finrep logo
Gana Misra
By Gana Misra
Mon Jun 15 2026

Understanding Shadow AI Risks: The CB Financial 8-K Case

Share
Understanding Shadow AI Risks: The CB Financial 8-K Case

Understanding Shadow AI Risks: The CB Financial 8-K Case

On May 11, 2026, a Pennsylvania regional bank quietly filed an 8-K that changed the compliance calculus for every public company in America. No hacker. No ransomware. Just an employee using an unauthorized AI tool.

Key takeaway: Shadow AI incidents can independently satisfy the SEC's materiality threshold under Item 1.05 of Form 8-K, even without operational disruption, system compromise, or confirmed financial impact. The CB Financial Services filing is the first of its kind, and it will not be the last.

What Happened: The CB Financial 8-K Case Study

CB Financial Services, Inc. is the parent of Community Bank, a Pennsylvania-based regional bank. On May 5, 2026, Community Bank detected that an employee had used an unauthorized AI application to process non-public customer information, including names, Social Security numbers, and dates of birth. Two days later, on May 7, CB's management determined the incident was material. The Form 8-K under Item 1.05 was filed on May 11, 2026, four business days after the materiality determination.

Three facts about this filing deserve close attention:

  • No external attacker was involved. The incident arose from insider misuse of an AI tool, not a breach of CB's systems by a third party.
  • No operational disruption occurred. CB stated the incident did not affect banking operations, customer account access, payment systems, or core IT infrastructure.
  • No financial impact was confirmed. CB stated the incident was not expected to have a material impact on consolidated financial condition or results of operations.

Yet CB determined the incident was material, citing "the volume and sensitive nature of the non-public information at issue." Data sensitivity and volume alone crossed the threshold. That is the precedent.

Does an Employee Misusing an AI Tool Really Trigger a Form 8-K?

Yes, and the CB Financial filing proves it. As Wilson Sonsini Goodrich & Rosati concluded in their analysis of the filing: "A cybersecurity incident need not involve an external attacker or system intrusion or material financial consequences to qualify as material under Item 1.05. Insider misuse of technology, including unauthorized use of AI tools, can independently trigger SEC disclosure obligations if the confidential information at risk is sensitive and extensive."

The SEC's cybersecurity disclosure rules, adopted in July 2023 and effective for large accelerated filers from December 2023, define a "cybersecurity incident" broadly. The rules do not require a hack. They require a material incident affecting the confidentiality, integrity, or availability of information systems or the data they hold. An employee routing customer PII through an ungoverned third-party AI application fits that definition.

The rules are now fully in effect for all registrant categories, with no phase-in remaining.

How the Four-Business-Day Clock Works for Shadow AI

This is where many disclosure teams get the mechanics wrong.

Key takeaway: The four-business-day clock under Item 1.05 starts at the materiality determination, not at detection of the incident.

In the CB Financial case, the timeline ran as follows:

DateEventMay 5, 2026Community Bank detects unauthorized AI tool useMay 7, 2026CB determines the incident is materialMay 11, 2026Form 8-K filed (four business days after May 7)

The two-day gap between detection and materiality determination is not a grace period. It is the window in which management must conduct a materiality assessment. For shadow AI incidents, that assessment is harder than for a conventional breach, because there may be no clear system log, no forensic trail, and no obvious financial metric to anchor the analysis.

As Wilson Sonsini notes, "The four-business-day disclosure clock begins upon a materiality determination, not upon detection of the incident." The practical implication: companies that lack a shadow AI detection capability may not know an incident has occurred until weeks after the fact, but once they detect it, the materiality assessment clock is running immediately.

What Makes a Shadow AI Incident "Material" Without Financial Impact?

The CB Financial precedent applies the TSC Industries v. Northway "substantial likelihood" standard to a new fact pattern: data sensitivity and volume as independent materiality drivers, without any financial loss or operational disruption.

For disclosure committees evaluating a shadow AI incident, the materiality analysis should consider:

  • Type of data exposed. PII, Social Security numbers, financial account data, health information, and trade secrets each carry heightened sensitivity and regulatory consequence.
  • Volume of records affected. A larger number of affected individuals increases the probability that a reasonable investor would consider the incident significant.
  • Regulatory notification obligations triggered. If state breach notification laws are activated, that is itself evidence of materiality.
  • Litigation exposure. The CB Financial incident attracted plaintiff class action investigations before the 8-K was even filed. Several plaintiffs' firms publicly announced investigations into the incident.
  • Reputational and customer trust impact. For a bank, customer confidence in data handling is a core business asset.

