Stability AI's Getty watermark defence and the UK's SRA fraud alert surge put AI-generated evidence and law firm impersonation at the centre of legal practice risk in 2026
Two distinct but connected AI-and-law developments surfaced on 7 April 2026. First, the Stability AI v Getty Images motion in California federal court (detailed in the Disputes story) raises a foundational question for legal practice: how courts will treat AI-generated outputs as evidence in IP litigation. When an AI model produces an image bearing a garbled version of a third party's watermark, the legal question is whether that output constitutes admissible evidence of copyright management information (CMI) removal under the Digital Millennium Copyright Act (DMCA) — or, in parallel UK proceedings, under the Copyright, Designs and Patents Act 1988 (CDPA). The answer shapes how lawyers disclose, authenticate, and present AI-generated outputs in future disputes. Second, the Solicitors Regulation Authority (SRA) has reported a significant increase in fraud alerts involving scammers impersonating law firms in Q1 2026 compared with the same period last year. Named firms impersonated include Skadden, Hogan Lovells, Sullivan & Cromwell, Linklaters, Travers Smith, Clifford Chance, Herbert Smith Freehills, Mayer Brown, White & Case, and Taylor Wessing. The impersonation attacks — using lookalike email domains and fake firm identities — are believed to be AI-assisted, with generative AI enabling fraudsters to replicate firm communications at scale and with greater plausibility than manual methods. Taken together, these stories define the two-sided AI risk facing City firms in 2026: AI as a subject of litigation (training data and IP), and AI as an instrument of fraud targeting the legal sector.
Why this matters
The SRA fraud alert data is directly actionable for law firms: the increase in AI-assisted impersonation attacks means firms need to upgrade client-facing communication authentication, revise anti-fraud policies, and potentially issue SRA fraud warnings to clients — all of which create compliance and risk management work. The Stability AI case simultaneously presents the question of how lawyers will authenticate and disclose AI-generated materials in litigation, a question that UK courts have not yet definitively answered under the CDPA and the Civil Procedure Rules' disclosure framework. Law firms advising AI companies, rights-holders, or companies holding AI-generated evidence will need to develop internal protocols for AI output authentication. The convergence of these two issues — AI as fraud vector and AI as evidential subject — means that every major practice group, from disputes to corporate, now faces AI governance questions that require dedicated legal advisory frameworks rather than ad hoc responses.
On the Ground
A trainee in a disputes team dealing with AI-generated evidence would assist with disclosure review and categorisation — specifically, applying the firm's emerging AI output authentication protocol to determine whether AI-generated documents are disclosable and how they should be described in a disclosure list. In a regulatory context, they might assist with drafting a vendor due diligence questionnaire for a client evaluating an AI tool for legal use.
Interview prep
Soundbite
AI simultaneously creates the evidence in dispute and the fraud that forges the lawyers' letters — firms need governance frameworks for both simultaneously.
Question you might get
“How should a law firm respond if it discovers that scammers have been impersonating it using AI-generated communications, and what are the firm's obligations to affected clients under SRA rules?”
Full answer
Two AI-and-law stories from 7 April illustrate the dual-sided risk AI now presents to legal practice: Stability AI's motion in the Getty case forces courts to rule on whether AI-generated watermark outputs constitute admissible copyright evidence, while the SRA's fraud alert data shows a sharp rise in AI-assisted impersonation of major City firms. The first story matters because it will shape how lawyers in UK High Court proceedings present and authenticate AI-generated materials under the CDPA and CPR disclosure rules. The second creates an immediate compliance and client communication mandate for every named firm and those similarly exposed. Together, they show that AI governance is no longer a future-proofing exercise — it is a current operational and litigation risk that demands concrete protocols today.
Sources
My notes
saved