MF

Matthew Fornaro

Business Litigation Attorney · Coral Springs, FL

Matthew Fornaro is a Florida business law attorney serving Coral Springs, Parkland, and Broward County. He represents small businesses in commercial litigation, contract disputes, and business torts. Schedule a consultation →

Key Takeaways

  • Florida business law protects companies from unfair competition, contract breaches, and partner disputes.
  • Acting early saves time, money, and business relationships.
  • An experienced business attorney helps you assess risk and choose the right legal strategy.

As an experienced business law attorney, I have spent more than two decades helping entrepreneurs, startups, and established companies work through contracts, disputes, growth decisions, and the kinds of operational issues that usually show up only after they have already become expensive. I have seen one technology wave after another move through the market. AI is different. It is moving faster, spreading further, and entering businesses long before many owners have stopped to think about the legal consequences. At FornaroLegal.com, my practice is built around practical legal guidance for business owners. That is exactly how I view this topic. Shadow AI and agentic AI are not abstract technology discussions. They are contract issues, confidentiality issues, intellectual property issues, governance issues, and, eventually, business litigation issues.

Many owners still think of AI as something being used mainly by larger companies or technology businesses. That is no longer true. In South Florida, and increasingly in business relationships that reach into New York and Washington, D.C., AI tools are already being used inside ordinary day to day operations. Employees use them to draft emails, summarize agreements, revise marketing copy, review spreadsheets, answer customers, and accelerate internal workflows. Vendors are using them too. In a surprising number of businesses, that use is happening informally, without a real policy, without much supervision, and without enough thought given to where data is going or who is responsible when the output is wrong.

AI Is Already Inside the Business, Whether Management Planned for It or Not

The first thing business owners need to understand is that AI adoption is no longer a future issue. It is already here. The real governance problem is not whether AI is being used. The problem is that in many businesses, management does not fully know how it is being used, by whom, or with what information. That is where legal risk starts to build quietly.

I see this the same way I see other forms of legal debt. A company does not wake up one morning and decide to create a major exposure. It gets there by making a series of small decisions that seemed efficient at the time. Somebody pastes customer information into a public AI tool. Someone else uses AI to revise contract language and no lawyer reviews the revision. A manager relies on an automated workflow to send responses or proposals that look official and binding. A vendor quietly incorporates AI into a service stack without clearly explaining how business data will be processed. None of that feels dramatic in the moment. Later, it can matter a great deal.

What Shadow AI Actually Means for a Small Business

Shadow AI is simply AI use that is happening outside approved channels or outside meaningful oversight. It may be as simple as an employee using a personal ChatGPT account to rewrite website copy or summarize a contract. It may involve a sales team dropping customer data into a prospecting tool. It may involve a contractor using an AI platform to create content or internal documents without anyone pausing to ask whether the platform retains prompts, trains on inputs, or creates ownership questions about the output.

The legal problem with shadow AI is not just secrecy. It is loss of control. Once business information is placed into the wrong system, several questions immediately follow. Was confidential information disclosed? Was customer data handled consistently with prior commitments? Did the company unintentionally weaken trade secret protection? Did someone create a record that will later complicate litigation, discovery, or privilege issues? Those are not technology questions. They are ordinary business law questions showing up through a new tool.

Agentic AI Raises the Stakes

Agentic AI takes the issue a step further. Instead of simply helping a person draft or summarize something, agentic systems can begin taking action within a workflow. They can send communications, trigger follow up steps, populate systems, move information, and in some cases make decisions inside preset parameters. For a business owner, that means the conversation is no longer just about whether AI helped create language. It is about whether AI acted in a way that affects rights, obligations, or relationships.

That matters because the law has always cared about authority, reliance, and accountability. If a system that appears to speak for the company offers pricing, confirms a scope of work, extends a deadline, or sends language that sounds binding, the recipient may treat it as company action. Even if management did not intend for the system to have that kind of authority, the business may still have to live with the consequences. That is why companies using AI driven workflows need to think carefully about human review, approval thresholds, disclaimers, and internal controls before these systems become embedded in operations.

Contract Risk Often Starts Before Anyone Thinks There Is a Contract Problem

One of the clearest places this issue shows up is in contract drafting and negotiation. Businesses are increasingly using AI to summarize terms, suggest revisions, redline language, generate proposals, and create first drafts. There is nothing inherently wrong with using technology to make work more efficient. The problem is assuming that speed is the same thing as judgment.

A contract does more than record a deal. It allocates risk, defines expectations, shapes remedies, and often determines how leverage will look if the relationship goes bad. That is why contract drafting and review should never be treated like a clerical task. If AI changes a limitation of liability clause, an attorney’s fee provision, a notice requirement, a termination right, or an ownership provision in a way that goes unnoticed, the company may not discover the problem until the dispute is already expensive. By then, the issue is no longer about drafting efficiency. It is about exposure.

This is also where businesses make a practical mistake. They tend to think of the contract problem as the lawsuit. Usually, the real problem is the path that led to the lawsuit. Weak language, informal side agreements, undefined scope, and unreviewed revisions create the conditions for the dispute long before any claim is filed. That is one reason why my transactional work and my litigation work inform each other. The way a contract reads on the front end matters because someday it may be read under pressure by a judge, an arbitrator, a mediator, opposing counsel, or a business owner trying to decide whether to settle.

