What's happening in law —
and what it means for your practice.
Real events in legal AI, compliance, enterprise security, and ESG. analyzed through the lens of what modern legal practice requires. When something happens in the world that Marcella is designed to address, we write about it here
Axios Was Breached. The Communication Infrastructure Went Down With the Data.
Axios. a major media organization with sophisticated security infrastructure. was compromised. Internal communication systems were affected. The attack pattern was consistent with the emerging ransomware playbook: encrypt the data and the tools needed to respond to the breach simultaneously. Axios's technology team is sophisticated. Their security posture is well above average. It did not prevent the attack
The lesson is not about Axios specifically. It is about the attack surface that every organization with AI tooling has created: platforms that hold sensitive data and coordinate internal operations are high-value targets precisely because compromising them creates maximum operational disruption. Any AI platform that stores your documents, indexes your communications, and participates in your workflow is part of that attack surface. unless it is architecturally separated from the infrastructure under attack
Akin Gump Publishes on California's SB 253 CARB Workshop. Every Corporate Client With California Operations Needs to Read It.
Akin Gump's environmental practice published analysis of the March 2026 CARB SB 253 workshop. California's implementation of mandatory climate disclosure for companies with $1B+ in California revenues. The disclosure requirements are expansive: Scope 1, 2, and 3 emissions, third-party attestation, and annual reporting with potential enforcement exposure
The challenge for corporate legal teams is that SB 253 creates disclosure obligations that interact with SEC climate disclosure rules, EU CSRD requirements, and voluntary GHG Protocol commitments simultaneously. The multi-framework analysis is not something general counsel can run on instinct
Change Healthcare: The Largest Healthcare Breach in US History Created Legal Exposure for Thousands of Organizations That Never Held the Data.
The ALPHV/BlackCat attack on Change Healthcare disrupted claims processing for thousands of healthcare providers. hospitals, pharmacies, physician practices. that had no direct relationship with the compromised data. The downstream legal exposure included HIPAA breach notification obligations, state notification requirements, and potential liability for disrupted patient care
Healthcare attorneys saw an unprecedented volume of questions about downstream liability and notification obligations. questions that required synthesizing HIPAA regulations, state breach notification statutes, and emerging OCR guidance simultaneously
United States v. Heppner Is Not an Isolated Incident. It Is the Default Behavior of Every General-Purpose AI Tool Applied to Legal Research.
The attorney in Heppner submitted AI-generated case citations that did not exist. The cases were fabricated. plausible-sounding names, docket numbers, and holdings generated by an AI optimized for fluency rather than accuracy. The attorney faced sanctions. The matter was damaged
Since Heppner, dozens of similar incidents have been documented in courts across the country. The attorneys involved were not negligent. they used powerful tools without understanding the architectural distinction between generative output and retrieved authority. State bars are developing guidance on AI use. The professional responsibility exposure is real and growing
CMMC Level 2 Certification Is Now a Hard Requirement for Government Contracts. The Assessment Queue Is Long. The Preparation Gap Is Wider.
CMMC Level 2 certification. covering all 110 NIST SP 800-171 Rev 3 controls. is now a hard prerequisite for government contracts involving Controlled Unclassified Information. The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) is conducting assessments. The queue is months long. Companies showing up to assessments without organized evidence packages are failing
The gap is not technical compliance. most government and defense contractors have the controls in place. The gap is evidence organization: mapping the right policy document to the right control, with a defensible audit trail showing the control has been maintained, not just installed
The Texas Stock Exchange Launches This Year. The Attorneys Who Have the Corpus Today Own the Client Relationships When Listings Start.
TXSE received SEC approval in September 2025 and begins trading and corporate listings in 2026. BlackRock, Citadel Securities, JPMorgan, Goldman Sachs, and Charles Schwab are founding investors. It is the first fully integrated national securities exchange to receive SEC approval in decades.
Every Texas securities attorney simultaneously needs to learn a new exchange from scratch. Nobody has experience with TXSE because it does not have a track record yet. TXSE listing rules, corporate governance requirements, and TSSB enforcement posture around TXSE-listed companies are all new. The attorney who has the indexed corpus today walks into every TXSE client call already knowing the answer. The attorney who waits reads the same PDF the client just read.
See how Marcella applies to your practice.
30 minutes. We'll walk through the news that matters for your specific practice area. and demonstrate how Marcella handles the research and compliance it creates
Book a Demo →See all of Marcella's capabilities.
The full research platform. statutory corpus, treatise intelligence, matter memory, CMMC, eDiscovery
View Marcella →