting.
ByKayne May 14, 2026May 13, 2026

It was a pleasure joining Aashis Luitel and Tristan Ingold on Sprinto’s webinar today. We covered a lot of ground in an hour, but here’s what I keep coming back to: the worst thing leaders can do right now is wait. The timing of the webinar was comedy gold. Days before we chatted about AI…

Read More Regulators Are Blinking. Your AI Risks Aren’t Waiting.
Articles

The EU AI Act Delay That Wasn’t a Loophole
ByKayne May 11, 2026May 11, 2026

Key quote: Today’s agreement on the AI act significantly supports our companies by reducing recurring administrative costs. It ensures legal certainty and a smoother and more harmonised implementation of the rules across the Union, strengthening EU’s digital sovereignty and overall competitiveness. At the same time, we are stepping up the protection of children targeting risks…

Read More The EU AI Act Delay That Wasn’t a Loophole
Articles

The $20 Billion AI Black Box and the Data You Thought Was Private
ByKayne May 6, 2026May 6, 2026

Key quote: “Because no Defendant in this matter has served on Plaintiff either an answer or a motion for summary judgment as of the filing of this Notice, Plaintiff may dismiss this matter without prejudice as a matter of right.” Why it matters: I was tracking Case 3:26-cv-02803 because it potentially exposed an uncomfortable economic…

Read More The $20 Billion AI Black Box and the Data You Thought Was Private
Articles

The $9 Billion Market Built on Junk Science
ByKayne May 15, 2026May 15, 2026

Key quote: “There are — I mean, literally, at this point — hundreds and hundreds of studies involving thousands and thousands of people to show that when it comes to emotion, variation is the norm. The idea that emotions can be objectively measured or analyzed at all, in other words, is fantasy.” Why it matters:…

Read More The $9 Billion Market Built on Junk Science
Articles

AI Wins in Colorado Legislature
ByKayne May 12, 2026May 12, 2026

Key quote: The bill establishes consumer notice requirements, mandating that deployers provide clear and conspicuous notice to consumers at the point of interaction with a covered ADMT. A deployer is required to provide a consumer with a plain language description of a covered ADMT’s role within 30 days after the covered ADMT makes a consequential…

Read More AI Wins in Colorado Legislature
Articles

DFS Secures $2.25 Million Cybersecurity Settlement with Delta Dental
ByKayne May 4, 2026May 8, 2026

Key quote: “As cybersecurity threats continue to grow, the Department is committed to holding institutions accountable.” Why it matters: The MOVEit zero-day was exploited starting in May 27, 2023. Progress Software shipped a patch on May 31. CISA added CVE-2023-34362 to its Known Exploited Vulnerabilities catalog that June. But here we are in April 2026,…

Read More DFS Secures $2.25 Million Cybersecurity Settlement with Delta Dental

Understand the stories that matter.

Similar Posts