1-800-350-6003

Corporate AI Governance and the Next Wave of SEC Scrutiny

Artificial intelligence has become the centerpiece of corporate strategy across nearly every sector. But as companies race to position themselves as “AI‑driven,” regulators are increasingly concerned that some claims are exaggerated, misleading, or unsupported; a phenomenon now widely referred to as AI‑washing.

For investors, AI‑washing is more than a marketing problem. It is a material disclosure risk, a governance issue, and a growing enforcement priority for the Securities and Exchange Commission (SEC). As the first half of 2026 draws to a close, several developments, including SEC comment‑letter trends, enforcement actions, and formal recommendations from the SEC’s Investor Advisory Committee, signal that AI‑related disclosures are entering a new era of scrutiny.

The Rise of AI‑Washing and Why Regulators Are Paying Attention

The SEC has made clear that companies cannot overstate their use of AI or misrepresent the capabilities of AI‑enabled products. In 2024 and 2025, the SEC brought several enforcement actions against firms that falsely claimed to use proprietary AI systems.

According to a 2025 analysis by Norton Rose Fulbright, the SEC charged two investment advisers for “misrepresenting their use of AI in their investment processes,” and later settled with a consumer‑facing tech company that implied its AI was fully automated and proprietary when it was neither.

These cases were early signals of a broader concern: Companies are increasingly using the term “AI” in ways that may mislead investors about capabilities, risks, or competitive advantages. 

SEC Comment Letters Show a Clear Pattern: AI Claims Are Being Scrutinized

A 2024–2025 review of SEC comment letters by Orrick, summarized by the Harvard Law School Forum on Corporate Governance, found that the SEC issued 92 AI‑related comments to 56 companies since 2021.

The SEC’s questions focused on:

  • How companies define “AI”
  • Whether AI claims are supported by internal documentation
  • Whether AI materially affects operations, revenue, or risk
  • Whether AI‑related risks are adequately disclosed
  • Whether forward‑looking AI statements are overly promotional

The SEC also asked companies to clarify whether AI tools were developed internally, licensed from third parties, or still in testing; a key issue in several enforcement actions.

For investors, these comment‑letter trends show that the SEC is already probing AI claims long before formal rules are adopted.

The SEC’s Investor Advisory Committee Calls for Mandatory AI Disclosure

In July 2025, the SEC’s Investor Advisory Committee (IAC) issued a formal recommendation urging the SEC to adopt AI‑specific disclosure requirements.

The IAC recommended that public companies be required to:

  • Clarify how the company is using the term “artificial intelligence” in its disclosures.
  • Explain what role, if any, the board plays in overseeing the company’s use and deployment of AI.
  • Provide separate reporting on how AI is being implemented across the business and, where material, describe its impact on (a) internal operations and (b) customer‑facing products or services.

This places AI squarely within the realm of material risk, governance, and investor protection.

AI as a Material Risk

The IAC’s recommendation cites a Deloitte and the USC Marshall School of Business study finding that about 60% of S&P 500 companies view AI as a material risk across:

  • Cybersecurity
  • Competition
  • Regulation
  • Intellectual property
  • Ethics
  • Reputation

AI is following a familiar pattern seen in past technology booms: early excitement, inflated expectations, and a rush of corporate claims that often outpace actual capabilities. Gartner’s long‑running Hype Cycle framework shows that emerging technologies typically experience a surge of promotional language before reaching more realistic levels of adoption. Recent examples illustrate how quickly AI hype can distort market signals:

  • Allbirds’ saw a 600% stock surge after announcing a vague pivot to AI despite offering little detail about actual AI capabilities. 
  • C3.ai’s stock has repeatedly surged on general AI enthusiasm, analyst upgrades tied to “AI exposure,” and broad market hype, even when revenue guidance remained flat. 
  • Faraday Future’s stock spiked in 2026 after the company highlighted AI‑driven features in its vehicles, despite limited evidence of commercial deployment. 

