Extract from Ella Sherman’s article “Legal Users Beware: Gen AI Models Can Be Less Secure Than Expected”
There has always been some level of risk involved when it comes to gen AI, from hallucinations to biased output based on training data.
However, a new report published earlier this month found that certain large language models (LLM) are less secure than expected, giving legal professionals a reality check for potential cybersecurity breaches and unwanted data retention.
After analyzing 10 popular LLM providers including Open AI, DeepSeek, among others, Cybernews researchers, through its Business Digital Index, gave low security risk ratings to half of the providers it considered. LLM providers Open AI, 01.AI, Inflection AI, EleutherAI and DeepSeek received medium to critical risk ratings.
All of the LLM providers analyzed had varying degrees of vulnerable encryption and half of the providers also recorded data breaches. Perplexity AI and EleutherAI in particular reported credential leaks.
Although law firms have been ramping up their cybersecurity protocols, SocialProof Security CEO Rachel Tobac told Legaltech News that an LLM’s lack of security means that LLMs could retain user data that ends up appearing in breaches.
