Dr. Ilia Kolochenko  talks about the post-honeymoon phase of AI and how it is landing  lawyers, arbitrators and other legal professionals in hot water

• How are “hidden” AI assistants embedded in traditional software, operating systems, mobile and IoT devices causing massive leaks of confidential and privileged information?

In 2026, high-quality training data is the new gold for AI companies. Further evolution of the allegedly omniscient and omnipotent LLM models is technically impossible without such data. Therefore, AI vendors of all sizes are aggressively exploiting all kinds of tricks to get your data – ranging from confidential documents to corporate emails and discussions on Slack – to finetune their AI models. Although, large corporations follow certain rules to avoid liability in court, their data-gathering practices are still often very close to the line. For example, they may enable data collection by default, while disabling it – is an arduous task, hidden behind numerous dark patterns, aimed at preventing users to change the default settings. As to smaller companies, they may simply use your data for reselling or internal use whatever their terms of service say. Thus, be extremely prudent: just reviewing terms of service is not enough, an in-depth audit of how your data is actually utilized is required.

• Why are rules and frameworks on the ethical use of AI, such as those by ABA or CIArb, not sufficient to mitigate technical risks and deceptive practices by AI vendors?

These rules and frameworks are very helpful, but for obvious reasons, they cannot address every single risk or threat of AI use. For instance, in 2026, several new models of EU and US cars incorporated AI agents or systems by default to collect your driving and other data to then be sent to a cloud. Eventually, all your calls, messages and other activities made from your vehicle may be used for LLM training unbeknownst to you.

• Why are smaller AI startups often more dangerous toboth big law firms and solo practitioners than Big Tech due to aggressive and unethical data harvesting practices?

Smaller startups are limited by funds and other resources to procure training data for their in-house AI models. Therefore, they form the so-called AI training pools, where hundreds of smaller players submit some data and, in exchange, can use all other data from the pool. Eventually, once your data is shared with a small AI startup, the data may eventually end up in thousands of wrong hands around the globe. Cybercriminals have recently realized that breaching such data pools may bring some hidden gems and purposely go after them. Thus, your data may not only be exploited by nation-stated-back AI companies from hostile jurisdictions to train their AI models, but may also be used to blackmail your company or your clients.

• How can legal professionals audit their “digital hygiene” to ensure AI doesn’t become a liability during high-stakes litigation?

A comprehensive visibility of your data flows and data usage is essential. Whatever terms of service of your vendors say, you should have a holistic visibility and mapping of what actually happens to your data, where and how. You should not only know what data is being used, by whom and what for, but also what vendors might do with your data. For instance, if your vendor is hacked, your data in its hands will become accessible to cybercriminals. If you are unprepared to accept such risk, do not share this data with that vendor.

• What are the disciplinary sanctions and legal risks forunwitting data disclosure through AI?

Till today, courts around the globe have been pretty lenient, imposing mild sanctions. However, in 2026, given that AI literacy and usage grow rapidly, blunders will not be tolerated anymore. Suspension and even disbarment will likely become the new reality for negligent legal professionals.