The Cybersecurity Parallel: 

The SEC’s 2023 cybersecurity disclosure rules offer a clear preview of how AI disclosure may evolve.

Those rules require:

  • Board oversight disclosure
  • Management expertise disclosure
  • Material incident reporting
  • Annual reporting on risk management

AI fits the same pattern:

  • High‑impact operational risk
  • Complex technical systems
  • Potential for material incidents
  • Need for board‑level oversight

It is increasingly likely that AI will follow a similar regulatory trajectory.

Third‑Party AI Risk: The Blind Spot in Most Disclosures 

One of the most significant — and least discussed — risks in corporate AI adoption is third‑party AI dependency. Companies increasingly rely on external AI systems, but their disclosures rarely explain how those systems work, how they are governed, or what risks they introduce.

Companies often rely on third-party systems. These include:

  • Cloud‑based AI models (e.g., OpenAI, Anthropic, Google Cloud, AWS)
  • External data providers
  • Third‑party algorithms and APIs
  • Open‑source AI components

The SEC is asking companies to clarify whether AI tools are internally developed or licensed from third parties. 

Disclosures Rarely Explain Key Third‑Party Risks

Most companies do not disclose:

  • Which parts of the AI stack are outsourced
  • Whether vendors have been vetted
  • How data is protected when sent to third‑party models
  • Whether the company can audit or validate model behavior
  • Whether the company has contingency plans if a vendor changes terms, pricing, or model access

The SEC’s Investor Advisory Committee explicitly warns that companies must disclose how AI is deployed internally and externally, including dependencies on third‑party AI systems.

A 2026 corporate‑law analysis of AI accountability and fiduciary duties notes that while many corporate liability doctrines assume:

  • A human decision
  • A human intent
  • A human state of mind

AI systems can:

  • Act autonomously
  • Produce harmful outcomes without human direction
  • Make decisions that no individual “intended”

This creates dangerous accountability gaps that become governance risks when boards fail to anticipate them. While fiduciary duties haven’t been rewritten for AI, the logic of existing duties already applies:

Boards must:

  • Understand AI‑related risks
  • Ensure adequate oversight structures
  • Monitor AI systems and their impacts
  • Implement controls to prevent foreseeable AI‑driven harms

AI Governance Is Now a Shareholder‑Rights Issue

AI is reshaping corporate governance in ways that directly affect shareholder rights. A 2025 analysis of SEC commissioner remarks highlights several emerging tensions.

1. Principles‑based vs. prescriptive AI disclosure

Some commissioners favor flexible, materiality‑based disclosures. Others argue that AI’s complexity requires prescriptive rules.

2. Shareholder proposal rights under Rule 14a‑8

AI‑related proposals, especially those involving ethics, risk, and oversight, are becoming more common.

3. Board oversight expectations

Commissioners increasingly emphasize that boards must:

  • Understand AI’s risks
  • Oversee AI strategy
  • Ensure internal controls keep pace with AI adoption
  • Avoid relying solely on management’s representations

Where AI Disclosure Rules May Be Headed Next

A 2025 Social Science Research Council (SSRC) working paper proposes a roadmap for future SEC rulemaking.

The authors recommend:

1. A materiality‑first AI disclosure regime

Companies should disclose AI risks when they are reasonably likely to affect financial performance or operations.

2. A dedicated AI‑incident item on Form 8‑K

Similar to cybersecurity incident reporting.

3. A standing AI section in Form 10‑K

Covering:

  • AI strategy
  • Governance
  • Risk management
  • Dependencies on third‑party AI systems
  • Known limitations or vulnerabilities
4. Clear definitions of AI‑related terms

To prevent companies from using vague or promotional language.

This framework aligns closely with the SEC IAC’s recommendations, suggesting that formal rulemaking may not be far off.

What Investors Should Watch for in AI Disclosures

Based on current enforcement, comment letters, and policy proposals, investors should scrutinize:

1. How companies define “AI”

Is it real AI, machine learning, automation, or marketing language?

