Welcome back to a new edition of the Law and Technology Workshop!

Friday, October 3, 2025, noon - 1 pm ET

Join here 

Nick Nugent: Generative Cybersecurity

Discussant: Mailyn Fidler

This Article attempts to answer two basic questions: (1) How is AI changing the landscape of cybersecurity? and (2) Do these changes expose gaps in existing cybersecurity laws and doctrines that now need to be addressed? It answers these questions by constructing a comprehensive taxonomy of the principal ways in which AI intersects, or could intersect, with cybersecurity. It then distills cybersecurity’s AI gaps into five distinct themes and offers suggestions for how the law might fill those gaps.

Abstract

Cybersecurity is experiencing a sea change, and AI is to blame. Bots, which now outnumber human users, prowl the internet day and night, using deep learning to uncover vulnerabilities and threatening to make all software essentially transparent. Advances in agentic systems are enabling hackers to multiply themselves and autonomously conduct cyberattacks at scale. And the age of real-time deepfakes is now upon us, as scammers personally converse with victims in their social engineering schemes while powerful hardware dynamically swaps their faces and voices with those of impersonated relatives or coworkers. At the same time, traditional legal doctrines are showing their age: cyber-trespass rules rarely constrain automated probing, the Computer Fraud and Abuse Act fails to discipline adversarial AI attacks that stop short of intrusion, and right-of-publicity laws apply awkwardly to deepfake impersonations. Liability frameworks compound the problem, as tort doctrines struggle to map onto harms arising from autonomous systems, and firms may succeed in evading accountability by outsourcing their defenses to agentic technologies that may sometimes underperform reasonable humans. This Article attempts not only to reckon with these AI-induced gaps but also to use them as an opportunity to reexamine certain aspects of cybersecurity law, including the scope of punishable “hacking,” the nature of likeness protections, and tort liability for software vendors and operators. It does so by first constructing a comprehensive taxonomy of the principal ways in which AI intersects, or could intersect, with cybersecurity. It then distills the AI gaps observed along the way into broader themes that span distinct AI use cases. The Article closes by proposing a series of statutory reforms and interpretive frameworks designed to close these gaps and thereby strengthen cybersecurity in the age of AI.

Link to Paper

Further Schedule: Law and Technology Workshop Website

• October 17, 2025, noon - 1 pm ET: Brad Greenwood, The Effect of Gunshot Detection Technologies on Policing Practices: An Empirical Examination of the Chicago Police Department
  Discussant: John Meixner

• November 14, 2025, 11.30 - 12.30 pm ET: Alan Rozenshtein, Unitary Artificial Executive
  Discussant: Aditya Bamzai

• December 19, 2025, noon - 1 pm ET: Giulia G. Cusenza, From Policy to Practice: Closing the Gap in AI Public Procurement
  Discussant: Cary Coglianese

• AALS Annual Meeting, January 9, 2026, 9.35 - 10.50 am, New Orleans:

  • Raúl Carrillo, Satellite Finance

  • Ximena Reverditto, Against Biomedical Progress

  • Arti Walker-Peddakotla, The Obfuscation of Surveillance

• January 16, 2026, noon - 1 pm ET: Mehtab Khan, Access to Datasets
  Discussant: Michael Goodyear

CfP: 2026 Virtual Workshop on Private Law & Emerging Technology

Due: October 24, 2025. Details: see attachment.