ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "AI Unmasked: Navigating Legal Risks and Realities with Cyber Attorney Ryan Steidl"
Episode Synopsis
Summary
In this insightful episode of the Chattinn Cyber podcast, host Marc Schein is chattin’with Ryan Steidl, a leading privacy and artificial intelligence attorney, to explore the evolving landscape of AI from a legal and cybersecurity perspective. Ryan shares his journey from Maryland to becoming a respected figure in data privacy and AI law, highlighting the influence of pioneering professors and his early work at Under Armour. He frames AI as an evolutionary technology that builds on existing data privacy and security issues but introduces new complexities due to limited human intervention in its processes.
Their chat delves into the current regulatory environment surrounding AI in the United States, which Ryan describes as a patchwork of state laws with no comprehensive federal framework yet in place. He discusses the recent veto of Virginia’s AI bill and the ongoing debate over a proposed federal moratorium on state AI legislation, emphasizing the tension between innovation and safety. Ryan also notes the role of federal agencies like the FTC and EEOC in shaping AI policy and how shifts in administration priorities—from safety to innovation—impact regulatory approaches.
Ryan advises business leaders to focus on the purpose behind AI adoption, urging them to carefully assess use cases, data needs, and risk tolerance before allowing AI tools in their organizations. He stresses the importance of governance, recommending cross-functional oversight teams and clear ownership at multiple levels—from enterprise governance to tool implementation and output accountability. He also highlights the necessity of rigorous vetting and ongoing risk assessments to manage AI-related risks effectively.
The chat further clarifies the distinctions between open-source AI models, public tools like ChatGPT, and private sandbox environments. Ryan warns against indiscriminate use of public AI models with sensitive data and advocates for controlled environments that offer greater security and customization. He also touches on emerging trends like synthetic data and regulatory sandboxes, which balance innovation with risk mitigation, citing Utah’s AI lab as a pioneering example.
Concluding on the topic of AI’s impact on cyber risk, Ryan offers a nuanced view: AI can both help manage and exacerbate cyber risks depending on how it is used. He underscores the increasing complexity AI introduces and the critical role of human oversight in accountability and enforcement. Ryan predicts that insurers will push organizations toward proactive risk management rather than reactive responses, emphasizing the need for continuous monitoring and anticipation of AI-related pitfalls. He closes by inviting listeners to access further resources and contact his team for guidance.
Key Points
AI as an Evolutionary Technology: AI builds on existing data privacy and security frameworks but introduces new challenges due to limited human intervention in its processes.
Fragmented AI Regulation: The U.S. currently has a patchwork of state-level AI laws with no comprehensive federal legislation, complicated by political debates such as the proposed moratorium on state AI laws.
Governance and Ownership: Effective AI adoption requires clear governance structures, cross-functional oversight, and defined ownership at multiple organizational levels.
Risk Assessment and Documentation: Organizations must implement thorough vetting processes, conduct ongoing risk assessments, and maintain detailed documentation to demonstrate accountability and compliance.
Safe AI Adoption Practices: Businesses should avoid using public AI models with sensitive data, favor sandbox or private instances, and consider synthetic data to mitigate privacy and compliance risks.
Key Quotes
"AI is more evolutionary than revolutionary, at least. It builds on a lot of topics that we're pretty familiar with, especially in cybersecurity."
In this insightful episode of the Chattinn Cyber podcast, host Marc Schein is chattin’with Ryan Steidl, a leading privacy and artificial intelligence attorney, to explore the evolving landscape of AI from a legal and cybersecurity perspective. Ryan shares his journey from Maryland to becoming a respected figure in data privacy and AI law, highlighting the influence of pioneering professors and his early work at Under Armour. He frames AI as an evolutionary technology that builds on existing data privacy and security issues but introduces new complexities due to limited human intervention in its processes.
Their chat delves into the current regulatory environment surrounding AI in the United States, which Ryan describes as a patchwork of state laws with no comprehensive federal framework yet in place. He discusses the recent veto of Virginia’s AI bill and the ongoing debate over a proposed federal moratorium on state AI legislation, emphasizing the tension between innovation and safety. Ryan also notes the role of federal agencies like the FTC and EEOC in shaping AI policy and how shifts in administration priorities—from safety to innovation—impact regulatory approaches.
Ryan advises business leaders to focus on the purpose behind AI adoption, urging them to carefully assess use cases, data needs, and risk tolerance before allowing AI tools in their organizations. He stresses the importance of governance, recommending cross-functional oversight teams and clear ownership at multiple levels—from enterprise governance to tool implementation and output accountability. He also highlights the necessity of rigorous vetting and ongoing risk assessments to manage AI-related risks effectively.
The chat further clarifies the distinctions between open-source AI models, public tools like ChatGPT, and private sandbox environments. Ryan warns against indiscriminate use of public AI models with sensitive data and advocates for controlled environments that offer greater security and customization. He also touches on emerging trends like synthetic data and regulatory sandboxes, which balance innovation with risk mitigation, citing Utah’s AI lab as a pioneering example.
Concluding on the topic of AI’s impact on cyber risk, Ryan offers a nuanced view: AI can both help manage and exacerbate cyber risks depending on how it is used. He underscores the increasing complexity AI introduces and the critical role of human oversight in accountability and enforcement. Ryan predicts that insurers will push organizations toward proactive risk management rather than reactive responses, emphasizing the need for continuous monitoring and anticipation of AI-related pitfalls. He closes by inviting listeners to access further resources and contact his team for guidance.
Key Points
AI as an Evolutionary Technology: AI builds on existing data privacy and security frameworks but introduces new challenges due to limited human intervention in its processes.
Fragmented AI Regulation: The U.S. currently has a patchwork of state-level AI laws with no comprehensive federal legislation, complicated by political debates such as the proposed moratorium on state AI laws.
Governance and Ownership: Effective AI adoption requires clear governance structures, cross-functional oversight, and defined ownership at multiple organizational levels.
Risk Assessment and Documentation: Organizations must implement thorough vetting processes, conduct ongoing risk assessments, and maintain detailed documentation to demonstrate accountability and compliance.
Safe AI Adoption Practices: Businesses should avoid using public AI models with sensitive data, favor sandbox or private instances, and consider synthetic data to mitigate privacy and compliance risks.
Key Quotes
"AI is more evolutionary than revolutionary, at least. It builds on a lot of topics that we're pretty familiar with, especially in cybersecurity."
More episodes of the podcast Chattinn Cyber
Beyond MFA: How Deepfakes Are Hacking Humans
06/05/2025
In God we trust