- Cybersecurity Docket
- Posts
- Judge Rakoff Opinion: Why AI-Generated Documents Aren't Protected by Privilege
Judge Rakoff Opinion: Why AI-Generated Documents Aren't Protected by Privilege
Plus, Financial Times reports data leak at Abu Dhabi finance summit; and more

Good morning! Here’s what’s up.

Clips ✂️
Last week, we wrote about a decision in which Judge Rakoff of the Southern District of New York denied the claim of defendant Bradley Heppner that documents prepared by Heppner using the consumer version of the AI model Claude for legal research were privileged. On February 17, 2026, Judge Rakoff issued a written opinion explaining the reasoning behind his February 10 ruling.
Why AI-Generated Documents Aren't Protected by PrivilegeThe Court’s Decision
Rakoff accepted that Heppner had (a) been communicating with Claude about factual and legal issues in his case in anticipation of litigation, (b) incorporated information conveyed to him by his counsel during the course of the representation into his communications with Claude, (c) had intended to share the resulting AI-generated documents with counsel, and (d) did, in fact, share those documents with his counsel, but nonetheless rejected both his attorney-client and work product privilege claims.
Data leak at Abu Dhabi finance summit exposes global figures, FT reports
Former British Prime Minister David Cameron and hedge fund billionaire Alan Howard were among the hundreds whose passports and other identification papers were leaked online after they attended an Abu Dhabi conference, the Financial Times reported on Tuesday.
The FT, citing documents, said scans of more than 700 passports and state identity cards were discovered on an unprotected cloud storage server associated with the Abu Dhabi Finance Week (ADFW), a state-sponsored event that hosted more than 35,000 people in December.
U.S. investor and former White House communications director Anthony Scaramucci was also among those whose identity documents were exposed, the FT said.
…
ADFW, in a statement to Reuters, said, "a vulnerability in a third-party vendor-managed storage environment relating to a limited subset of ADFW 2025 attendees."
"The environment was secured immediately upon identification, and our initial review indicates that access activity was limited to the researcher who identified the issue," ADFW added.
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed
Researchers uncovered more worrying details about a long-running cyber espionage campaign suspected to be backed by the Chinese government, exemplifying how such attacks often go undetected until they’ve already caused significant damage.
Google Threat Intelligence Group and Mandiant said the Chinese threat group UNC6201 has been exploiting a zero-day vulnerability in Dell RecoverPoint for Virtual Machines since at least mid-2024. The group overlaps with UNC5221, also known as Silk Typhoon, which has been burrowing into critical infrastructure and government agency networks undetected since at least 2022.
The zero-day exploitation marks an escalation from this particular cluster of actors. State-sponsored attackers spent years implanting Brickstorm malware into networks before the campaign was finally detected last summer. By September, however, the attackers had replaced Brickstorm with Grimbolt, a more advanced malware that’s harder to detect, Google security researchers said Tuesday.
Quantum Computing and the Expansion of Cybersecurity Risk
Modern encryption standards and techniques have been used by companies and governments to secure precious information—from financial transactions and medical records to cryptocurrency, intellectual property, personal information, and national secrets. It underpins trust in everything from cloud computing to critical infrastructure.
The digital economy relies on encryption developed through complex mathematical problems that cannot be solved using today’s computing technology – “classical computing.” In short, our cybersecurity and data protection standards rest on a strong foundation based on scientific and mathematical frameworks that are not capable of being disrupted by current technology.
However, the sustained and rapid development of quantum computing threatens that foundation. Quantum computing is no longer a distant theoretical risk – it is an increasingly likely capability that will fundamentally impact how high-value, sensitive information is protected.
This reality requires significant thought and planning to prepare for the transition of data and cyber protections that will be safe under an entirely different framework.
Unit 42: Nearly two-thirds of breaches now start with identity abuse
Identity is still the primary entry point for cyberattacks, according to Palo Alto Networks’ threat intelligence firm Unit 42. In its annual incident response report released Tuesday, Unit 42 found that identity-based techniques accounted for nearly two-thirds of all initial network intrusions last year.
Social engineering was the leading attack method, accounting for one-third of the 750 incidents Unit 42 responded to in the one-year period ending in September 2025. Attackers also bypassed security controls with compromised credentials, brute-force attacks, overly permissive identity policies and insider threats, researchers said.
The persistent pitfalls of identity extended beyond initial access, with an identity-related element playing a critical role in nearly 90% of all incidents last year. Unit 42’s report highlights the explosive impact of identity abuse, and pins much of the problem on poor security controls and misconfigurations across interconnected tools and systems.
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.
The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview.
"Our research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations," OX Security researchers Moshe Siman Tov Bustan and Nir Zadok said in a report shared with The Hacker News.
