|
AI trends, updates and resources to power your practice.
|
|
|
The month AI got risky – and real
As the air cools and Cybersecurity Awareness Month heats up, AI headlines are proving that innovation and risk often travel together. From rogue agents leaking data to lawmakers drawing hard lines in the sand, this month reminds us that intelligent tech can be both thrilling and unnerving. So take a moment to plug in – this month, we're diving into where the hype ends and the hard questions begin.
And if you're in tax, the 2025 season may be wrapping up, but there's never much time to exhale; the next wave of change is already rolling in. See how forward-thinking practitioners are staying ahead with CPA.com's latest AI Tax Research Solution Outlook Report.
|
What's in focus this month
- Agents gone rogue
- Computational over-claim
- The RAG reliability breakthrough
- The California AI accountability law
|
| |
|
|
What's new
The popular workplace tool Notion recently launched its 3.0 upgrade, featuring a suite of AI agents. However, this ambitious rollout has also introduced a significant security vulnerability: These AI agents can be manipulated to leak private and confidential data.
|
How it works
A security researcher demonstrated that by embedding a malicious prompt (as white text on a white background) within a seemingly harmless PDF, they could hijack Notion's AI agent. The agent was instructed to access confidential data from the user's private files, concatenate it and then use its web search tool to send this information to an external website controlled by the researcher. The technique, known as prompt injection, effectively turns the AI into an insider threat.
|
Behind the news
This exploit isn't entirely novel in its concept but represents a critical real-world application. It highlights a fundamental security flaw in AI agent architecture, where the combination of broad permissions, autonomous tool usage and susceptibility to prompt injection creates a “lethal trifecta” for data exfiltration. Traditional access controls are rendered ineffective once the agent is compromised.
|
Why it matters
For accounting firms and finance professionals, the implications are far-reaching. Confidential client information, financial statements, M&A strategies and other sensitive data housed within platforms like Notion are now at a new type of risk. An unwitting employee trying to summarize a document could inadvertently trigger a massive data breach, compromising firm and client integrity. This fundamentally challenges the security models of tools increasingly central to the profession.
|
Our thinking
This is a clear signal that we can't simply bolt on old security models to new AI-powered workflows. The autonomous nature of agents requires a paradigm shift in how we think about data protection. Before letting AI agents run wild with your firm's data, a rigorous assessment of their security architecture is crucial. The future of AI in finance and accounting hinges not just on capability, but on verifiable trust and security. This incident should serve as a critical case study for any firm considering the deployment of AI agents within their data environment.
|
|
|
|
|
What's new
A new paper by researchers at HSBC details a novel quantum computing model that researchers claim solves a class of “NP-hard optimization problems”, long considered intractable for classical computers. This suggests a potential watershed moment in computational capability, with HSBC claiming “34% advantage in predictions of financial trading data.”
|
How it works
The model reportedly uses a simulated quantum annealing process on classical hardware. By representing complex variables as a system of interacting qubits, it can theoretically navigate vast, complex solution spaces – like those in portfolio optimization or logistical routing – to find a near-optimal solution exponentially faster than traditional algorithms.
|
Behind the news
This isn't the first such claim to create a stir. However, this one caught the attention of prominent computer scientist Scott Aaronson, who quickly published a detailed critique. He argues that the paper's authors misinterpret their results, achieving a clever speedup on a narrow problem set rather than a genuine, scalable solution to the broader class of NP-hard problems.
|
Why it matters
For finance and accounting professionals, a true solution to these problems would be revolutionary. It would unlock unprecedented efficiency in everything from strategic tax planning and audit path optimization to real-time risk modeling for entire investment portfolios. The excitement, and subsequent skepticism, around this paper underscores the high stakes for a verifiable breakthrough.
|
Our thinking
This is a masterclass in technological hype cycles. The promise of solving impossible problems is deeply alluring, but the gap between a research claim and a robust, production-ready tool is immense. For leaders in finance, the lesson is clear: Cultivate a healthy, informed skepticism. The strategic advantage won't go to the first to adopt a new technology, but to those who can rigorously discern a true breakthrough from a clever, but limited, illusion.
|
|
|
The RAG reliability breakthrough
|
|
|
What's new
New research from September 2025 introduces a breakthrough framework for financial AI systems that combines agentic artificial intelligence with an advanced retrieval technique called Multi-HyDE. The study demonstrates that this approach improves accuracy by 11.2% while reducing AI hallucinations by 15% when handling complex financial documents and questions.
|
How it works
The framework addresses a fundamental weakness in traditional AI systems: the reliance on single-database retrieval that often misses critical information in lengthy financial documents. Multi-HyDE solves this by generating multiple different query variations to capture information from various angles, while the agentic AI component acts as an orchestrator that can break down complex questions, select appropriate search strategies and verify results before generating answers. The system integrates both semantic search and keyword-based retrieval to handle the massive token volumes typical of financial filings, regulatory documents and multi-year reports.
