AboutBlogBusiness First AIFounder FreedomBook a conversation

How to talk to investors about AI without writing a cheque you cannot cash

Founder reviewing papers and a laptop in a quiet office meeting room
TL;DR

Overclaiming AI progress in an investor update carries personal legal exposure for the founder under Rule 10b-5, not just reputational risk. The SEC has brought AI washing enforcement actions against companies that exaggerated AI's role in their operations. The fix is specific, evidenced claims that name the pilot, the metric, and the scope. That approach is more defensible legally and more convincing to investors who have seen enough vague AI enthusiasm to be sceptical.

Key takeaways

- AI washing is a real regulatory category. The SEC has used Rule 10b-5 to pursue companies that exaggerated their AI capabilities in investor communications, and the label now appears explicitly in enforcement guidance. - Personal liability for AI overclaims in investor updates sits with the founder who signs off, not with the technical team or delegate who drafted the content. - Having a reasonable basis means you can point to documented evidence for every AI claim and have disclosed the scope of that evidence alongside it. - Specific, scoped claims about named pilots with measured results are both more legally defensible and more credible to sophisticated investors than broad statements about AI impact. - AI governance maturity has become a valuation and due diligence signal. The investor update where you establish accurate AI habits is also the start of the documentation trail an acquirer will assess.

The section of the investor update that takes longest to write isn’t the numbers. It’s the paragraph about AI. You know roughly what the business is doing. The question is how to say it in a way that sounds like progress without overstating what you can actually evidence.

That tension is real and worth taking seriously. The regulator has started treating AI overclaims as a securities matter, acquirers are forensic about AI claims during due diligence, and the personal exposure for anything misleading in an investor communication sits with you as founder, not with the technical team who built the system.

What counts as AI washing in an investor communication?

AI washing is making materially false or misleading statements about AI capabilities to investors. The US Securities and Exchange Commission has brought enforcement actions under this label, applying Rule 10b-5 of federal securities law to companies that exaggerated the role AI played in their operations. The standard is whether you had a reasonable basis for the claim when you made it, and whether you disclosed the limits alongside it.

The cases tend to share a shape. A company puts confident, forward-leaning language about AI in its investor materials, claiming the product is AI-powered, that machine learning sits at the core of the business, or that AI is central to operations. The underlying evidence does not match. Sometimes the system exists but plays a far less central role than described. Sometimes it barely exists at all. The Regulatory Review documents this in the SEC’s own words. Companies “have to be honest about the role AI plays in their business and not exaggerate it to the point of AI washing.” That language is now embedded in regulatory guidance, not just enforcement correspondence.

Why does the personal exposure land on the founder, not the technical team?

The founder signs off on investor communications. That is the starting point for where liability sits. Regulatory enforcement and corporate litigation have established that director-level accountability for AI-related claims does not transfer to the technical team that built the system or supplied the figures. Harvard Law Review research documents cases where boards have been held accountable for AI misrepresentations even when the specific claims originated with engineers or technical leads.

This matters particularly in founder-led businesses where the delegate running the AI programme often drafts the relevant section. A well-meaning delegate may write that the AI is having a major impact on efficiency because from inside the project, that genuinely reflects the feeling. But the investor communication goes out under your name, and if that claim cannot be evidenced to the regulator’s satisfaction, you carry the exposure. The technical team carries no obligation under Rule 10b-5.

The volume of SEC enforcement is worth registering. The SEC filed 456 enforcement actions during its 2025 fiscal year, many with AI-related components. That reflects a regulator that has moved from issuing guidance to actively pursuing cases. For founder-CEOs running investor-backed businesses, this is relevant regardless of whether the business is publicly listed, since the fraud provisions in securities law apply to any securities transaction.

Where in the investor update does this risk show up?

