Reading time: 5 minutes

Your Friday Five

Every Friday we distill 200+ insurance, legal, and market-risk articles into three signals your board may need for its Monday briefing.

Three developments caught our attention this week:

• Why IRL's CEO faces federal fraud charges after AI bots inflated 95% of the app's user base - triggering a $170M investor loss while the government simultaneously invests $8.9B in AI development
  ​
• How Malicious actors embed undetectable code in public AI models - bypassing every traditional security control your IT team relies on
  ​
• Why our D&O Contract Vigilance Blueprint from months ago becomes essential reading as AI multiplies management’s liability exposure

Federal Prosecutors Just Made AI Bot Fraud a Criminal Offense.

Summary

Abraham Shafi founder and former CEO of Get Together Inc. faces federal wire fraud and securities fraud charges after allegedly using bots to inflate IRL's user base.

Federal prosecutors claim 95% of the social media app's users were fictitious, defrauding investors of $170 million during the 2021 Series C round. The indictment alleges Shafi misrepresented ad spending and growth metrics while automated accounts masqueraded as real users.

The timing creates a striking contradiction. The Trump administration just announced an $8.9 billion federal investment in AI chip production, signaling aggressive support for AI development. At the same time, enforcement actions demonstrate zero tolerance for AI-facilitated fraud.

(source: D&O Diary Guest Post)

So what?

The IRL indictment transforms AI deployment from a competitive advantage into potential criminal liability.

Traditional bots that inflated IRL's metrics pale compared to today's AI capabilities. Modern AI bots can simulate human behavior, adapt to detection methods, and operate at scale that makes the alleged fraud seem primitive. If 95% fake users warranted federal charges with traditional bots, imagine the exposure when AI bots become indistinguishable from humans.

For boards overseeing AI initiatives, every deployment decision now could carry personal criminal risk. The government simultaneously funds AI advancement while prosecuting its misuse - creating a compliance minefield where innovation pressure meets enforcement reality.

Malicious AI Models Execute Code the Moment Your Team Downloads Them.

Summary

Attackers embed malicious code directly into AI models hosted on public repositories, exploiting a blindspot in enterprise security.

The attack is elegant in its simplicity. When organizations import pre-trained models from platforms like Hugging Face or PyTorch Hub, embedded code executes during the deserialization process. Python pickle files - the standard format for many AI models - allow arbitrary code execution by design, not by vulnerability.

Traditional security tools fail completely. Software Component Analysis (SCA) and Software Bill of Materials (SBOM) can't detect these threats because AI models exist as opaque weight files, not traditional code. The malicious payload hides in data that appears legitimate to every scanning tool.

Recent demonstrations showed how a compromised model could delete system files, exfiltrate data, or establish command-and-control connections - all while performing its advertised AI functions normally.

(source: cacm)

The LION Lens

What happened - Researchers demonstrated embedding the command "rm -rf /" in a pickle file that executes when an AI model loads.

Why it matters - Every pre-trained model represents a potential backdoor that bypasses all traditional security controls.

Practical implications - Financial institutions importing AI models for fraud detection, customer service, or risk assessment may be installing trojans directly into core systems.

So what?

The AI supply chain operates on trust that adversaries systematically exploit.

When a single compromised model can execute arbitrary code across your infrastructure, the board's duty of care extends to verifying every AI component's integrity. Yet most organizations lack the tools or expertise to validate model safety - traditional security teams can't inspect serialized model weights any more than automated scanners can.

Market dynamics compound the risk. Competitive pressure drives rapid AI adoption while security frameworks lag years behind. Financial institutions choosing between market irrelevance and unverified AI models face an impossible governance challenge.

The LION POV

Here's how forward-thinking institutions are managing AI model risk:

• Establish AI-specific validation protocols before model deployment, including source verification, behavioral testing, and sandboxed execution environments
• Require vendors to provide model provenance documentation and assume liability for embedded malicious code through contractual provisions
• Create board-level AI risk committees that evaluate both competitive necessity and security implications of each model integration

The institutions that survive the AI transition won't be those that move fastest - they'll be those that move smartest.

We Published a D&O Coverage Blueprint Months Ago That Addresses Exactly These Liability Concerns.

Summary

If today's AI fraud and security revelations have you questioning your D&O coverage, you're asking the right questions.

Months ago, we published a comprehensive analysis of five critical coverage gaps that leave directors personally exposed; gaps that become exponentially more dangerous as AI multiplies your liability. The blueprint detailed how seemingly ironclad D&O programs fail under pressure, using real cases like Max Ary's fraud exclusion denial and PepsiCo's $22 million allocation reversal.

These aren't academic exercises anymore.

When AI bots can trigger securities fraud charges and malicious models bypass every security control, the coverage gaps we identified transform from theoretical vulnerabilities to existential threats. The manuscript language we recommended then becomes essential protection now.

​>>>Read the full analysis​

So what?

Consider how each gap compounds with AI: fraud exclusions that deny coverage before adjudication become catastrophic when AI deployment triggers criminal charges. Allocation provisions that shift costs to the company multiply when AI incidents spawn multiple lawsuits. Application errors that void coverage matter more when policies don't contemplate AI risks that didn't exist at binding.

The blueprint we published anticipated this moment - when traditional D&O structures would crack under novel technology pressures. Every protection we outlined exists in today's market for those who know to demand it. The difference between covered and exposed often comes down to five specific provisions negotiated before AI risks materialized.

The Bottom Line

Between AI bot fraud prosecutions, undetectable malicious models, and coverage gaps in standard D&O policies, board exposure has never been more complex or personal.

Federal investment in AI accelerates adoption pressure while enforcement actions criminalize misuse. Security controls can't detect AI supply chain threats. Traditional D&O policies exclude the very risks AI creates.

If you're a director or officer at an FI, your personal assets face threats that didn't exist twelve months ago.

That's why we created the D&O Contract Vigilance Blueprint. It's a 5-day email course to help you:

• Secure better D&O insurance: Learn how to avoid common policy mistakes
• Protect your personal assets: Understand your potential liability

>>>Get the D&O Contract Vigilance Blueprint​

Don't wait until a claim hits to find out your institution is under-protected.

Thank you for reading today's edition!

Want to share this edition via text, email or social media?

Simply copy-and-paste the link below:

​http://lionspecialty.ck.page/posts/malicious-code-hides-in-ai-models-your-security-can-t-detect-it​

And if this briefing was forwarded to you, subscribe directly here.

Stay Covered,

Natasha & Mark​
Co-Founders and Managing Partners
LION Specialty

​
​