The shape of AI regulation

The regulatory fog

AI regulation in 2026 is not a single regime. It’s a collage of disclosure rules, export controls, sector-specific mandates, and voluntary frameworks that interact in ways no single actor fully maps. The EU AI Act is binding on paper; CE-marking certification bodies are understaffed in practice. NIST’s AI Risk Management Framework is adopted by every Fortune 500 and enforced by none. The SEC’s cybersecurity disclosure rule applies to material AI incidents but “materiality” is litigated per-incident.

What this means operationally: you cannot rely on the regulatory floor to constrain the threat surface. You have to assume the floor is porous and engineer above it.

Where patches stopped being enough

April 2026 delivered three vulnerabilities that share a pattern: patching does not close the attack. Cisco Firestarter, a firewall appliance CVE, survives patches and reboots — the malicious code injects into persistent firmware. ASP.NET Core’s forged-authentication-cookie class survives the patch because existing tokens remain valid until organic expiry. A third, unpatched in some deployments, writes to the same config path the patch reads from.

The remediation playbook has changed. Patch, rotate all credentials that touched the vulnerable surface, invalidate all session state, and re-issue tokens with a new signing key. If your incident response runbook says “apply the patch and monitor,” update it. The complete form is now “apply the patch, burn the state, rebuild trust, monitor.”

The CVE triage collapse

NIST announced in early 2026 that the National Vulnerability Database will narrow CVE enrichment to critical-severity vulnerabilities. The labor required to enrich medium and low CVEs — CVSS scoring, CWE tagging, affected-product mapping — exceeded NIST’s capacity. The public-sector answer is to triage out the medium band.

The operational problem is that real-world exploitation disproportionately happens at medium severity. Attackers chain medium-severity bugs together. A high-severity bug in a low-privilege component plus a medium-severity bug in a higher-privilege component often beats a single critical bug. If your security operations center depends on NIST enrichment for anything below critical, your visibility is narrowing.

The replacement pattern is threefold. Subscribe to commercial CVE enrichment (e.g., VulnCheck). Build internal enrichment for the 20 or so dependencies that matter most. Treat unscored CVEs as high-severity by default — the absence of a score is not the absence of risk.

The data disposition clause

Defunct SaaS companies are selling their internal archives to AI training labs. This is the 2026 version of the 2012 pattern of data broker consolidation, but with worse optics and fewer consumer protections. Your vendor contracts almost certainly do not address what happens to your data after the vendor’s bankruptcy. They should.

The clause that matters is: “Upon cessation of service or bankruptcy of the vendor, all customer data must be cryptographically destroyed within 30 days, with an auditable destruction report provided to the customer.” Most vendor MSAs allow for “reasonable efforts to destroy,” which is the legal equivalent of a shrug.

Add the clause to every vendor review this year. Audit the top 10 vendors now; their disposition terms are probably not what you assumed.

The export control surface

Export controls on AI hardware — the chip-level restrictions on frontier GPUs — shape the capex side of the industry but not the deployment side. The interesting dimension for builders is the software equivalent: compute density per dollar. KernelEvolve’s 60% throughput gains on production ads models, achieved through LLM-driven GPU kernel optimization, are the kind of improvement that routes around export caps. The regulatory answer will eventually reach for software too. Watch the compute-density metric as a leading indicator of where the next controls land.

The operational posture

Three moves. Audit your CVE pipeline. If you depend on NIST enrichment for anything non-critical, subscribe to a commercial feed this quarter. Rewrite remediation runbooks to include credential rotation and state invalidation for every class of auth-related vulnerability. Add vendor data-disposition clauses to your contract template and backfill the top 10 existing vendors.

Regulation is not the constraint. Regulation is the floor. Build above it.