The legal market still treats website control as a marketing issue.
It is now a governance issue too.
Over the last five weeks, the public evidence around frontier AI and vulnerability discovery has moved from abstract concern to operational warning.
On April 7, 2026, Anthropic published its Mythos Preview research and described a model materially better than prior systems at finding serious bugs and turning them into working exploit paths. On May 12, 2026, Microsoft said its new agentic security system helped find 16 new vulnerabilities across the Windows networking and authentication stack, including four Critical remote code execution flaws. On May 13, 2026, Palo Alto Networks said its first full scan across 130+ products surfaced 26 CVEs representing 75 issues, with most of those findings coming from frontier AI model scans.
The signal is clear enough.
Vulnerability discovery is accelerating. Attack-path chaining is improving. Patch and remediation cycles are compressing. The question for law firms is not whether they personally have access to Mythos. The question is whether their current public stack is governed tightly enough for the environment that is now forming around them.
For many firms, it is not.
The Weak Point Is the Public Stack
The weakest technical surface in many firms is still the public one:
- an agency-controlled WordPress site
- layered plugins no one at the firm can fully inventory
- form handlers routed through multiple vendors
- analytics and ad attribution managed outside the firm's direct control
- partial admin access, or no admin access at all
- reporting delivered as PDFs instead of inspectable systems
That structure was already brittle before frontier AI accelerated vulnerability discovery. It becomes harder to defend when software flaws are being found, validated, and chained together faster than organizations are used to patching them.
This is where the conversation usually goes wrong.
This is not an argument that "WordPress is dead." Many firms are running public infrastructure they do not fully own, do not fully inspect, and cannot fully patch on their own timetable.
That condition is the problem.
Frontier AI Has Changed the Time Budget
Anthropic's own writeup says Mythos Preview reached capabilities well beyond its prior public models in exploit development and severe bug discovery. Anthropic also said the transition period may be tumultuous enough that it initially restricted access through Project Glasswing so defenders could begin securing important systems before similarly capable models are broadly available.
Palo Alto's May 13, 2026 update adds the operational part of the story. The company said this was the first time the majority of its monthly findings came from frontier AI model scanning, and that it had already pushed patches for its SaaS-delivered products while making patches available for customer-operated products.
Microsoft's May 12, 2026 post made the same strategic point from another angle: the durable advantage is not a single model, but the agentic system around the model. Law firms do not need to be frontier-model labs to feel the downstream effect. They just need to operate software and vendors that are slower to surface, validate, and patch their own weaknesses than the environment now demands.
The legal market has a lot of those.
Your Marketing Agency Is Usually Not Set Up to Carry That Burden
A typical legal marketing agency is built to:
- run ad campaigns
- maintain the site
- publish articles
- adjust SEO metadata
- send monthly reports
It is not usually built to:
- maintain a disciplined software inventory
- minimize plugin sprawl
- run repeatable access reviews
- preserve clean code ownership
- give the firm direct deployment control
- show exactly which scripts, tags, forms, and vendors sit on the public stack
- support fast remediation without negotiation over who owns the environment
This is not a moral criticism of agencies. It is a structural criticism of the arrangement.
If the firm cannot inspect its own accounts, code, hosting, analytics, tracking, and admin paths directly, then the firm does not control the risk.
That was already true for attribution.
It is now true for security too.
The Real Problem Is Control, Not Design Taste
Many lawyers still hear this argument and reduce it to a design preference: "You want us off WordPress." That is too shallow.
The actual governance questions are:
- Who owns the domain?
- Who controls DNS?
- Who can inspect the codebase?
- Who can deploy a fix?
- Who knows which plugins and third-party scripts are live?
- Who has primary access to Google Analytics and Google Ads?
- Can the firm attach its own MCC and audit campaign/account behavior directly?
- Can the firm leave without rebuilding the stack from zero?
Those are not branding questions.
They are operating-control questions.
If the answer to most of them is "the agency" or "we'd have to ask," the firm is renting critical infrastructure without a clean audit path.
AI Governance Has To Reach the Public Stack
Legal AI governance is usually framed too narrowly:
- approved use policies
- prompt rules
- confidentiality reminders
- output review
Those matter. They are not enough.
