By: Nicole Ruban
Artificial intelligence (AI) has created a new landscape for attorneys and corporations to navigate. The benefits and potential for increased profits for corporations are endless. But with the good, comes the bad. In a world where cybersecurity is a priority, is AI safe to use? On the other hand, in a world where AI is dominating, would it be irresponsible for corporations not to use AI?
As artificial intelligence seems to infuse various aspects of life, corporations are carving out AI’s place in their business models. “The benefits of AI for businesses are undeniable — higher productivity, enhanced customer satisfaction and significant cost savings are just the beginning.”[1] AI is being used in areas such as customer relationship management, employee upskilling, improving operational efficiency, market research, security, and importantly decision-making and strategy.[2] “Today, [AI’s] influence spans a wide range of sectors, including marketing, supply chain management, financial services and healthcare”[3] and the largest U.S. corporations such as Walmart,[4] Amazon,[5] and Apple.[6]
Unfortunately, despite all the corporate benefits, AI is not without risk. “AI adoption [by corporations] is greatly outpacing AI security and governance.”[7] Logically, insufficient AI security and governance pose a threat to corporations and could subject corporations to not only harm, but also liability. In turn, directors and officers may face liability under a breach of fiduciary duty theory.
Conversely, could corporations face liability for not employing AI methods within their business model? “AI’s potential to create value will become an avenue for differentiation as management continues incorporating AI even deeper within their operations.”[8] With AI on such an undeniably steep rise, AI could become the new norm for increasing profits. Between the push and pull of the risk and benefit analysis of AI use, the answer lies in AI safeguards and directors’ and officers’ potential responsibility to employ those safeguards.
Artificial Intelligence Threats, Effects, and Responses
Despite the many benefits that artificial intelligence brings to corporations as described above, artificial intelligence also poses many threats to corporations. AI threats could include AI cyberattacks, accidental release of data, and mistakes within the AI system itself that subjects a corporation to liability. In an Ernst & Young survey, 99% of companies “reported financial losses from AI-related risks and 64% experienced losses exceeding US$1 million.”[9] In July 2025, IBM, a corporation that itself uses AI in various ways, published an article describing AI-related breaches.[10] The statistics are abundant and telling. “13% of organizations reported breaches of AI models or applications, while 8% of organizations reported not knowing if they had been compromised.”[11] “Of those compromised, 97% report not having AI access controls in place.”[12] Furthermore, “63% of breached organizations either don’t have an AI governance policy or are still developing a policy. Of the organizations that have AI governance policies in place, only 34% perform regular audits for unsanctioned AI.”[13] Importantly, the IBM report emphasized the importance of AI security and governance, the operational disruption that could occur because of an AI breach, and the costliness of AI breaches.[14]
In the last few years, many corporations and businesses have experienced an AI-related disaster. In April 2023, Samsung engineers had uploaded confidential designs to ChatGPT which led to estimated direct losses of £150 million, a 3.2% stock price drop, a competitive loss, and a complete ban on generative AI tools for employees.[15] At the time of this incident, “Samsung had no AI usage policy, no monitoring systems, and no employee training on AI risks. Engineers viewed ChatGPT as a productivity tool, not recognizing that OpenAI could potentially access, store, and train on their inputs.”[16] Now in 2026, Samsung’s view on AI has shifted. Samsung has “established a set of AI ethics principles, ʻFairnessʼ, ʻTransparencyʼ and ʻAccountabilityʼ. . . . designed to fulfill [] social and ethical responsibilities as well as to comply with applicable laws.”[17] Samsung has also established AI ethics guidelines and training programs for employees.[18] Furthermore, Samsung’s website represents that “AI will be adequately protected and have security measures to prevent data breach and cyberattacks.”[19]
In 2018, reports came out about an Amazon AI recruiting tool that showed bias against women. [20] “Amazon’s system taught itself that male candidates were preferable.”[21] “Amazon edited the programs to make them neutral to these particular terms. But that was no guarantee that the machines would not devise other ways of sorting candidates that could prove discriminatory.”[22] Due to these issues, Amazon abandoned the project.[23]
In October 2025, Amazon Web Services (AWS), a subsidiary of Amazon, suffered from a disruption that affected prevalent websites and apps.[24] “Such events can compromise more than just convenience in regulated sectors like finance and healthcare; downtime can affect audit trails and [jeopardize] compliance.”[25] Events such as this, highlight that AI infrastructure liability “can inflict billions of dollars in annual losses through their impact on revenue productivity and reputation.”[26] This is why it is important to have “reliance plans in place, including backups and alternative routes for essential data and services.”[27] AWS has a “Responsible AI Policy” in which it states certain prohibitions for AI use, and emphasizes the need to “evaluate the potential risks of your use case and implement appropriate human oversight, testing, and other use case-specific safeguards to mitigate such risks. Consequential decisions include those impacting a person’s fundamental rights, health, or safety.”[28]
External Solutions to Artificial Intelligence Threats
CouldAI itself be the answer to the risks posed by AI? Fiduciary AI is a measure that directors may be able to take in the future to mitigate AI risks. “The intersection between computer science and law may be the solution, as fiduciary AI capable of legal compliance could fill the void when utilizing modern AI models.”[29] Fiduciary AI is being developed “to facilitate fiduciary duties with respect to its operator” and to “align model outputs with legal standards of care and loyalty.” [30] Even if a successful fiduciary AI model is developed, Fiduciary AI is unlikely “to replace the human judgment, accountability, or discretion required to fulfill fiduciary obligations,” so some sort of AI governance and securities policies must still be in place.[31]
A measure that directors of a corporation can presently take is obtaining insurance coverage for AI related events, such as E&O and D&O policies. “Companies should consider errors and omissions (E&O) and other professional liability policies that cover claims arising from negligence, errors and omissions in providing personal services. Directors and officers (D&O) policies cover corporate executives’ assets in the event of claims alleging mismanagement or breach of fiduciary duty.”[32] Although various policies may apply in cases of AI related incidents, the D&O policy seems to be the most applicable for protecting directors and officers in the event of an AI catastrophe.
