Cyberattacks on law firms are rising. Does adding AI make it worse?

Adding AI makes a law firm's cybersecurity worse when it means handing client data to one more outside tool, and better when the AI runs inside controls the firm already owns. So the real question of whether AI tools are a cybersecurity risk for law firms has a precise answer: it depends entirely on where the tool sits and what it is allowed to keep. The attack surge hitting firms right now is driven by third-party exposure and weak oversight, not exotic hacking, and a careless AI rollout widens exactly that weakness.

The instinct to freeze is understandable, and it is the wrong read. The firms getting burned are the ones that bolted a tool onto the practice without asking where the data goes. Fitted the other way, to the firm's own architecture and fenced by strict guardrails, the same technology hardens the perimeter.

Are cyberattacks on law firms actually rising?

Yes, and the numbers are not subtle. A 2026 study by Proton of roughly 500 US firms found that about one in five were hit by a cyberattack in the past twelve months. FindLaw's annual data security report, covered by Above the Law in April 2026, found incidents nearly doubling year over year in some categories, with ransom demands climbing past four million dollars. Firms are a rich target for a plain reason: they concentrate other people's most sensitive material in one place. That concentration is the whole value of the attorney-client relationship, and the whole prize for an attacker.

What is actually driving the increase?

The cause is rarely sophisticated hacking. The reporting points the other way: most breaches trace to basic failures, things like unpatched systems, poor credential management, thin user training, and weak vendor oversight. Third-party vendors alone are involved in about a quarter of incidents. Every outside service a firm wires into its data is another door, and the firm trusts that vendor's security as much as its own. The real attack surface is the firm plus everyone it has connected in.

Are AI tools a cybersecurity risk for law firms?

They can be, and the risk is the same one driving the breach surge: third-party exposure. A typical consumer AI tool is one more outside vendor, holding a copy of whatever you typed, governed by a contract most firms never read, and sometimes using those inputs to train its model. Drop privileged client material into that and you have added another door, on a system you do not control, to data you are obligated to protect. The risk is not the intelligence. It is the location and the retention.

How can a firm add AI without widening the hole?

Put the AI where the firm's controls already reach, and fence what it is allowed to do. In practice that comes down to three things, and a firm that gets all three keeps AI behaving like the rest of its secured systems rather than like a new vendor risk.

• Fit, not silo: the tool sits inside the firm's existing architecture, so client data stays under controls the firm already trusts rather than moving to an outside store.
• No retention, no training: the contract and configuration bar the tool from keeping the firm's inputs or using them to train a model.
• A human at the boundary: a person reviews the AI's output at the point where it becomes work product, so a confident-sounding mistake never ships unchecked.

Where should a firm start?

Start by mapping where client data actually flows before connecting anything new, because you cannot guardrail a path you have not traced. That mapping is the first thing a configuration audit does: it finds where data rests, which outside tools already touch it, and where an AI tool can sit without becoming the next third-party hole. It is the same principle JurisLabs Anchor is being built on, with the AI living inside the workspace and the firm's controls instead of someone else's data store. The numbers are a push to be deliberate about where AI sits, then to get on with using it. A short call can tell you whether your current setup has a clean perimeter or a quiet open door.