New York Trends in Artificial Intelligence: Governance, Data Rights, and Legal Risk in the Production Phase

In the United States, and particularly in New York, the defining AI trend in 2026 is not the release of another model, but the market’s move from experimentation to operational deployment. Financial institutions, insurers, asset managers, media companies, advertisers, and law firms are moving from pilots to production, with multiple use cases, measurable returns, and widening performance gaps between early movers and laggards. The comparison to the early commercial internet is useful. Current AI, like the “dial-up” era of the internet, is noisy, imperfect and fast-moving, yet organisations whose businesses are likely to become AI-dependent are better served by deciding now what governed adoption should look like than by waiting until the “6G network” is up and running. Broadly, organisations’ adoption tends to fall into one of three archetypes: extenders, transformers, and creators. An extender uses AI mainly to make the existing business more efficient. A transformer uses it to reshape core operations. A creator uses it to build an altogether new offering or line of business. Regardless of where an organisation falls on that spectrum, the operational phase of AI adoption is raising a connected set of questions: how competitive advantage compounds; what robust governance, supervision, and recordkeeping look like; whether the organisation has the right to use the data that gives AI value; how privilege and confidentiality should be considered in workflows; and how to manage authenticity, provenance, and intellectual property risk in AI-generated content.

From Pilots to Compounding Advantage

As AI adoption matures, competitive advantage appears increasingly cumulative. Organisations that have invested in skills, testing, governance, use-case iteration, and management buy-in are now better positioned to scale successful workflows and to identify and operationalise new ones more quickly. In other words, early AI success tends to breed further AI success.

For law firms and legal departments, that dynamic is already visible in concrete workflows. Model capabilities will keep improving steadily, unlocking new powerful workflows, including slide generation, bespoke training, matter management, and large-scale document and contract review. Firms that can quickly turn these new capabilities into enhanced client services will gain market share. In New York particularly, where many clients are themselves sophisticated users of AI, expectations are shifting quickly. Clients increasingly expect substantial AI use and will be looking for corresponding reductions in time spent on routine legal tasks and increased value generated, leading to more fixed fee arrangements and subscription-based pricing.

The same shift is likely to change how work is divided between clients and their outside counsel. Corporate legal departments will increasingly bring routine tasks in-house, generate first drafts using AI, and then ask law firms to review, refine, or sign off on the result. That raises difficult questions about the appropriate level of review, where responsibility sits for accuracy and completeness, and how firms should price work that begins with a client-generated AI draft rather than a blank page.

AI fluency is also becoming a source of competitive advantage in recruitment and retention. Organisations with mature AI capabilities are better positioned to attract talent that expects to work with advanced tools, and to retain professionals who see AI proficiency as part of career development. A firm’s internal AI capability may therefore affect efficiency, pricing, and its ability to compete for the people on whom long-term performance depends. At the same time, blanket prohibitions on employee AI use can be counterproductive. In practice, hard bans may drive personnel to use unapproved tools on personal devices or in off-channel workflows, creating exactly the supervision, recordkeeping, and confidentiality problems that the organisation sought to avoid. Mature New York organisations are therefore increasingly opting for governed enablement rather than outright prohibition.

Building Robust AI Governance

Good AI governance no longer consists of a short policy telling employees to check outputs. As AI moves into production, governance is becoming a practical operating framework for deciding where AI may be used, on what data, under what degree of human review, and with what documentation and escalation. Effective governance is cross-functional and continuous. It requires business, technology, legal, compliance, risk, cybersecurity, privacy, and HR teams to work together; clear intake and escalation pathways; role-specific training; and sufficient senior management involvement to permit experimentation within defined guardrails. Core strategic decisions about AI cannot be outsourced. Though vendors and consultants can explain AI tools and benchmark peers, they cannot decide an organisation’s risk appetite, data strategy, culture, or long-term commercial positioning.

