This website uses cookies. By using this website, you agree to our Cookie Policy.
From Data Security to Decision Security: AI’s New Legal Risk
Reprinted from: New York Law Journal | 03/05/2026Mercedes Kelley Tunstall and Jessica Talar co‑authored a New York Law Journal article examining how artificial intelligence is reshaping the legal and regulatory dimensions of cybersecurity incident response. The piece introduces the concept of “Decision Security” — the discipline of ensuring that AI‑assisted investigative determinations are explainable, reproducible and defensible under regulatory and judicial scrutiny.
Mercedes and Jessica, together with Michael Sarlo and Anya Korolyov of HaystackID, note that “today’s incident response questions are no longer limited to whether data was breached, but whether the AI‑assisted conclusions about that breach can be trusted.” They emphasize that this evolving risk “requires organizations to treat AI not as a plug‑and‑play tool, but as a process that demands human validation, transparency, and accountability.”
The authors outline practical governance measures, including documented analytical pathways, human‑in‑the‑loop validation and context‑bound model learning, as essential to preserving compliance and defensibility in modern investigations.
Read the full article here (subscription required).