Confidentiality and Trade Secret Problems Can Start With One Prompt

For many businesses, the most serious AI risk is not a dramatic public failure. It is a quiet confidentiality problem. If employees or contractors paste proprietary material, customer information, pricing data, internal procedures, product ideas, financial details, or sensitive communications into public AI tools, that may create immediate questions about whether the company has adequately protected its confidential information.

Trade secret protection is not automatic. It depends in part on whether a business takes reasonable steps to protect what gives it value. A company that is serious about trade secrets, customer relationships, and internal know how should be equally serious about how that information can and cannot be used in AI systems. That means clear internal policies, training, contractual controls, and vendor review. It also means understanding that convenience is not a substitute for discipline.

Business owners who are already thinking about intellectual property and confidentiality should view AI the same way they would view any other third party system that touches sensitive information. If you would not casually hand a particular file, strategy memo, customer list, or proprietary process to an outsider, you should not assume it belongs in a public AI interface either.

Intellectual Property Questions Get Messy Quickly

AI use also creates ownership questions that many businesses are not prepared to answer. Who owns an AI assisted deliverable created by an employee? What if a contractor uses AI to generate copy, code, or design work and the agreement does not clearly address work product ownership? What if a business builds brand value around content that was created or heavily reshaped by an outside tool with unclear terms of use? What if an employee uses confidential company material to train a workflow that later benefits someone else?

These questions matter even more in founder led and closely held businesses, where the brand, the methods, and the internal systems often are the business. Many small companies do not think of themselves as having major intellectual property exposure, but if the business depends on its name, content, processes, marketing assets, proprietary data, or customer relationships, it already does. AI simply makes those issues harder to ignore.

Vendor Risk Is Part of the AI Story Too

Many businesses are focusing on what their own employees are doing with AI and overlooking what their vendors are doing. That is a mistake. Marketing agencies, software providers, consultants, recruiters, customer service vendors, and back office providers are increasingly using AI tools inside their own service delivery. If the contract does not address that use clearly, the business may have very little visibility into where its data is going, what systems are being used, how prompts are retained, or whether that data is being used to improve third party tools.

This is where careful vendor contracting matters. Businesses should be asking simple but important questions. Is the vendor allowed to use AI in delivering the service? If so, under what restrictions? Can the vendor use company data to train models? What happens to that data when the engagement ends? Is there any audit, notice, or deletion requirement? If those questions are never addressed, the company may be taking on risk it never consciously agreed to assume.

The Litigation and Discovery Problems Come Later

Businesses often think about AI governance as a compliance or technology issue. They should also think about it as a future business litigation issue. If a dispute arises later, AI use may become part of discovery. Opposing counsel may ask whether AI assisted in drafting an agreement, generating a communication, handling a customer interaction, or processing confidential information. If employees used personal accounts, if prompts were deleted, or if AI use was never documented, the business may have trouble reconstructing what happened. That can complicate claims, defenses, and credibility.

This is especially important for companies that operate across state lines or have relationships outside Florida. Businesses with ties between New York and South Florida are already dealing with more complex transaction and dispute issues. AI use only adds another layer. If a business is growing across markets, it should expect counterparties, investors, and sophisticated counsel to ask harder questions about internal governance and data practices.

That is one reason I have written separately about the legal realities facing businesses with ties between New York and South Florida. Multi state business activity already requires more deliberate legal planning. AI governance only makes that more true.

What a Sensible Business Response Looks Like

The answer is not to panic and it is not to ban every AI tool. For most businesses, the better approach is straightforward. First, identify where AI is actually being used. Second, decide what categories of information should never be placed into public tools. Third, review vendor contracts and internal policies. Fourth, make sure that the people using these systems understand the difference between convenience and authority. Fifth, make sure that agreements involving contractors, employees, and service providers clearly address ownership, confidentiality, and acceptable use.

The businesses that handle this well will not necessarily be the ones with the most elaborate AI policy. They will be the ones that take the same disciplined approach they should already be taking toward business formation, contracting, governance, risk management, and intellectual property. They will treat AI as one more business system that needs clear rules, clear accountability, and informed legal judgment.

The Bottom Line

AI is not going away, and it should not be treated as a passing trend. For many businesses, it will become as ordinary as email, cloud software, and customer relationship platforms. The issue is not whether the tools exist. The issue is whether the business is using them in a way that protects contracts, protects confidential information, protects business value, and preserves options if something goes wrong.

That is how I look at this as an experienced business law attorney. My job is not to turn every new technology into a scare story. It is to help business owners think clearly about risk, structure their operations intelligently, and keep legal issues from slowing down momentum. If your company is revisiting contracts, internal policies, confidentiality practices, or vendor relationships in light of AI, there is already a great deal of value in doing that work before the next problem forces the issue. You can learn more about these topics through the Fornaro Legal news and insights page or by reaching out directly.

 

Originally published June 24, 2026.

 

 

Contact Information

Matthew Fornaro, P.A.

Commercial Litigation

Coral Springs, Florida

FornaroLegal.com

LinkedIn.com/in/MatthewFornaro

Instagram.com/Fornaro_Legal

Facebook.com/FornaroLegal

Tiktok.com/@FornaroLegal

X.com/FornaroLegal

LinkedIn.com/Company/16239137/

Bit.ly/FornaroLegal

Youtube.com/@MatthewFornarop.a.7953

MFornaro@FornaroLegal.com

954-324-3651 w

954-461-6475 m

Facing a business dispute in Florida?

Get a straight answer from an attorney who understands small business.

Schedule a consultation