One practical governance protocol is internal disclosure of AI use. Where a material portion of work product is generated by AI, the output will be relied on in decision-making, and any mistake or omission could affect that decision, organisations may find it useful to require users to identify which parts were AI-generated before sharing the work internally or externally. This is not anti-AI. Disclosure helps normalise productive AI use, improves visibility into good and bad use cases, and calibrates review appropriately. A reviewer may reasonably defer to a trusted colleague who spent hours researching and drafting a document, but should be slower to defer when the document may contain AI-generated errors such as a non-existent exception, an omitted limitation, or a misstated standard. Disclosure also improves attribution: a genuinely strong idea, a bad idea, or a valuable prompting technique can be tracked to the right human or system source.

These market developments are being reinforced by sector-specific regulatory expectations. Across industries, regulators are converging on a similar baseline expectation: firms remain responsible for outcomes when they use AI in business processes, and responsibility cannot be delegated to the vendor. In practice, that means governance extends beyond tool approval to supervision, pre-deployment testing, ongoing monitoring, recordkeeping, and retention of the information needed to explain what the system did, how it was used, and how errors were identified and addressed. For organisations operating in New York, the New York Department of Financial Services’ expanding focus on AI governance adds another layer of supervisory expectation.

FINRA’s 2026 Regulatory Oversight Report is one example of this trend. Its discussion of generative AI emphasises enterprise governance, testing before and after deployment, monitoring of prompts and outputs over time, model-version tracking, human validation, and retention of logs for accountability and troubleshooting. FINRA also treats AI agents as a distinct risk area, highlighting autonomy, scope creep, auditability, sensitive-data leakage, inadequate domain expertise, and misaligned incentives, and urging firms to build agent-specific supervisory processes and guardrails. Although directed to member firms, the underlying lesson is wider: as AI systems move from drafting and summarising to routing, recommending, classifying, and acting, oversight becomes more operational, more documented, and more auditable.

New York has also begun to legislate more directly. On 19 December 2025, Governor Hochul signed the Responsible AI Safety and Education Act, or RAISE Act, requiring certain powerful frontier-model developers to publish safety information and report incidents of critical harm to the state within 72 hours of discovery. The Act is expected to come into full effect on 1 January 2027. Most New York organisations will not be directly regulated as frontier-model developers. Even so, the statute matters as a signal. It shows the direction of travel: for sufficiently powerful AI systems, New York increasingly expects formal safety frameworks, documented accountability, and an escalation pathway when things go wrong.

Governance decisions therefore increasingly include whether prompt and output histories should be retained, how long AI project artefacts should be preserved, who may approve higher-risk use cases, when legal review is required, and how the organisation will demonstrate that human accountability remained meaningful. For some organisations, especially those in financial services, insurance, healthcare, and professional services, the harder question is whether governance can be made durable enough to cover not only chatbots and copilots, but also AI agents that classify, route, recommend, or initiate actions. Recordkeeping and retention are not separate compliance afterthoughts. They are part of the governance design itself.

Data Rights Matter

For many organisations, the real bottleneck is no longer model access but data rights. As frontier models become more comparable, much of the value now comes from giving them access to high-quality, non-public context from work emails, SharePoint sites, databases, customer-service calls, research archives, and other internal repositories. But often, the organisations that want to use these materials do not clearly own them, or do not clearly own the right to use them in this way. Many of the most valuable datasets in New York organisations, especially at consultancies, insurers, asset managers, and other information-rich businesses, were provided by clients, customers, or other third parties, with use conditions attached to them. Specifically, NDAs, engagement letters, and contractual terms and conditions may place significant limitations on how data can be used. There are also many contractual provisions that were drafted either before generative AI was available or without the use of generative AI in mind, but which may nonetheless apply to the use of generative AI with third-party data. These include restrictions relating to use limitations, technical segregation, data alteration, data dissemination, data destruction, and IP rights. Large organisations may have hundreds or thousands of non-standard contracts, each potentially imposing different constraints on different slices of data.

