ma2tic

The brief · 7 May 2026

The AI brief, 2026-05-07

GPT-5.5 has barely started running in ChatGPT before reality steps in to remind us of its limits: the FDA is still hitting the brakes on self-learning AI, a US bank discovers the cost of unauthorized AI use, and Brussels reworks its high-risk rules, this time taking aim at intimate deepfakes.

2 min read J / K to navigate

US Bank Files 8-K Over Employee's Unauthorized AI Use

CB Financial Services just reported the first incident of its kind to the SEC: not a hack, not an outage, just an in-house AI tool that processed customer names, Social Security numbers, and dates of birth without authorization. Any company letting employees plug ChatGPT or similar tools into sensitive data without clear guardrails should take note. Shadow AI is now a trigger for regulatory disclosure.

practitioners › Incident discovered May 5, deemed material on May 7 due to data volume and sensitivity; no operational disruption reported.

SEC Form 8-K, CB Financial Services, Inc. →

EU Delays High-Risk AI Rules, Cracks Down on Intimate Deepfakes

The European Parliament and Council have agreed on an Omnibus VII package that pushes back enforcement of the AI Act's heaviest obligations, the ones targeting high-risk systems. In exchange, the text adds an explicit ban on non-consensual intimate content and AI-generated child sexual abuse material. For you, nothing changes with ChatGPT today, but it buys vendors an extra year before the compliance deadline they'd been dreading kicks in.

practitioners › High-risk system rules now apply from December 2027, with some categories pushed to August 2028, versus the original 2026 timeline.

www.consilium.europa.eu →