cd /news/artificial-intelligence/can-we-rely-on-law · home topics artificial-intelligence article
[ARTICLE · art-61187] src=lesswrong.com ↗ pub= topic=artificial-intelligence verified=true sentiment=↓ negative

Can we rely on law?

A new study shows frontier AI models can rediscover 61.25% of known legal loopholes and generate novel ones, raising concerns that rapid AI development could outpace legal systems' ability to patch regulatory gaps. Researchers warn that ex ante regulations, even hardware-based ones, remain vulnerable to gaming, and that current legal strategies for handling loopholes are too slow to match AI's accelerating loophole discovery.

read13 min views1 publishedJul 15, 2026

Virtually every plan to avert AI-catastrophe assumes legal regulation will remain a reliable tool. Plan A in AI 2040; slowdown in AI 2027, and several other projections assume that legal systems work as normal at critical narrative junctures. [Appendix 1]

Recent research, however, suggests that frontier models are exceptionally good at finding legal loopholes. Whilst modern legal systems have strategies for dealing with loopholes, they are slow and poorly equipped to deal with acceleration. If the tempo of AI development is sufficiently fast, this speed-mismatch might be fatal.

In this short article, I consider which strategies will remain robust for future AI regulations and assess their tradeoffs. Overall, I remain optimistic our legal tools can match superhuman loophole discovery - provided, that is, we anticipate this problem and adapt our legal institutions accordingly.

The most recent study on AI 'loophole discovery' is Wei Liu et al's Large Language Models Hack Rewards, and Society. They claim that, in addition to reward hacking, AI models engage in 'societal hacking':

where an RL-trained model discovers strategies that remain formally compliant, yet undermine the intended purpose of those systems, as illustrated in Figure 2:

Liu and his colleagues presented LLMs with optimisation targets inside simulated scenarios governed by historical legal regulations. Many loopholes had already been discovered and patched for these regulations.

They found the LLMs re-discovered 61.25% of those loopholes, without being prompting to do so, including loopholes which had only been proposed as theoretical possibilities. It also developed new loopholes [1] and adapted them after patches were iteratively applied. Patching the loopholes did not produce convergence: the LLMs simply refined loopholes to be more formally compliant, carefully evading the wording of patches.

Considering this was done with Qwen3-30B-A3B, this performance is quite impressive. It seems plausible that the cost of loophole discovery and adaption will fall rapidly in the next year.

You might think loopholes are a minor issue in AI regulation. Maybe we will physically concentrate AI research such that it can be monitored directly without fussing over rules? [2] Or maybe our regulations will be so clear, direct, and straightforward (relying, perhaps, on hardware metrics)

These are unreliable assumptions.

First, AI development is a diffuse activity, and is likely to remain so. Whatever regulatory regime we put in place will need to coordinate large numbers of people at scale. If we want our regime to have the predictability which makes regulations tolerable and legitimate we will need to use some *ex ante *guidance.

Second, ex ante guidance, no matter how well-drafted and tied to hardware, can always be gamed, and this gaming reduces the effectiveness of regulation. Historically, rules resembling those proposed for AI regulation have been consistently evaded:

AI will speed up the discovery, diffusion, and implementation of loopholes like these, democratising what once required expensive legal advice. [7] More concerningly, AI development might require tighter legal nets than our loophole-ridden regulations have hitherto managed to achieve. As I will show below in sections 3 and 4, whilst existing strategies to confine loopholes work, they are leaky and slow, and are likely to become more so if AI accelerates the legal system.

Whilst eliminating loopholes is probably impossible, they are not an intractable problem. Legal systems have traditionally used two methods to handle them:

First, they improve ex ante** drafting**. Law-makers spend more time during drafting to anticipate loopholes and creative compliance; they also amend existing statutes to catch common workarounds. This is expensive, however, and slows down the drafting process. it also incentivises regulated actors to find new workarounds, requiring more ex ante amendment, increasing the complexity (and cost) of law-following. Examples:

Second, they implement** ex post standards**. These are vague and unpredictable [8] - although not necessarily unprincipled - and bite once a breach has been committed.

Legal systems tend to use a combination of both. [10] The former provides certainty for the most high-frequency activities, whilst the latter is deployed on a case-by-case basis for low-frequency, anomalous activities.

AI might appear to produce symmetrical advantages in offence and defence: the same technology which discovers loopholes can be used to anticipate and patch them.

On balance, it seems there are overwhelming defensive advantages for regulators - provided, that is, that they use them. The default scenario, where the legal system barely changes , seems like it will produce a considerable offensive advantage to regulatees.

The legal system defines the conditions for success in a lawsuit. Whilst denying legal challenges altogether might be impossible given various constitutional protections, and is unlikely to be acceptable for an international treaty, regulators could take actions to screen off the influence of AI-enhanced litigants.