Still, as AI is evolving, there may be “substantial gaps in coverage” and it is vital that corporations review their policies regularly.[33] “Some insurers have already begun offering new insurance products tailored to the unique risks posed by AI . . . . These products can help cover hallucinations, algorithmic bias, regulatory investigations, IP infringement claims and other class action lawsuits.”[34] In October 2025, the Geneva Association, the only global association of insurance companies, released a report discussing insurance and AI.[35] Specific topics discussed in the report included risks and benefits of Gen AI to businesses, high demand for insurance in light of Gen AI, and the challenges for insurance companies to provide Gen AI coverage.[36]
Internal Solutions for Corporate Liability for Artificial Intelligence
In this gray area where regulation and security have not caught up with AI use, it is important for fiduciaries, whether directors or officers, to first understand AI risks. “Despite the financial stakes, … many C-suite leaders don’t know how to apply the right controls to mitigate AI risks. [In an Ernst & Young survey] [w]hen asked to match the appropriate controls against five AI-related risks, only 12% of respondents got them all right.”[37] As the duty of care requires directors to act on an informed basis,[38] directors should greatly consider all material information reasonably available about the use of AI within a corporation. That may include information regarding industry norms, current legislation, and proposed legislation.
Corporate law is at a turning point with regards to corporate AI use. Although AI is being increasingly used within business models, corporations acknowledge substantial risks and AI regulatory scrutiny is starting to increase.[39] Yet, fiduciaries face a dilemma because “failing to incorporate AI into decision-making could also constitute a breach of fiduciary duty. AI’s potential to create value will become an avenue for differentiation as management continues incorporating AI even deeper within their operations.”[40]
“More and more states have introduced AI-related legislation over the last few years. In the 2025 legislative session, all 50 states, Puerto Rico, the Virgin Islands, and Washington, D.C., have introduced legislation on this topic this year.”[41] Though there is currently no Delaware AI specific corporate regulation in place, in July 2025, Delaware legislature enacted House Joint Resolution 7, that “direct[s] the Artificial Intelligence Commission to work in collaboration with the Secretary of State to create a regulatory sandbox framework for the testing of innovative and novel technologies that utilize agentic artificial intelligence.”[42] This may signal future Delaware corporate AI regulations.
Conclusion
Artificial intelligence is advancing quicker than security measures, regulation, and governance. That means that corporate AI use places corporate fiduciaries in danger of liability for breach of fiduciary duties claims. Fiduciaries were marked “safe” in prior cases of AI catastrophe and cybersecurity attacks because of the lack of legislation, and thus lack of positive applicable law. Now that AI regulations are approaching, that fiduciary safety may change. To protect themselves, corporate fiduciaries should consider establishing and updating AI governance policies, maintaining insurance coverage, especially AI-specific insurance, implementing AI monitoring systems, and staying informed about legislation. Finally, it is important to keep up with technological advances and protections because, ironically, advances in AI itself may be the solution to AI risks in the future. Although human oversight will always be necessary, technological development such as artificial intelligence programmed to operate with fiduciary duties, may be the future of corporate AI.
[1] 10 Real-Life Examples of how AI is used in Business, Univ. San Diego, https://onlinedegrees.sandiego.edu/artificial-intelligence-business/ (last visited Mar. 15, 2026).
[2] Id.
[3] Id.
[4] Walmart Partners with OpenAI to Create AI-First Shopping Experiences, Walmart (Oct. 14, 2025), https://corporate.walmart.com/news/2025/10/14/walmart-partners-with-openai-to-create-ai-first-shopping-experiences.
[5]5 Ways Amazon is Using AI to Improve Your Holiday Shopping and Deliver Your Package Faster, Amazon (Nov. 22, 2024), https://www.aboutamazon.com/news/operations/amazon-uses-ai-to-improve-shopping.