AI governance now has to include the public stack too:
- websites
- forms
- routing logic
- analytics tags
- third-party scripts
- CRM handoffs
- call tracking
- document upload entrypoints
The reason is straightforward.
The firm's intake surface is now part of the same data and workflow environment that later feeds attribution, pre-matter operations, and, increasingly, AI-assisted internal work. If that surface is over-instrumented, over-permissioned, or vendor-obscured, the governance posture is already weak before a matter is even opened.
This is also why Cisco's May 12, 2026 Foundry Security Spec is more relevant than it may appear at first glance. Cisco's argument is that tossing a repository at a frontier model gives you noisy output, while a real security system wraps the model in orchestration, validation, coverage rules, guardrails, and provenance. That logic applies outside a security team too.
A law firm's public stack should not be an unbounded vendor bundle plus assurances. It should be a controlled system the organization can inspect, govern, and change.
This Does Not Mean Panic. It Means Repatriation.
The lazy version of this argument says every firm needs a total rebuild tomorrow.
The serious answer is staged control:
1. Repatriate the critical accounts
The firm should directly control:
- domain and DNS
- Google Analytics
- Google Ads
- Tag Manager
- hosting and deployment access
- code repositories
An agency can still help operate them. It should not be the sole owner of them.
2. Audit the public stack
Before talking about AI transformation, most firms need a direct inventory of:
- plugins
- scripts
- forms
- tracking tags
- routing paths
- vendor dependencies
- admin users
If no one at the firm can produce that inventory quickly, the answer is not "trust the stack." The answer is to get the inventory.
3. Reduce avoidable complexity
Not every plugin is evil. Not every third-party script is reckless.
But a public stack that accumulated over years of agency handoffs, ad-tech add-ons, SEO widgets, and form vendors is usually carrying more attack surface than the firm realizes.
4. Move from AI policy to AI governance
Policy says, "use approved tools."
Governance says:
- these are the approved tools
- these are the allowed workflows
- these are the review boundaries
- these are the data paths
- these are the systems we control directly
Firms need that level of control now.
Human Review Still Matters. That Does Not Reduce the Pressure.
The current generation of offensive and defensive AI systems still benefits from strong human operators.
That is visible in:
- Anthropic's own limited-release posture
- Palo Alto's emphasis on scanning harnesses, context, and guardrails
- Microsoft's multi-agent orchestration model
- XBOW's May 12, 2026 evaluation, which found Mythos especially strong on source-code reasoning but still in need of structured validation and live-environment control
That is not an argument for complacency. It is an argument for system design.
The firms that will handle this transition best are not the firms with the best slogans about responsible AI. They are the firms with tighter control over their public entrypoints, data paths, vendor access, and operating record.
What Law Firms Should Do Now
If your firm is still running a plugin-heavy public site through an agency relationship you cannot fully inspect, the current market signal should land as a governance problem, not only a marketing problem.
Start here:
- make sure the firm owns the domain, analytics, ads account, hosting, and code
- attach your own MCC and inspect ad-account behavior directly
- inventory the live public stack
- identify where plugins, scripts, and routing layers have accumulated
- reduce dependency on monthly PDF reporting and black-box admin access
- move from AI policy language to approved-tool and workflow governance
The public site is not outside the legal AI conversation anymore.
It is one of the places where the conversation becomes real.
Sources
- Anthropic RED: Mythos Preview (April 7, 2026)
- Microsoft Security Blog: Defense at AI speed (May 12, 2026)
- Cisco Blogs: Announcing Foundry Security Spec (May 12, 2026)
- Palo Alto Networks: Defender's Guide to the Frontier AI Impact on Cybersecurity, May 2026 Update (May 13, 2026)
- Reuters: Anthropic's Mythos sends US banks rushing to plug cyber holes (updated May 12, 2026)
- XBOW: Mythos for Offensive Security: XBOW's Evaluation (May 12, 2026)
FlowCounsel builds AI-enabled software for legal teams. FlowLawyers is the consumer-facing legal help platform with attorney discovery, legal-aid routing, state-specific legal information, and document tools. Neither provides legal advice. Attorney supervision of legal AI output is required.