This issue is becoming sharper because AI is weakening an old commercial assumption for organisations entering routine business agreements: that their counterparty is not, and will not become, a direct competitor. Clients, vendors, suppliers, service providers, and platforms can now use shared data to identify patterns, generate insights, and build new products or services that compete with some part of another party’s business. As a result, non-disclosure terms and data-use limitations that once seemed like background boilerplate in routine business-to-business arrangements are becoming material operational issues. For New York lawyers advising on AI, contract review now needs to happen at the start of the project, not after the tool has already been built.

Privilege and Confidentiality

Privilege and confidentiality are also becoming questions of workflow design. A recent Southern District of New York opinion illustrates how these issues can play out. On 17 February 2026, Judge Rakoff issued a written opinion in United States v. Heppner (No. 25-cr-00503-JSR, slip op. (S.D.N.Y. Feb. 17, 2026)) holding that documents a criminal defendant prepared using the consumer version of Claude for legal research were not protected by attorney-client privilege or the work product doctrine. The Court accepted that the defendant had been communicating with Claude about factual and legal issues in his case in anticipation of litigation, had incorporated information conveyed to him by his counsel into those communications, had intended to share the resulting AI-generated documents with counsel, and did in fact share those documents with his counsel, but nonetheless rejected both his attorney-client and work product privilege claims. The Court reasoned that no such relationship can exist between a user and an AI platform, and separately concluded that, because the consumer version of Claude trained on user data and reserved the right to disclose data to third parties, including governmental regulatory authorities, the defendant could not have had a reasonable expectation of confidentiality in his communications with Claude.

Heppner is significant not only for its holding, but also for the workflow lessons it suggests. Judge Rakoff noted that, assuming there had been confidentiality and the user was acting on instructions from counsel, Claude might arguably function in a manner akin to a highly trained professional, such as an accountant or consultant, assisting counsel within a Kovel-type framework. The practical takeaways are that when using AI tools in connection with privileged communications or legal work, organisations should use an enterprise AI tool whenever possible; where a client or other non-lawyer is acting at the direction of counsel, that context should be documented accurately in the prompt; and privilege logs should clearly and accurately denote both the basis for the privilege and that the AI tool was used with the expectation of confidentiality. Those workflow choices also connect back to governance and recordkeeping, because organisations will face complex data retention choices for chat histories, custom workflows, and AI project artefacts.

Managing Intellectual Property, Publicity, and Authenticity Risk in AI-Generated Content

Generative AI tools are now a routine feature of marketing, advertising, and communications workflows. When deployed thoughtfully, these tools have a variety of benefits: reduced costs, accelerated production timelines, and expanded creative capacity. When used without adequate guardrails, AI tools can generate problems just as easily as content: intellectual property risk, reputational harm, and increased regulatory scrutiny. Those issues are especially salient in New York, where media, entertainment, fashion, advertising, and financial-services firms often produce high volumes of public-facing content under compressed deadlines.

As organisations integrate AI-generated content into public-facing materials, legal and compliance teams are increasingly asked to address a common set of questions: Who owns AI-generated outputs? What infringement risks arise from model training practices or output similarities? And how should organisations structure internal review and approval processes to manage these risks at scale?

Under current US law, works generated solely by AI are not eligible for copyright protection, meaning that reliance on unmodified AI outputs (those without substantive editing, selection, arrangement, or creative modification) can undermine ownership rights in commercially important assets. Infringement risk arises on at least two theories: training data claims (that models were trained on copyrighted works without authorisation) and output claims (that AI outputs are substantially similar to existing protected works). Companies should seek information on training data provenance and evaluate whether providers offer indemnification for training-related claims. Additional risks include inadvertent trade mark use in AI-generated imagery, false or misleading depictions of products or services, and right of publicity claims where outputs depict identifiable individuals – exposure that has increased following New York’s recent amendments to its right of publicity law expanding protections against digital replicas. A separate New York synthetic-performer advertising disclosure law adds another compliance layer for certain commercial advertisements, although it does not take effect until 9 June 2026. Together, these New York laws reflect the state’s active role in addressing AI-related publicity and authenticity concerns.