The risk shows up in the narrative section, not the financial tables. The paragraph or two where you describe what AI is doing for the business, that is where overclaims tend to live. Phrases like “we are now AI-driven”, “AI is central to our operations”, or “our AI is delivering significant efficiency improvements” invite scrutiny when the evidentiary base behind them is thin.

The SEC’s comment letter guidance makes the specificity bar explicit. The regulator has asked companies in approximately 61% of its AI-related comment letters to clarify “how the AI is or is intended to be used in those initiatives, projects, or technologies and any attendant risks.” That is a direct signal about what level of detail is expected when AI features in corporate disclosures, and it applies equally when you are writing to your own board.

Beyond regulatory exposure, there is the due diligence dimension. Morgan Lewis research from 2026 describes AI readiness as “a decisive factor in both competitive positioning and transaction value” in M&A processes. Acquirers now verify AI claims against internal documentation during due diligence. A gap between what was claimed in investor materials and what was actually built is a deal risk, and often a price-adjustment point.

What does having a ‘reasonable basis’ look like in practice?

Having a reasonable basis means you can point to documented evidence that directly supports each AI claim, and that you have disclosed the scope of that evidence in the same breath. If a pilot is showing a 30% reduction in processing time for one team on one task, that is a legitimate evidence base. The claim in the investor update should reflect that scope, not extrapolate from it across the whole business.

The practical difference looks like specificity rather than sweep. “Our AI pilot in invoice processing has reduced processing time by 30% across the finance team” is a defensible statement with a reasonable basis behind it. “AI is delivering significant efficiency gains across the business” is the same result with the scope stripped out, and it is the version that creates exposure. The SEC’s guidance is direct on this. Companies should “avoid overstating their AI capabilities and making misleading disclosures about AI use or functionality if they cannot be supported.”

Describing what you have built accurately, with its current limits named, is more convincing and more defensible than either understatement or sweep. A specific claim with disclosed limits reads as command to a board or investor that has encountered enough vague AI enthusiasm to treat it as a signal of weak evidence rather than strong performance.

What connects to this, and why it matters beyond the next update

The discipline of evidenced AI claims sits at the junction of investor communications, board-level AI governance, and acquisition due diligence. Private equity and venture capital firms now incorporate AI governance assessments into standard due diligence processes. NACD survey data from 2025 shows 62% of directors now set aside dedicated board time for AI oversight discussions. The investor update is one surface of a broader expectation that will only grow.

Fifty-four percent of North American venture capital and private equity firms anticipate restrictions on their own AI usage due to governance concerns, according to Ocorian research. That reflects how seriously the investment community is taking this as an operational risk, not a soft concern. For a founder-led business with an exit in view, the AI governance story you are building now, evidenced claim by evidenced claim, is part of what an acquirer will assess when the time comes.

The investor update where you get the language right is also the start of the paper trail that supports a clean exit. Evidencing AI claims is part of running the business well. Getting it right now means there is something substantive to show when it matters most.

