Criticism is growing that there is no practical legal framework to respond to artificial intelligence security threats. Current security regulation is designed on the premise that intrusions can be blocked, so it does not work against high-performance AI that can find vulnerabilities and attack on its own, such as Mythos.

At the 2nd AI Law Policy Forum jointly hosted on Thursday by Lee & Ko, the Korea Information and Communications Law Association, the Korea Data AI Law and Policy Association, and the Korea Information Society Development Institute (KISDI), Jeong Se-jin (정세진), a lawyer at Lee & Ko, said, "AI is difficult to respond to with existing security systems that block known risks." He added, "We need to change the security regulation paradigm to focus on resilience and dynamic response."

Since the emergence of generative AI, AI-enabled cyberattacks have surged, increasing the need to overhaul security regulation. CrowdStrike's 2026 Global Threat Report showed AI-enabled cyberattacks in 2025 rose 89 percent from the previous year. The time it took attackers to locate internal assets after an initial breach also fell to an average of 29 minutes. The fastest case was 27 seconds. Jeong said, "If you subscribe to good AI tools and are willing to use them, anyone can become a hacker."

The problem is that there is no legal basis to counter such threats.

A key issue is the lack of means to control high-performance AI. Article 32 of the AI Framework Act only requires high-performance AI operators to submit risk management results to the science and ICT minister. There is no way to stop it even if an AI system with verified capabilities for automated vulnerability detection, intrusion code generation and autonomous cyberattacks is distributed like Mythos. There is no obligation for pre-certification by an independent evaluation body and no provision restricting the distribution of risk models. Jeong said control should be determined based on actual attack capability, not computing power measured in FLOPs.

There is also no clear way to hold anyone accountable for incidents caused by agentic AI. Under the current Personal Information Protection Act, standards for measures to secure personal information safety, such as access-rights management and the duty to retain access logs, are designed on the premise of a "person." An AI agent can access databases and send data outside without employee instruction, but current logging obligations apply only to employee access. Even if a leak occurs, it is impossible to trace what the agent did, and it is unclear whether the AI developer, the user company or an employee should be responsible. Jeong pointed out that agentic AI can expand and delegate its own authority, making a static, human-based access-control system a poor fit.

◆"If AI attacks cannot be stopped anyway, regulation should be designed around resilience"

A representative example is the EU Digital Operational Resilience Act (DORA). DORA requires the financial sector to conduct regular, real-world penetration tests and to take responsive measures based on the results. It also includes duties to set rapid reporting systems and targets for recovery time and recovery points. Jeong explained that it does not aim to stop intrusions, but to make resilience and recovery after a breach the standard for regulation.

A shift to a dynamic response system was also proposed. Rather than forcing a fixed list of security measures as in the EU Network and Information Security Directive (NIS2), the approach would require flexible security systems tailored to each company's environment and threat profile. The argument is that AI searches for unknown vulnerabilities at machine speed, making it impossible to respond with standardized obligations. With many outside vendors involved in the AI supply chain, constant management of third-party threats was also cited as a key element.

The forum also stressed the need to move from a punishment-based system to an incentive-based one. Companies with advance capabilities, such as a constant risk management system and a vulnerability reporting and remediation system, would receive incentives, while penalties would be reduced for "good-faith failure" where breaches occur despite sufficient measures. Jeong said assessments should be based on response capability, not the incident itself.