|
Behind the news
This research represents a significant evolution in Retrieval Augmented Generation (RAG) technology, moving beyond the simple retrieve-and-generate approach that has dominated the field. Traditional RAG systems struggle with financial documents because brief queries often fail to match the verbose, context-rich nature of source materials. The Multi-HyDE system addresses this semantic mismatch by creating hypothetical documents from multiple perspectives, dramatically improving retrieval coverage without increasing computational costs. The agentic component adds another layer of sophistication by enabling multi-hop searches and intermediate verification steps that mirror how human analysts approach complex financial questions.
|
Why it matters
For accounting and finance professionals, this breakthrough directly addresses one of the biggest obstacles to AI adoption: reliability. The 15% reduction in hallucinations is particularly significant given that even small errors in financial analysis can have major consequences for compliance, client relationships and liability exposure. The system's ability to handle regulatory filings, earnings transcripts and complex multi-document analyses positions it as a practical tool for tasks like due diligence, compliance monitoring and financial research. Rather than replacing human expertise, this technology augments it by quickly surfacing relevant information across vast document repositories while maintaining accuracy standards appropriate for high-stakes financial work.
|
Our thinking
This research validates a crucial principle: Effective AI for finance requires domain-specific architecture, not just general-purpose models. The modest but meaningful improvements in accuracy and hallucination reduction suggest we're moving from experimental AI to production-ready systems for financial professionals. The key insight is that successful AI tools for accounting and finance will need to combine multiple retrieval strategies, sophisticated orchestration and continuous verification rather than relying on brute-force approaches. For CPAs and financial analysts, this points toward a future where AI assistants can reliably handle document-intensive research tasks, freeing up time for judgment-intensive advisory work. The winners will be professionals who learn to work alongside these increasingly sophisticated AI systems while maintaining the critical oversight that only human expertise can provide.
|
|
|
The California AI accountability law
|
|
|
What's new
California Governor Gavin Newsom signed Senate Bill (SB) 53 into law on Sept. 29, 2025, establishing the nation's first comprehensive transparency and safety requirements for large AI companies. The landmark legislation requires major AI labs including OpenAI, Anthropic, Meta and Google DeepMind to disclose safety protocols and report critical incidents to state authorities.
|
How it works
SB 53 creates three core accountability mechanisms. First, it mandates transparency around safety testing and risk mitigation protocols that companies use before deploying AI systems. Second, it establishes whistleblower protections for employees at AI companies who identify safety concerns. Third, it creates a formal reporting structure through California's Office of Emergency Services for critical safety incidents, including cyberattacks conducted by AI without human oversight and deceptive model behavior not covered by existing EU regulations.
|
Behind the news
The bill's passage came amid fierce industry opposition. The timing is particularly notable given that Silicon Valley tech leaders have recently poured hundreds of millions into super PACs backing candidates who favor minimal AI regulation. Newsom's signature suggests growing political willingness to establish guardrails despite industry resistance. New York has already passed similar legislation, awaiting Governor Hochul's decision, which suggests that California's approach may become a template for other states.
|
Why it matters
For finance and accounting professionals, SB 53 creates a new layer of due diligence obligations when evaluating or deploying AI tools. The law's focus on transparency around safety protocols means firms will need to demand documentation from vendors about how AI systems were tested and what safeguards exist against errors or malicious behavior. The incident reporting requirements signal that regulators are treating AI deployment as a matter of public safety, not just technological innovation. For CFOs and technology officers in accounting firms, this legislation underscores the importance of vendor risk management frameworks that specifically address AI-related risks. The whistleblower protections also create potential early warning systems, as employees inside AI companies may surface concerns about products before they reach widespread adoption in financial services.
|
Our thinking
This law marks a turning point in AI governance, moving from voluntary industry commitments to enforceable legal requirements. For finance professionals, the immediate implication is clear: AI adoption strategies must now include regulatory compliance and risk assessment frameworks. Smart finance leaders will get ahead of this trend by building robust AI governance programs now, including vendor transparency requirements, incident response protocols and clear accountability chains for AI-assisted decisions. The patchwork regulation concern raised by tech companies is legitimate, but the alternative of no regulation poses greater long-term risks to firms operating in high-stakes financial contexts. The question isn't whether to regulate AI but how to do it intelligently while preserving innovation. California's first-mover approach gives finance professionals a roadmap for thinking about AI accountability even in states that haven't yet acted.
|
|
| |
|
|
CPA.com
1345 Avenue of the Americas, 27th Floor
New York, NY 10105
888.777.7077 |
|
|
|
|
