The AI Footnote
A weekly Wednesday series from Andreea Anca, founder of Norvanta and creator of Lexendo. Peer-to-peer notes for partners and practice owners on where AI risk intersects with insurance, cyber, AML, and audit.
Imagine you hired someone last month. Frighteningly fast. They read every document that comes into the firm before you've finished your coffee. They never get a bad feeling about a file. They believe everything they read, and then they act on it. Your new hire? AI.
Read note →A boutique firm's AI assistant follows a hidden instruction in a client spreadsheet and emails the firm's master contact list to the sender. The breach is found nine days later. The ICO clock starts. This is what indirect prompt injection looks like when the AI is allowed to act.
Read note →A PDF with hidden text told an AI assistant to misclassify supplier payments. The accountant signed off. Months later, HMRC opens a review. Read your PI renewal form. Look for a question about prompt injection. You will not find one.
Read note →