AI challenges cybersecurity and privacy space, “prompting” professionals to keep up

Legal frameworks are struggling to keep pace with rapidly emerging technologies that challenge traditional notions of privacy, rights, and security. At the intersection of AI, biometrics, and neural technology, lawmakers face unprecedented questions about how to regulate innovations that can access our most intimate data—from facial characteristics to our very thoughts. As highlighted at RSAC 2025, these challenges represent a fundamental shift in how we must conceptualize privacy and rights in the digital age.

The big picture: Cybersecurity law is facing novel challenges across multiple fronts as technology advances into realms previously confined to science fiction.

• Legal experts at RSAC 2025 highlighted the most pressing issues, including AI rights, algorithmic discrimination, and the emerging concept of “neuro privacy.”
• Privacy attorney Ruth Bro identified the primary technological threats to privacy using the acronym “BAD”—biometrics, AI, and drones.

Historical context: Concerns about technology’s impact on privacy aren’t new, dating back to at least 1890 when future Supreme Court Justice Louis Brandeis published an article on privacy rights in response to the spread of photography.

• The current pace of technological advancement, however, presents more complex challenges than previous eras.
• Traditional crime-focused laws often prove inadequate when applied to digital-era violations.

Key developments: States and international bodies are beginning to enact specific legislation addressing emerging tech concerns.

• Tennessee passed the ELVIS Act specifically targeting deepfakes and unauthorized digital representations.
• Colorado’s Artificial Intelligence Act is set to take effect in February 2026, adding to the patchwork of regional regulations.
• The European Union has proposed establishing five human rights specifically for neurodata protection.

Why this matters: These legal frameworks will determine how technologies that can potentially access our most personal attributes—from facial recognition to neural patterns—will be regulated.

• Biometric data represents “one of the most sensitive types of data,” according to privacy experts at the conference.
• AI systems hold “staggering amounts of personal data” that present unprecedented privacy challenges.

Looking ahead: The gap between technological capability and legal frameworks will likely continue to widen before comprehensive solutions are implemented.

• The concept of “neuro privacy”—protecting data generated by or about our brain activity—represents the next frontier in privacy law.
• Increasing scrutiny of AI and algorithm use is expected across jurisdictions as awareness of potential harms grows.