Sources

- The Regulatory Review (2026). Seminar: Regulating AI Washing. SEC enforcement on AI washing claims and Rule 10b-5 application to corporate AI misrepresentations. https://www.theregreview.org/2026/03/07/seminar-regulating-ai-washing/ - Harvard Law School Forum on Corporate Governance (2025). SEC Comment Letter Trend: AI-Related Disclosures. Documents the reasonable basis standard and SEC guidance on specificity in AI disclosures to investors. https://corpgov.law.harvard.edu/2025/01/16/sec-comment-letter-trend-ai-related-disclosures/ - New York State Bar Association (2026). Regulating AI Deception in Financial Markets. Analysis of Rule 10b-5 application to AI washing enforcement and the securities law framework. https://nysba.org/regulating-ai-deception-in-financial-markets-how-the-sec-can-combat-ai-washing-through-aggressive-enforcement/ - Harvard Law Review (2025). Amoral Drift in AI Corporate Governance. Research on director liability for AI-related misrepresentations and board accountability for claims made by technical teams. https://harvardlawreview.org/print/vol-138/amoral-drift-in-ai-corporate-governance/ - National Association of Corporate Directors (2025). 2025 Board Practices and Oversight Survey: AI. Survey data showing 62% of directors now set aside dedicated board time for AI oversight discussions. https://www.nacdonline.org/all-governance/governance-resources/governance-surveys/surveys-benchmarking/2025-public-company-board-practices--oversight-survey/2025-board-practices-oversight-ai/ - BCG (2026). CEOs and Boards Are Aligned on AI in Theory but Divided in Practice. Survey finding 79% of CEOs and board members believe directors should demonstrate measurable AI understanding. https://www.bcg.com/publications/2026/ceos-and-boards-are-aligned-on-ai-in-theory-but-divided-in-practice - Morgan Lewis (2026). AI in M&A: The Shift from Competitive Advantage to Governance Imperative. Analysis of how AI claims and governance maturity are assessed in acquisition due diligence processes. https://www.morganlewis.com/pubs/2026/03/ai-in-m-and-a-the-shift-from-competitive-advantage-to-governance-imperative - Hunton & Williams (2025). Practical Guide to Managing AI-Related Directors and Officers Liability. Overview of emerging D&O exposure and coverage gaps for AI-related claims against directors and officers. https://www.hunton.com/assets/htmldocuments/Byline/Practical-Guide-to-Managing-AI-Related-Directors-and-Officers-Liability.pdf - Ocorian (2025). North American VC and PE Firms Expect AI Restrictions. Survey finding 54% of US and Canadian VC and PE firms anticipate AI usage restrictions due to governance concerns within 18 months. https://www.ocorian.com/knowledge-hub/insights/north-american-vc-and-private-equity-firms-expect-ai-restrictions-due - US Securities and Exchange Commission (2026). SEC Enforcement Actions: Fiscal Year 2025. Official record of 456 enforcement actions in FY2025, including AI-related securities law cases. https://www.sec.gov/newsroom/press-releases/2026-34

Frequently asked questions

Can the SEC take action against a private company founder for AI washing?

The SEC's AI washing enforcement actions to date have focused on public companies, where Rule 10b-5 applies directly to securities disclosures. For private companies, the risk is different in shape but real. The fraud provisions that underpin AI washing enforcement apply to any securities transaction, not just public markets, and investor communications in a private fundraising context carry their own legal exposure. Take advice from a securities lawyer if you are unsure about your specific jurisdiction.

What should I do if my delegate drafted the AI section and I'm not sure the claims are accurate?

Before you sign off, ask for the specific evidence behind each AI claim, specifically the named pilot, the measured result, and the scope it covered. If the evidence does not support the exact wording, rewrite it to match what you can document. Your signature on the communication is what creates the personal exposure. The delegate's original draft does not change that, however well-intentioned it was.

Is it better to say nothing about AI in an investor update than to risk overclaiming?

Silence creates its own signal. Investors now expect AI to be addressed, and an omission can raise questions about strategic awareness. The better answer is accurate, scoped claims rather than no claims at all. Describe what you have done, what you have measured, and what the next step looks like. That is more credible than either vague enthusiasm or a deliberate gap in the narrative.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

Two people at a desk reading a short printed document together, one pointing at the page

Write an AI acceptable-use policy your team will actually follow

A sixty-page enterprise template sits unread. Here is how to write an AI acceptable-use policy that is short, default-allow, and genuinely followed.

Two colleagues at a meeting table reviewing a printed contract, one pointing to a section on the page

Who owns the AI in your agency, and what do you tell the client?

Two questions decide whether agency AI is an asset or a liability, and neither is technical.

Business owner in conversation at a boardroom table with colleagues, natural light from windows

What your board actually wants when it asks about AI

When your board raises AI, the question underneath is almost always about risk, accountability, and competitive standing. Here is how to read what they are actually asking.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd