Debra Cairns
Artificial intelligence (AI) is no longer a futuristic concept; it is a present-day reality that is transforming how businesses around the globe operate, particularly in the legal sector.
From automating routine tasks to enhancing cybersecurity measures, AI is changing the way legal professionals work, making processes more efficient, accurate, and secure.
However, with innovation comes new challenges. While AI offers significant advantages, it also opens the door to sophisticated threats and AI-driven cyberattacks that specifically target the legal industry’s sensitive data and trusted relationships.
In this article, we will discuss what AI is, it’s use in the legal sector, tips for legal professionals using AI as well as it’s risks and threats.
What is AI?
AI can be understood by breaking down its core components. The term ‘artificial’ refers to something created by humans to replicate or mimic natural phenomena, while ‘intelligence’ describes the capacity to acquire, understand, and apply knowledge and skills.
Together, AI represents the theory and development of computer systems capable of performing tasks that typically require human intelligence, such as visual perception, speech recognition and language translation.
AI involves the creation of artificial systems, implemented either as software or within physical hardware, that are designed to solve tasks requiring human-like responses. These tasks may include perception, cognition, planning, learning, communication, or even physical actions. Essentially, AI is a computer system engineered to think and act in ways that mirror human behaviour.
AI adoption
Recent research published by Lexis Nexis, a global company specialising in providing legal and business information and analytics to support informed decision-making, reveals a significant shift in the legal profession’s adoption of AI.
According to the study, 82% of lawyers are either currently using AI or planning to integrate it into their legal practices, a substantial increase from just 39% the previous year.
The growing popularity of AI in the traditionally risk-averse legal field is being driven by its ability to reduce costs and alleviate heavy workloads by completing simple tasks.
The history of AI
Although records show that artificial intelligence (AI) was “born” in 1955, it was largely a theoretical concept until the late 1990s.By the 2000s, consumer technology products incorporating AI began to emerge, marking a turning point for the technology. In 2011, Apple integrated SIRI, its AI voice assistant, into the iPhone 4S, bringing AI closer to everyday users.
Fast forward to the 2020s, AI has become an integral part of both home and office environments, often in ways which go unnoticed. Chatbots, such as Amazon Alexa, SIRI, and ChatGPT, are among the most popular AI applications, demonstrating how integrated this technology has become into everyday life.
While experts acknowledge that AI has not yet surpassed human decision-making capabilities, research suggests that this milestone could be reached within our lifetime. The evolution of AI continues to redefine how we interact with technology, influencing the future of innovation.
AI’s use in the UK legal sector
AI has the potential to transform the legal profession. While it cannot replace human judgement or decision-making, it can lead to more efficient service delivery, increased accuracy, and the ability to focus on higher value tasks.
This makes it extremely effective in increasing and amplifying productivity, offering significant assistance to legal profession in a variety of areas.
The Law Society’s report, Capturing Technological Innovation in Legal Services (Chittenden, 2017), highlighted the role of AI within the legal sector. The report identified several areas where AI systems are under development and steadily gaining traction. This includes:
- Document analysis
- Contract intelligence
- Document delivery
- Legal advisor support
- Clinical negligence analysis
- Case outcome prediction
- Public legal education
These systems are being developed specifically for the legal sector. However, the decision to purchase and implement these systems is typically made at the firm level, rather than by individual lawyers or solicitors.
That being said, there are several open-source AI platforms available today, many of which are free or low-cost. This accessibility makes AI tools available to a diverse range of users and ready for use across a variety of applications.
General tips for using AI
1. Avoid sharing personal or sensitive information
Never share your personal data or sensitive information, whether business or personal, on these platforms.
AI tools were not intended to securely handle or protect sensitive information. Sharing such information may expose it to misuse or breaches, posing risks to both individuals and organisations.
2. Be cautious with financial information
Do not disclose any financial information, such as bank account numbers, credit or debit card numbers, PINs, passwords, or other sensitive financial data.
Be wary of any requests from the AI that may indirectly or directly prompt you to provide such information, as sharing this data could jeopardise your personal or financial security.
3. Recognise limitations
Remember that chatbots are AI language models that process and generate text-based responses. They are not human, and therefore lack personal experiences, emotions, and subjective understanding.
Their responses are solely based on the patterns, data, and knowledge they have been taught, rather than any personal experiences or emotional insight.
4. Report inappropriate behaviour
If you come across any offensive, harmful, or inappropriate responses, please report them immediately.
Reporting such issues improves the system by identifying and addressing problematic content, resulting in a safer and more respectful experience for all users.
5. Avoid spreading misinformation
When using AI chatbots to gather information, be cautious as they may not always provide accurate or up-to-date information.
It is always recommended to double-check the information provided with reliable and trustworthy sources.
6. Read and follow the platform’s guidelines
Different AI platforms have their own set of usage guidelines and terms of service that specify how the platform should be used, what is permitted, and any limitations or responsibilities for users.
These guidelines may address data privacy, acceptable use, intellectual property, and liability limits. Before using the platform, review these terms to ensure that you fully understand your rights, obligations, and potential risks.
7. Keep in mind that AI is not a substitute for professional advice
AI chatbots can provide useful general information and answer a variety of questions, but they do not replace professional advice.
For specific, critical, or complex matters, it’s important to consult qualified professionals who can provide tailored guidance based on your unique situation.