[6] Introducing Apple Intelligence, the Personal Intelligence System that Puts Powerful Generative Models at the Core of iPhone, iPad, and Mac, Apple: Newsroom(June 10, 2024), https://www.apple.com/newsroom/2024/06/introducing-apple-intelligence-for-iphone-ipad-and-mac/.
[7] IBM Report: 13% Of Organizations Reported Breaches of AI Models or Applications, 97% Of Which Reported Lacking Proper AI Access Controls, IBM (July 30, 2025), https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls [hereinafter IBM Newsroom Report].
[8] Richik Sarkar & Jarjan J. Smith, Mitigating Board and Corporate Fiduciary Risks of AI, Risk Mgmt. Mag. (Feb. 6, 2025), https://www.rmmagazine.com/articles/article/2025/02/06/mitigating-board-and-corporate-fiduciary-risks-of-ai.
[9] Joe Depa, How Can Responsible AI Bridge the Gap Between Investment and Impact?, EY (Oct. 8, 2025), https://www.ey.com/en_gl/insights/ai/how-can-responsible-ai-bridge-the-gap-between-investment-and-impact.
[10] IBM Newsroom Report, supra note 7; Cost of a Data Breach Report 2025, IBM (July 30, 2025), https://www.ibm.com/reports/data-breach (click “Download report” and fill out form to access).
[11] IBM Newsroom Report, supra note 7; IBM, supra note 43 at 7.
[12] IBM Newsroom Report, supra note 7; IBM, supra note 43 at 5.
[13] IBM Newsroom Report, supra note 7; IBM, supra note 43 at 7.
[14] See IBM Newsroom Report, supra note 7; see IBM, supra note 43.
[15] The True Cost of AI Misuse: Real Corporate Disasters and How to Prevent Them, Thinkpol, (Dec. 22, 2024), https://blog.thinkpol.ai/posts/03-true-cost-ai-misuse-corporate-disasters/; Siladitya Ray, Samsung Bans ChatGPT Among Employees After Sensitive Code Leak, Forbes, (May 2, 2023, 7:31 AM), https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/.
[16] Thinkpol, supra note 15.
[17] Samsung AI Principles, Samsung https://www.samsung.com/us/about-us/digital-responsibility/ai-ethics/#:~:text=Samsung%20AI%20principles,AI%20ethics%20through%20training%20programs (last visited Mar. 15, 2026).
[18] Id.
[19] Id.
[20] Jeffrey Dastin, Insight – Amazon Scraps Secret AI Recruiting Tool that Showed Bias Against Women, Reuters (Oct. 10, 2018, 8:50 PM), https://www.reuters.com/article/us-amazon-com-jobs-automation-insight/amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-women-idUSKCN1MK08G/.
[21] Id.
[22] Id.
[23] Id.
[24] Georgia Collins, What AWS’ Disruption Reveals About AI Infrastructure, AI Mag. (Oct. 20, 2025), https://aimagazine.com/news/aws-down-the-billion-dollar-impact-of-cloud-dependency.
[25] Id.
[26] Id.
[27] Id.
[28] AWS Responsible AI Policy, AWS, https://aws.amazon.com/ai/responsible-ai/policy/ (last visited Mar. 15, 2026).
[29] The Artificial Fiduciary: How Black Box AI Models Are Compromising Fiduciary Duties Within Private Equity, Cullen & Dykman LLP: News and Insights (July 18, 2025),https://www.cullenllp.com/blog/the-artificial-fiduciary-how-black-box-ai-models-are-compromising-fiduciary-duties-within-private-equity/ (citing Sebastian Benthall & David Shekman, Designing Fiduciary Artificial Intelligence, Cornell Univ.: arxiv (July 27, 2023), https://arxiv.org/abs/2308.02435).
[30] Id.
[31] Id.
[32] Sarkar & Smith, supra note 8.
[33] Id.
[34] Id.; see Angela Yang, Insurance companies are trying to avoid big payouts by making AI safer, NBC News, (Nov. 18, 2025),https://www.nbcnews.com/tech/tech-news/insurance-companies-are-trying-to-make-ai-safer-rcna243834.
[35] Ruo (Alex) Jia, Gen AI Risks for Businesses: Exploring the Role for Insurance, Geneva Ass’n (Oct. 2025), https://www.genevaassociation.org/sites/default/files/2025-10/gen_ai_report_0110.pdf.
[36] Id.
[37] Depa, supra note 9.
[38] Cede & Co. v. Technicolor, Inc.,634 A.2d 345, 367 (Del. 1993); United Food & Com. Workers Union & Participating Food Indus. Emps. Tri-State Pension Fund v. Zuckerberg, 262 A.3d 1034, 1049–50 (Del. 2021).
[39] Sarkar & Smith, supra note 8.
[40] Id.
[41] See Artificial Intelligence 2025 Legislation, Nat’l Conf. State Legislatures (July 10, 2025), https://www.ncsl.org/technology-and-communication/artificial-intelligence-2025-legislation for a table of state-specific AI laws and regulations.
[42] H.J.R. Res. 7, 153rd Gen. Assemb. (Del. 2025).
Leave a Reply