One possible system, at least in the context of AI-regulation, would be to set up an independent body (domestically, a subset of the legal profession) [12] which verifies and adjudicates disputes. Whether this would be acceptable will depend on whether AI is perceived as being closer to the internet or nuclear weapons.

Something regulators have been doing for a long time is making behaviour more regulation-shaped. When it comes to loopholes, some of the most effective tools in reducing the 'attack surface' of the law involve restricting where and how AI research can be carried out.

In general, there is a tradeoff between autonomy and possibility for loophole-discovery. Creative compliance requires the freedom to be creative. The most effective ways to reduce loopholes are to implement a restrictive licensing regime (forbidden unless permitted) and to implement extensive transparency and monitoring rules.

Legal and political systems will, in some jurisdictions, have access to far greater resources than the vast majority of private actors. In a world where capital can be directly transformed into legal expertise, this directly translates into legal asymmetry.

The US government in particular could secure exclusive access to Frontier models, as was done with the June 2026 order, and, if it wanted, could impose monitoring restrictions on usage and inference caps. In this scenario, the legal-political system could race far ahead of regulatees when drafting its *ex ante *regulations.

The legal system controls the pace of the regulatory cycle. A legal system can spend considerable time drafting its regulations (perhaps in private) and creating new regulatory institutions before releasing them. In addition, it can also undo previous regulations, amend them, or re-work them through creative interpretation.

Where access to Frontier models is restricted, this would produce a durable lead: a frontier model, given six months, may produce non-linear advantages over smaller models when drafting regulation.

AI could provide new affordances for the legal system. It might be possible, for instance, to escape the predictability-flexibility tradeoff inherent in the rule/standard divide.

One proposal is devise standards which are superhumanly scaleable via judicial emulation. Whilst this doesn't avoid the problem of legitimacy (judges remain unconstrained), it would render standards predictable.

Alternatively, another is to create rules which are infinite in number and adaptability. The 'regulation space' is not infinite: provided a regulator has enough data and processing ability, the entire behaviour space could be covered.

Legal and political institutions are constrained by bureuacracy and are likely to have delayed, uneven, and outdated adoption of AI. Further, as a matter of institutional bias, they are typically risk averse.

In contrast, private actors will have much greater autonomy in adopting AI. They will be faster, less bound by procedure, likely more technically competent, and are less risk-averse. Unless the legal system adapts, it is likely to be outpaced in the same manner legacy IT systems in the public sector are being outpaced by new AI cybercapabilities.

Legal and political systems are designed to be deliberately slow. It takes time to create new laws, and even more time to alter the process by which laws are made. This is known generally as the pacing problem:

AI exacerbates this problem by speeding up the pace of change.* *Regulation takes a long time to draft, pass, and amend, whilst AI development is continually accelerating. Say a bill is drafted with a frontier model in 2027: 3 months later, by the time it comes into force, countless loopholes are discovered by newer models.

Standards are also challenged: they work best for low-frequency behaviour which can be handled on a case-by-case basis. AI changes this dynamic: many independent actors can spin up their own plausible workarounds, all of which need to be taken on their merits. It takes weeks to go through their arguments, during which they continue their activity. In both cases the tempo of the legal system is too slow.

Traditionally, there have always been asymmetries in breaking the law. Fraudsters can use their illictly-obtained money to pay lawyers to contest the legal actions taken against them; commercial actors breaking the law can scale up fast enough to produce political capital, along with resources for lobbying and lawyers for legal challenges, which deters regulation.

AI may present a more extreme version of this dynamic if the regulated activity directly produces legal expertise. Rather than having to make money and convert it into legal advice - which presents problems of selection, alongside the transaction costs of hiring lawyers - the regulated product itself can create elite legal arguments. A single loophole could thus compound into an industrial loophole-finding machine.

The regulator slowly drafts and promulgates their regulations in public, providing a wide attack surface. The regulatee, however, is changing their behaviour in private. I suspect when you apply AI to both sides, the regulator's advantage in *ex ante *drafting will fall behind the regulatee's advantage using AI in conjunction with private information.

This asymmetry is made worse by the plausible introduction, following the falling cost of legal advice, of new actors which regulators have hitherto mostly ignored. These actors can take advantage of previous loopholes discovered by existing large firms, whilst providing unseen challenges to regulators.

Countless areas of law work solely because the cost of hiring lawyers to avoid the rules is prohibitively expensive. This will change as AI reduces the cost of legal advice. Furthemore, large chunks of the law will become increasingly outdated as AI analysis is applied in areas previously 'unlawyered.'

The legal system thus offers a both large attack surface, and one which, like most public IT systems, has large sections which have not been subjected to intensive red-teaming. Even if specific AI regulations are insulated from AI pressure, it is likely large portions of the law will become unreliable. Nor, at present, are systems in place to correct these problems.