Risks to the legal sector (SRA)
There are several risks associated with implementing AI technologies in the legal sector, including:
1. Accuracy and bias problems
AI systems can occasionally produce incorrect or misleading results due to inaccuracies or biases in their training data. These issues can manifest as ‘hallucinations,’ in which the AI generates entirely false information, or an amplification of existing biases in the data on which it was trained.
Such issues are further complicated by the tendency of many users to place more trust in computer output than in human judgement, which can lead to the blind acceptance of flawed results.
2. Client confidentiality
Ensuring client confidentiality when using AI is critical. This involves not only protecting sensitive information from being exposed to third parties but also taking steps to secure it within the firm itself.
Any data shared with the AI system provider must be handled securely, in accordance with all applicable privacy laws and regulations, and with strong safeguards in place to prevent unauthorised access or use.
3. Accountability
Solicitors must always remember that they are fully accountable to their clients for the quality and outcomes of the services they provide, regardless of whether they use external AI tools to help them deliver those services.
The use of AI does not diminish their professional responsibility, and they must ensure that any AI solutions used meet the necessary standards of accuracy, dependability, and ethical practice to maintain client trust and legal compliance.
AI Threats
AI may appear to be a recent innovation, but its origins, and misuse, go back much further than most people realise.
Cybercriminals have been exploiting AI technologies for years. One alarming example occurred in 2019, when a UK CEO fell victim to voice spoofing. Believing he was speaking to the Chief Executive of his parent company, the CEO transferred $243,000 USD under a fabricated sense of urgency. This incident highlights how AI-driven deception can exploit human trust.
While legal firms are adopting advanced technologies to mitigate the risk of cyberattacks, the human element remains a major vulnerability. AI was designed to mimic human thought and behaviour, and cyber criminals are weaponising this technology to target individuals within organisations.
By now, most people are familiar with or have used ChatGPT, a tool often employed by cybersecurity professionals to counter cyber threats. Unfortunately, on the dark web, a black hat version called WormGPT has emerged. Unlike ChatGPT, WormGPT has no ethical constraints or limitations, allowing people with little technical knowledge to carry out sophisticated cyberattacks with pre-built tools and scripts.
When ChatGPT and other AI tools first emerged, fears quickly arose that robots powered by AI would take our jobs and control our future. However, we recently heard a thought-provoking comment: it won’t be a robot that takes our job, but rather a cyber criminal who knows how to leverage AI effectively.
Cyber attackers likely to leverage AI generally fall into three distinct categories:
- White hat: Ethical hackers who simulate attacks, with permission, to identify vulnerabilities and advise organisations on how to mitigate risks. Their goal is to strengthen defences and protect systems.
- Black hat: Malicious attackers who exploit vulnerabilities for personal gain, whether financial, reputational, or otherwise.
- Grey hat: Operating in a moral grey area, these individuals carry out unauthorised attacks but stop short of causing direct harm. Often, they reveal vulnerabilities to organisations, hoping to be paid to resolve the issues they’ve discovered.
Many black hat attackers are using AI for spear fishing attacks.
What is spear phishing?
Spear phishing is an increasingly popular method used by cybercriminals. Unlike traditional phishing, which casts a wide net indiscriminately, spear phishing targets specific individuals.
Attackers invest time researching and gathering information, often from open sources such as social media or search engines, to craft a highly tailored attack. Their aim is to appear legitimate by mimicking trusted individuals, incorporating relevant details, and creating a sense of urgency of action.
This approach is alarmingly effective. In 2023, UK companies reported an 18% success rate for general phishing attacks, whereas spear phishing achieved a staggering 53% success rate.
How does AI enhance spear fishing attempts?
AI enhances the effectiveness of spear phishing attacks by allowing the creation of highly convincing spear phishing attempts, including the use of deepfake technology, which allows attackers to mimic real-time interactions with victims.
In January 2024, the UK multinational company ARUP Group fell victim to a spear phishing cyber attack that involved a deepfake video call. An employee in Hong Kong, believing they were speaking with a senior officer from ARUP, was deceived into transferring £20 million to cyber criminals.
Attackers make their fraudulent attempts appear more authentic and difficult to detect. Deepfakes not only mimic trusted individuals but also exploit the trust and immediacy of live interactions, making them a powerful tool in targeted attacks.
Practical steps to reduce these cyber security risks
Mitigating cybersecurity risks begins with taking a proactive and cautious approach. Here are some important steps to help you stay vigilant and protect your organisation from potential threats.
If in doubt, STOP!
Cybercriminals rely on quick, unthoughtful responses to exploit vulnerabilities. Take a moment to pause and assess the situation thoroughly before proceeding. A deliberate approach can prevent costly errors.
If you feel pressured or uncomfortable, SLOW DOWN
Scammers often create a false sense of urgency to push you into acting without proper consideration. Resist the pressure, take a step back, and ensure you have all the facts needed to make an informed decision.
Verify independently
Even if a request appears to be from a trusted source, such as your CEO, senior partner, or a known client, it is critical to confirm its authenticity.
Contact the individual directly through established communication channels, not using the information provided in the suspicious request. Most leaders would rather you confirm details than make a potentially costly error.
For further advice on how to say safe from cyber criminals when implementing AI technologies, contact a member of the Net-Defence team today.