Artificial intelligence (AI) is now embedded in mainstream legal work: research, disclosure, due diligence and drafting. The regulatory conversation has largely centred on competence, supervision and confidentiality. But a more subtle shift is underway.
AI is collapsing the traditional boundary between cyber risk and reputational risk. For law firms, that distinction matters. Cyber incidents were once largely technical events, handled by IT teams and insurers. Today, AI-driven threats have an immediate public dimension: they travel fast, they are difficult to rebut in real time, and they strike directly at a firm’s credibility.
The Solicitors Regulation Authority continues to publish scam alerts involving fake solicitors and cloned identities. In 2025, it warned of a fraudster using the name and image of a genuine partner to target members of the public. Such incidents do not necessarily originate within a firm’s own
