Loading…
Every article starts from a situation, not a regulation. Code, contracts, and hard-earned mistakes from teams shipping AI features in the EU.
Four named confidentiality failure modes for AI meeting notetakers, anchored in the Brewer v Otter and Cruz v Fireflies 2025 cases and the EU consent stack.
GDPR Article 15 for AI stacks after CEF 2024 and CJEU C-203/22. The copy, the explanation, the sub-processor list, and the one-month clock.
GDPR Article 17 applied to AI stacks after the EDPB's February 2026 CEF report. Three deletability tiers, what unlearning cannot do yet, and a response template.
An operational guide for AI data leaks. GDPR Article 33 timing, containment, evidence preservation, notification templates, three worked incident walkthroughs, and the regulator differences that catch teams off guard.
Section 702 sunsets April 20. The April 2026 state of EU-US AI transfers, what the DPF actually rests on, and the contract review you should do this week.
Vector embeddings of personal data are likely personal data under GDPR. Here is the legal test, the 2025 attack research, the regulator convergence, and how to document your position.
Between January 2025 and February 2026, 20 documented AI app breaches exposed hundreds of millions of records. Four configuration mistakes explain nearly all of them.
AI memory is profiling, and the deletion story is broken. The two layers, the NYT court order, the CIMemories benchmark, memory poisoning, and what survives a supervisory audit.
What to check before deploying open-weight models in 2026. The supply chain attacks, SafeTensors migration, Article 53 open-source exemption, and the GDPR blind spot.
What Copilot, Cursor, Claude Code, and Windsurf actually do with your code after the March 2026 Claude Code source leak. Secrets, tier gaps, and GDPR angles.
What EchoLeak actually showed, what the lethal trifecta actually is, and how your defense posture should change by architecture tier. Grounded in 2025 Microsoft, Google, and OWASP research.
What the DSA, GDPR Article 8, the AI Act, and COPPA 2.0 require when your AI feature is accessible to minors. Walks the four regimes one at a time, with 2025-2026 enforcement and the AI-training-consent rule most builders missed.
The MCP specification is strict. Most implementations skip the MUST-level requirements. The 30+ CVEs filed in the first 60 days of 2026 live in that gap. A field guide to the four attack classes that matter, with named CVEs and what to actually do.
Article 50 of the AI Act applies on 2 August 2026. C2PA for images and audio, SynthID-Text and the paraphrase gap, the Code of Practice second draft, and a Python starter.
Showing 12 of 41