Notably, CB's 8-K did not disclose the specific AI application involved or the precise number of affected customers. Companies can file an adequate Item 1.05 disclosure without identifying the tool or the exact scope, provided the filing describes the nature, scope, and timing of the incident and the material impact or reasonably likely material impact.

The Item 1.05 vs. Item 106 Distinction Most Teams Miss

Most commentary on the CB Financial filing focuses on the 8-K. But shadow AI creates a second, independent disclosure problem in the annual report that exists even if a company never has an incident.

Item 1.05 (Form 8-K) is incident-triggered. It applies when a material cybersecurity incident occurs. The four-business-day clock runs from materiality determination.

Regulation S-K Item 106 (10-K or 20-F) is ongoing. It requires annual disclosure of:

  • The registrant's processes for assessing, identifying, and managing material risks from cybersecurity threats
  • Whether and how the registrant engages third-party assessors, consultants, or auditors
  • Board oversight of cybersecurity risks and management's role in risk management

A company that has no shadow AI governance policy, no detection capability, and no incident response protocol for insider AI misuse cannot credibly make these Item 106 disclosures. And a company that describes robust cybersecurity risk management processes in its 10-K while shadow AI operates undetected across the organization faces a disclosure accuracy problem, regardless of whether an incident ever occurs.

The EDGAR record already shows sophisticated filers addressing this gap. AvePoint's FY2025 10-K explicitly names "Shadow AI" as a governed risk category, describing an "Autonomous Agent Governance" capability and a centralized command-and-control layer for AI agents. NVIDIA's FY2025 10-K includes a dedicated Item 1C Cybersecurity section describing "processes to manage cybersecurity risks associated with AI, such as enhanced governance of AI-related traffic." Most 10-Ks describe only perimeter and external threat governance. That gap is now a disclosure risk.

The SOX Angle Nobody Is Talking About

This is the most underappreciated legal dimension of shadow AI, and it sits squarely in the CFO's lap.

Under SOX Sections 302 and 906, CEOs and CFOs certify the effectiveness of disclosure controls and procedures and internal control over financial reporting (ICFR). If employees in finance, accounting, or financial reporting functions are using unapproved AI tools to process financial data, draft MD&A language, model financial projections, or perform calculations that feed into financial statements, those certifications may rest on an incomplete foundation.

Two specific risks follow:

1. ICFR deficiency. Shadow AI in financial reporting workflows is an ungoverned process operating outside the control environment. If an unapproved AI tool is influencing outputs that flow into financial statements, the control over that process is either absent or ineffective. That is the definition of a control deficiency. Depending on the likelihood and magnitude of a potential misstatement, it could rise to a significant deficiency or material weakness requiring disclosure.

2. Audit scope limitation. The Journal of Accountancy's February 2026 AI risk roundup identifies the "black box" problem directly: if AI tools used in financial reporting workflows cannot be audited for how they generate outputs, auditors cannot obtain sufficient appropriate audit evidence about those outputs. Under PCAOB AS 2201, this creates a potential audit scope limitation that could affect the auditor's report on ICFR.

A CFO who signs a SOX 302 certification while the finance team is quietly using an unapproved AI to draft disclosures or model projections is certifying a control environment that does not match reality. The CB Financial case makes this a foreseeable, not merely theoretical, risk.

For more on how disclosure teams can build evidence and audit traceability into their processes, see Finrep's guide on how disclosure teams can master evidence and audit traceability.

The Scale of the Problem

The CB Financial incident is not an outlier. It is the first documented case of a phenomenon that is already pervasive.

A November 2025 Cybernews survey of more than 1,000 U.S. employees found:

  • 59% of employees use shadow AI tools at work
  • 93% of executives and senior managers use shadow AI, meaning the risk sits at the level of the people who sign SEC certifications
  • 75% of shadow AI users admitted to sharing possibly sensitive information with unapproved tools
  • 57% said their direct manager is aware of and supports their use of such tools
  • Only 10% of employees work at companies where shadow AI is strictly prohibited

The governance vacuum is the direct precondition for an Item 1.05 event. As Žilvinas Girenas of nexos.ai put it: "Shadow AI thrives in silence. When managers turn a blind eye and there's no clear policy, employees assume it's fine to use whatever tool gets the job done. That's how sensitive data ends up in places it should never be."