2. Whether AI claims are supported by evidence

Are capabilities overstated? Are third‑party tools disclosed?

3. Whether boards oversee AI risk

Is oversight described? Is it credible?

4. Whether AI materially affects operations

Cybersecurity, compliance, workforce, or product risk.

5. Whether AI incidents are disclosed promptly

Delays may indicate internal control weaknesses.

AI‑Washing Is the Next Frontier of Investor Risk

AI is transforming industries, but it is also creating new avenues for misleading statements, governance failures, and material omissions. The SEC’s early enforcement actions, comment‑letter trends, and formal recommendations all point to the same conclusion: AI‑related disclosures are becoming a core component of investor protection.

For shareholders, the message is clear: Scrutinize AI claims carefully. Demand transparency. Expect board oversight.

And for companies, the era of casual AI marketing is over.

AI disclosures must be accurate, supported, and aligned with governance practices, or they risk becoming the next wave of securities litigation.

The Broader Impact

AI is reshaping the global economy far beyond the boundaries of any single company. It is influencing labor markets, competitive dynamics, supply chains, regulatory frameworks, and even geopolitical strategy. For investors, this broader context is not abstract; it directly affects valuation, risk, and long‑term corporate performance.

1. AI is accelerating competitive divergence 

Companies that deploy AI effectively can scale faster, reduce costs, and capture market share at unprecedented speed. McKinsey’s 2023–2025 research shows that AI adoption is creating “performance gaps” between early adopters and laggards, with leaders capturing disproportionate economic gains. For shareholders, this means AI is becoming a driver of both outsized gains and outsized losses, increasing the importance of credible oversight and transparent reporting.

2. AI is creating new systemic risks

AI‑driven systems can amplify errors, propagate misinformation, or introduce vulnerabilities into critical infrastructure. The U.S. government’s 2023 Executive Order on AI explicitly warns that AI can create “systemic risks to national security, the economy, and public health.”

As regulators tighten expectations, companies that lack robust AI governance may face compliance costs, enforcement actions, or operational disruptions… all of which ultimately affect shareholders.

3. AI is reshaping workforce dynamics and operational models

AI is transforming labor markets, automating tasks, and changing how companies operate. The World Economic Forum’s Future of Jobs Report finds that AI will both displace and create jobs, with significant implications for workforce planning and human‑capital management. 

Investors increasingly expect boards to understand how AI affects not just technology strategy, but human capital, culture, and long‑term sustainability.

4. AI is prompting global regulatory responses that will affect U.S. companies

The EU AI Act, the world’s first comprehensive AI regulation, imposes strict requirements on high‑risk AI systems, transparency obligations, and penalties for non‑compliance. Even U.S. companies operating globally will be affected.

The Takeaway for Shareholders

AI is not just a technology trend. It is a structural force reshaping markets, governance, and risk. As AI becomes more deeply embedded in corporate operations, investors will increasingly demand:

  • Clear definitions of AI use
  • Evidence‑based claims
  • Transparent reporting
  • Competent board oversight
  • Accountability for AI‑driven harms
  • Disclosure of third‑party AI dependencies
  • Clear explanations of AI’s operational and workforce impacts

Companies that meet these expectations will be better positioned to build trust, attract capital, and compete effectively. Those that do not will face heightened scrutiny, litigation risk, and potential value erosion.

HOW WE CAN HELP

FAQs

Having information at your fingertips is easier than ever. Enroll in Robbins LLP’s free investment monitoring service, Stock Watch, for notifications of corporate misconduct impacting the value of your investments, advice on how to hold corporate officers and directors accountable for their misconduct, and to receive information about class action settlements. 

Learn More
Facebook-f X-twitter Linkedin

Attorney Advertising.  Past results do not guarantee a similar outcome.

5060 Shoreham Pl., Ste. 300 San Diego, CA 92122

Disclaimer | Site Map | Privacy Policy

© 2026 – Robbins LLP

Free!
Skip to content