The SEC has charged a major tech company for deceiving investors by exaggerating its use of AI—highlighting that the falsehood was about AI itself, not just product features. This signals a shift: AI governance has now become a boardroom-level issue, and many organizations are unprepared.
Advice for CISOs and execs:
- Be audit-ready—any AI claims must be verifiable.
- Involve GRC early—AI governance is about managing risk, enforcing controls, and ensuring transparency.
- Educate your board—they don’t need to understand algorithms, but they must grasp the associated risks and mitigation plans.
If your current AI strategy is nothing more than a slide deck and hope, it’s time to build something real.
AI Washing
The Securities and Exchange Commission (SEC) has been actively pursuing actions against companies for misleading statements about their use of Artificial Intelligence (AI), a practice often referred to as “AI washing”.Â
Here are some examples of recent SEC actions in this area:
- Presto Automation: The SEC charged Presto Automation for making misleading statements about its AI-powered voice technology used for drive-thru order taking. Presto allegedly failed to disclose that it was using a third party’s AI technology, not its own, and also misrepresented the extent of human involvement required for the product to function.
- Delphia and Global Predictions: These two investment advisers were charged with making false and misleading statements about their use of AI in their investment processes. The SEC found that they either didn’t have the AI capabilities they claimed or didn’t use them to the extent they advertised.
- Nate, Inc.: The founder of Nate, Inc. was charged by both the SEC and the DOJ for allegedly misleading investors about the company’s AI-powered app, claiming it automated online purchases when they were primarily processed manually by human contractors.
Key takeaways from these cases and SEC guidance:
- Transparency and Accuracy: Companies need to ensure their AI-related disclosures are accurate and avoid making vague or exaggerated claims.
- Distinguish Capabilities: It’s important to clearly distinguish between current AI capabilities and future aspirations.
- Substantiation: Companies should have a reasonable basis and supporting evidence for their AI-related claims.
- Disclosure Controls: Companies should establish and maintain disclosure controls to ensure the accuracy of their AI-related statements in SEC filings and other communications.
The SEC has made it clear that “AI washing” is a top enforcement priority, and companies should be prepared for heightened scrutiny of their AI-related disclosures.Â
Digital Ethics in the Age of AI – Navigating the ethical frontier today and beyond
AI Governance: Applying AI Policy and Ethics through Principles and Assessments
How AI Is Transforming the Cybersecurity Leadership Playbook
IBM’s model-routing approach
Top 5 AI-Powered Scams to Watch Out for in 2025
Summary of CISO 3.0: Leading AI Governance and Security in the Boardroom
AI in the Workplace: Replacing Tasks, Not People
Why CISOs Must Prioritize Data Provenance in AI Governance
Interpretation of Ethical AI Deployment under the EU AI Act
AI Governance: Applying AI Policy and Ethics through Principles and Assessments
Businesses leveraging AI should prepare now for a future of increasing regulation.
Digital Ethics in the Age of AI
DISC InfoSec’s earlier posts on the AI topic
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services | Mergers and Acquisition Security