The financial cost is also quantified. IBM data shows that data breaches caused by shadow AI cost $670,000 more on average than breaches involving sanctioned AI tools. That cost differential is itself relevant to the materiality analysis under Item 1.05.

On the technical side, Palo Alto Networks research documents that GenAI traffic surged more than 890% in 2024, organizations saw an average of 66 GenAI apps in use with 10% classified as high risk, and GenAI-related data loss prevention incidents increased more than 2.5x, now comprising 14% of all DLP incidents.

The Layered Legal Exposure Beyond the SEC

For financial institutions, the CB Financial case illustrates that SEC disclosure is only one layer of a multi-regulator problem. Wilson Sonsini identifies five distinct exposure layers:

Exposure LayerKey ObligationTypical DeadlineSEC Item 1.05 Form 8-KDisclose material cybersecurity incident4 business days from materiality determinationState breach notification lawsNotify affected individuals and regulators30-90 days from discovery/determinationFederal banking regulators (OCC, FDIC, Federal Reserve)AI risk and data security frameworksVaries by regulatorPlaintiff class action litigationDefend negligence, breach of contract, privacy claimsOngoing from incidentEmerging AI liability theoriesAdequacy of shadow AI governanceDeveloping

Several plaintiffs' firms announced investigations into the CB Financial incident before the 8-K was even filed. Affected customers may assert claims under negligence, breach of implied contract, invasion of privacy, and state consumer protection statutes. In jurisdictions with statutory data breach causes of action, per-person statutory damages can accrue without proof of actual harm.

Wilson Sonsini notes that "the novelty of Shadow AI as a vulnerability may give rise to emerging theories of liability centered on the adequacy" of governance, a theory that will only gain traction as the CB Financial filing becomes a known benchmark.

Are Your Risk Factors Adequate?

Most 10-K risk factors describe AI risks in one of two ways: risks associated with the company's own AI products and services, or risks from external AI regulation. Very few address the third category: internal employee misuse of third-party AI tools.

The CB Financial 8-K makes shadow AI a foreseeable, documented risk that a reasonable investor would consider significant. A company that has not added shadow AI as a named, specific risk factor now faces a potential disclosure accuracy problem if an incident occurs. The argument that shadow AI was not a known risk is no longer available after May 11, 2026.

For guidance on how peer companies are benchmarking their cybersecurity and AI disclosures against EDGAR filings, see Finrep's guide on how disclosure teams use SEC EDGAR for benchmarking.

The Agentic AI Escalation

One forward-looking dimension that existing coverage misses entirely: agentic AI.

The Journal of Accountancy's February 2026 AI risk roundup identifies agentic AI as a rapidly emerging risk category. Unlike a standard LLM that generates text, agentic AI takes autonomous actions: sending emails, executing transactions, modifying files, or chaining decisions across systems. An employee deploying an unapproved agentic AI tool creates a qualitatively different shadow AI risk, because the tool can cause consequential actions, not just expose data. The disclosure and governance implications of agentic shadow AI are an order of magnitude more complex than the CB Financial scenario, and disclosure committees should begin building frameworks for it now.

Shadow AI Disclosure and Governance Checklist

For CFOs, general counsel, and disclosure committees, the CB Financial filing demands an immediate review across six areas.

1. Incident assessment: do you have an open exposure?

  • Determine whether any shadow AI incident has already occurred or is under investigation
  • If yes, initiate a materiality assessment immediately; the four-business-day clock runs from the determination, not from this review
  • Document the assessment process and participants

2. Item 106 annual disclosure: does your 10-K reflect reality?

  • Review your current Item 106 cybersecurity risk management disclosure
  • Confirm whether it addresses insider AI misuse, not just external threats
  • If not, update the disclosure in the next annual report to describe shadow AI governance processes, or acknowledge the gap and the steps being taken to address it

3. Risk factor adequacy: is shadow AI named?

  • Review AI-related risk factors in the current 10-K or 20-F
  • Add shadow AI as a named, specific risk if it is not already present
  • Describe the potential for insider misuse of third-party AI tools to trigger disclosure obligations, data exposure, regulatory action, and litigation

4. SOX/ICFR review: is AI touching financial reporting workflows?

  • Survey finance, accounting, FP&A, and disclosure drafting functions for use of unapproved AI tools
  • Assess whether any AI-generated outputs have influenced financial statements or public disclosures without human verification
  • Determine whether a control deficiency exists and whether it requires disclosure