To mitigate these risks, companies may choose to implement guardrails across the content lifecycle. This includes ensuring meaningful human involvement in creation and maintaining records of prompts, edits, and approvals; adopting internal approval workflows that screen for third-party IP, celebrity likenesses, and misleading depictions; scrutinising AI provider agreements for the scope of indemnification and relevant exclusions; and revisiting IP and AI governance policies regularly to reflect new case law and regulatory guidance. Proactive planning – rather than reactive remediation – will be key as courts, regulators, and rights-holders continue to scrutinise the use of AI-generated content in commercial contexts.

Authenticity risk extends beyond brand content and into the integrity of information that organisations rely upon. Advances in generative AI have given rise to models capable of creating photorealistic images, and therefore fabricating the kinds of images relied upon in commercial validation workflows, from passport authentication and check deposits to insurance claims. For insurers in particular, this technology poses a significant risk of fabricated or exaggerated claims, with downstream consequences for loss-reserving practices. If an insurer determines that a claim used a fabricated image to exaggerate damage, many property policies contain conditions that can bar coverage altogether where the insured has intentionally misrepresented material facts – and state insurance anti-fraud frameworks often criminalise knowingly false statements to insurers. Even so, insurers typically weigh proof risk, bad-faith exposure, and regulatory expectations before issuing a total denial, and often take a calibrated approach by paying the undisputed amount while denying the inflated portion. To detect this kind of fraud, insurers may consider requiring multi-angle photos with reference objects, deploying AI-detection software, using real-time remote video inspection, and increasing on-site visits – while taking care not to overcorrect in ways that slow down or wrongly deny legitimate claims. In a world where seeing is no longer necessarily believing, organisations that rely on digital images should assess the risk of AI-enabled fraud and determine how best to address it.

Cybersecurity and AI

Cybersecurity is now one of the clearest areas in which AI both creates risk and promises defensive advantage. An October 2024 industry letter from the New York Department of Financial Services (NYDFS) on cybersecurity risks arising from AI warned that AI can enable cybercriminals to act at greater scale and speed, and Acting Superintendent Asrow, who has an extensive background in AI and technology policy, has since identified cybersecurity and AI-related risk as leading priorities for the Department. For New York-regulated entities, AI can be viewed not only as a productivity tool, but also as a cyber consideration touching on governance, vendor management, incident response, authentication, surveillance and resilience.

Recent market developments reinforce that message. On 7 April 2026, Anthropic announced Project Glasswing, a defensive cybersecurity initiative built around Claude Mythos Preview, described by Anthropic as its most capable model yet. Under the programme, launch partners including major technology and financial institutions are using Mythos Preview in defensive security work to identify and secure critical software. The legal significance for New York companies is not limited to whether they use Anthropic’s tools. The broader point is that frontier AI models are compressing the timeline between vulnerability discovery and exploitation, while also creating new possibilities for defenders. The result is an arms race in which AI-accelerated threats and AI-enabled defensive testing are arriving at the same time.

That is likely to sharpen existing New York expectations around cyber governance. Boards and senior management will increasingly be asked whether they understand how AI changes the institution’s threat model, whether vendors are using AI in security-sensitive functions, whether incident response playbooks address AI-enabled fraud and social engineering, and whether cyber controls remain fit for purpose as synthetic content becomes cheaper and more persuasive. In sectors such as banking, insurance and asset management, where NYDFS already expects cyber controls, AI will intensify scrutiny rather than displace it.

What Comes Next: Building for Accountability in New York

In New York, AI use is entering a more demanding phase. The central questions are increasingly where AI will be deployed, on what data, and under what controls. Organisations that move early may benefit from compounding gains in skills, workflows, and market position. But durable advantage is less likely to belong to those that simply purchase access to powerful models than to those that can govern them: by securing the right to use the relevant data, embedding meaningful human review, preserving privilege where legal work is involved, authenticating outputs, and showing clients, courts, and regulators that human accountability remains real.