The Signal: The SEC’s Cyber and Emerging Technologies Unit is examining investor communications from companies that have attributed operational results to AI capabilities: specifically, whether those claimed capabilities are supported by documented human oversight. The Nate, Inc. enforcement action (April 2025) established the legal architecture: concealing human labor behind claims of AI autonomy is securities fraud, not aggressive marketing.

The Governance Gap: Only 36 percent of corporate boards have implemented a formal AI governance framework (NACD Board Practices Survey, cited in WilmerHale, January 2026). Only 6 percent have established AI-related management reporting metrics. The gap between what the SEC is examining and what most boards have documented is the size of a material disclosure risk.

The Board Implication: Any investor communication that describes AI capabilities without a corresponding named-officer certification that those capabilities are supported by documented human oversight is potential AI-washing exposure. The CFO’s pre-publication disclosure review process must extend to every document that describes the organization’s AI capabilities: 10-K risk factors, proxy statements, earnings call scripts, investor presentations.

The Three-Day Action: The board chair directs the general counsel to (1) inventory all investor communications from the past four quarters that describe AI capabilities; (2) assess whether each described capability is supported by documented human authority designation; (3) identify any gap and establish a remediation protocol before the next SEC filing cycle.

The complete AI disclosure governance framework, including the SOX 302 review protocol and the human authority documentation standard, is developed in the Leadership Reinvention in the AI Era research hub.

Sources: SEC/DOJ v. Nate, Inc. (April 2025). WilmerHale Board Oversight and Artificial Intelligence (January 2026). Oxford Law Blogs, Algorithmic Oversight (March 2026).