5. Governance and policy: do you have controls that actually work?

  • Audit current AI tool usage across the organization, including at the executive level
  • Implement or update an AI acceptable use policy that distinguishes approved from unauthorized tools
  • Deploy technical controls to monitor and restrict unauthorized AI tool usage (note: the Journal of Accountancy identifies blocking websites and providing accessible approved alternatives as the primary behavioral mitigations)
  • Establish a shadow AI incident response protocol with a defined materiality assessment process and documented escalation path to the disclosure committee

6. Peer benchmarking: where do you stand?

  • Review how peer companies are disclosing AI governance in their Item 106 sections
  • Use AvePoint's FY2025 10-K and NVIDIA's FY2025 10-K as benchmarks for explicit shadow AI governance disclosure
  • Consider commissioning a third-party AI risk assessment that can be referenced in Item 106 disclosures

For teams building AI governance into their broader disclosure workflow, Finrep's analysis of AI in finance: what works, what fails, and the evidence covers the evidence base for AI tool governance in financial reporting contexts.

FAQ

What is the difference between an Item 1.05 Form 8-K and an Item 106 disclosure for shadow AI?Item 1.05 is incident-triggered: it requires disclosure within four business days of determining that a material cybersecurity incident has occurred. Item 106 is ongoing: it requires annual disclosure in the 10-K of the company's processes for managing cybersecurity risks, including board oversight and management's role. A company can face Item 106 exposure even if it never has a reportable incident, simply because its disclosed governance processes do not address shadow AI.

Does the CB Financial 8-K apply to non-financial companies?Yes. The SEC's cybersecurity disclosure rules apply to all reporting companies. CB Financial is a bank, which adds federal banking regulator exposure on top of the SEC layer, but the Item 1.05 and Item 106 obligations apply equally to technology, healthcare, manufacturing, and consumer companies. Any company with employees using unapproved AI tools to process sensitive data faces the same disclosure framework.

What information does a company have to include in an Item 1.05 shadow AI disclosure?The rules require disclosure of the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact. The CB Financial 8-K demonstrates that a company does not need to identify the specific AI tool involved or the exact number of affected individuals to file an adequate disclosure.

Can shadow AI create a SOX material weakness?Yes, if unapproved AI tools are being used in financial reporting workflows and the outputs influence financial statements or disclosures without adequate human review and verification, that is a control deficiency. Depending on the magnitude and likelihood of a potential misstatement, it could rise to a significant deficiency or material weakness requiring disclosure in the annual report and the auditor's ICFR opinion.

How should a disclosure committee structure its materiality assessment for a shadow AI incident?The committee should convene promptly upon detection, include legal counsel, the CISO, the CFO, and HR, and document the assessment in writing. Key inputs: the type and volume of data exposed, the regulatory notification obligations triggered, the litigation exposure, and the reputational impact. The CB Financial case shows a two-day assessment is achievable. The documentation of the process matters as much as the outcome, both for regulatory defense and for any subsequent litigation.

What is agentic shadow AI and why does it matter for disclosure?Agentic AI takes autonomous actions rather than just generating text. An employee deploying an unapproved agentic AI tool could cause the tool to send emails, execute transactions, or modify files without IT oversight. The disclosure and ICFR implications are more severe than data exposure alone, because the tool's actions could directly affect financial records or public communications. Disclosure committees should begin building governance frameworks for agentic shadow AI now, before an incident forces the issue.

The CB Financial 8-K is a line in the sand. Every public company's disclosure committee should be asking, this week, whether a similar incident at their organization would be detected, assessed, and disclosed within the required window. Most cannot yet answer yes.

You might also like

MD&A Flux Commentary Automation Under US GAAP

MD&A Flux Commentary Automation Under US GAAP

Jun 15, 2026
Responding to SEC Comment Letters: Best Practices for 2026

Responding to SEC Comment Letters: Best Practices for 2026

Jun 15, 2026
2026 AI Financial Statement Validation: Tools, Governance, and Standards

2026 AI Financial Statement Validation: Tools, Governance, and Standards

Jun 15, 2026

Run your SEC filing cycle on Finrep

Company
PlatformUse CasesAboutPricingContactCareers
Resources
BlogSEC Reporting JournalSecurityPrivacy PolicyTerms of Service
LinkedInTwitter/X
Ask AI aboutFinrep
ChatGPT
Claude
Perplexity
SOC2 Type 2 badge
ISO 27001 badge
Backed By
Accel logo
Finrep Footer