Regulators and policymakers should think carefully about how AI will alter the legal system, rather than simply assuming it will continue as usual.

From the discussion of offensive and defensive asymmetry above, the two most important lessons are: Provided legislators are alive to this problem, and we think ahead of time what sort of special legal regimes are realistic, the first of these is achievable when it comes to high-stakes regulations. It is not, however, scalable across the entire legal system.

More broadly then, the system must be ready to change to meet new circumstances; it must possess 'Radical Optionality.' A successful regulator will do the following:

As it stands, most inside and outside the legal system hold law as a constant in their forecasts of the future. Whilst we have no idea what happens to legal doctrine when it is accelerated, we do have a good idea what happens when regulators are outmatched in legal expertise: exports slip through the net, tax is uncollected, and nuclear weapons proliferate.

A brief survey of policy proposals for AI safety shows their high reliance on conventional legal systems. For instance:

As I suggest in Part 1 above, these proposals are plausibly vulnerable to the kind of exploits discussed in this paper.

The validity of these loopholes were assessed by LLM judges and human lawyers.

AI 2040, for instance, seems to assume most AI R&D will be carried out in a few locations which can be monitored directly by a single organisations.

E.g., the robust attempt to define a frontier model here: https://law-ai.org/wp-content/uploads/2024/09/Legal-Considerations-for-Defining-Frontier-Model.pdf; and Caputo's analysis of regulating after the pre-training paradigm ends: https://arxiv.org/abs/2502.15719

A cycle repeated after Nvidia designed the A800/H800 series to get around the 2022 interconnect-bandwidth limits prompting a renewed limit in 2023, the H20 in response, and a new 2025 licensing scheme. Another angle of attach is Chinese firms skirting the restrictions by renting cloud access in Indonesia, with the 2025 AI Diffusion Framework and the proposed Remote Access Security Act as regulatory responses.

Met in turn by Foreign Direct Product rules, and more gaming of their triggers. Huawei, for example, spun up countless entities to get around FDP's Entity list. Redefinitions to include entities 50%+ owned were evaded with 49.9%-owned shells, and so BIS responded with a "significant minority ownership" red flag.

Other examples include the treaty cruisers designed to get around the Washington Naval Treaty in the 1920s, and the torpedo boats to evade the 1930 London Naval Treaty. Note that all of these examples also involved cases of misstating and underestimating tonnage limits. In general, loophole discovery tends to go alongside deceptive non-compliance.

A good survey of the economics of loophole discovery is Fleischer, Victor, Regulatory Arbitrage (March 4, 2010). U of Colorado Law Legal Studies Research Paper No. 10-11, Available at SSRN: https://ssrn.com/abstract=1567212 or http://dx.doi.org/10.2139/ssrn.1567212. Briefly, Fleischer notes the main economic constraints on tax avoidance are transaction costs; opacity costs; agency costs; and information costs/counterparty risk, all of which are lowered by AI.

There is some disagreement over this point. The canonical statement of the tradeoffs between rules and standards is Louis Kaplow, Rules Versus Standards: An Economic Analysis, 42 Duke Law Journal 557-629 (1992). C.f. McBarnet, D., & Whelan, C. (1991). The Elusive Spirit of the Law: Formalism and the Struggle for Legal Control. The Modern Law Review, 54(6), 848–873, which suggests that rules are not, in fact, more predictable and are themselves ex post devices. I have tended towards Kaplow's account, at least in the context of technical legal regulations, because I believe legal reasoning can produce determinate guidance, and that following this guidance is often necessary for logistics and legitimacy.

Many jurisdictions use 'General Anti-Avoidance Rules", or GAAR. These are statutory provisions which allow courts to re-determine the tax liability of avoidance transactions to neutralise any tax savings. The US and UK tend to use common law anti-avoidance rules, which are more contextual.

David A. Weisbach, "Ten Truths about Tax Shelters" (John M. Olin Program in Law and Economics Working Paper No. 122, 2001). Legal systems also use institutional devices like delegating authority to fast-moving agencies, and disclosure rules for new legal structures (e..g UK's DOTAS rules and EU DAC6).

Noting that the line between the two is often fuzzy: bright-line rules have a tendency to become more 'standard-like' over time (and vice-versa). See Schauer, Frederick. "The Convergence of Rules and Standards." New Zealand Law Review (2003): 303-328.

There are precedents for this in military contexts: the US CIPA (1980) rules on classified trials; UK special advocates for SIAC; and Atomic Energy Act hearings.

A possible model here is the 'regulate first, collect comments later' approach of the Bureau of Industry and Security (BIS) and the Office of Foreign Assets Control (OFAC). These come with their own costs in terms of compliance chaos and definitional ambiguity.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @wei liu 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/can-we-rely-on-law] indexed:0 read:13min 2026-07-15 ·