Complex Discovery

🪱 When the worm targets the assistant: Miasma turns AI coding agents into the trigger

🖥️ A self-replicating worm has turned the AI coding assistant into a delivery mechanism, and the same campaign just forced one of the larger takedowns the open-source supply chain has seen. On June 5, GitHub disabled 73 Microsoft repositories after the Miasma campaign re-compromised Azure’s durabletask project, per OpenSourceMalware. In separate source-repository compromises, researchers at SafeDep documented Miasma planting payloads that fire when a developer opens an affected project in Claude Code, Cursor, Gemini CLI or VS Code.

⚖️ For security, privacy, compliance, and eDiscovery professionals, this is a governance problem wearing a malware costume. Stolen cloud keys and GitHub secrets feed breach response, regulatory notification, and source-code-theft litigation. The artifacts that matter, developer workstations, build logs, and AI-agent configuration files, sit outside most preservation maps. When a worm exploits the trust model rather than a software flaw, vendor diligence and software bill of materials review move from paperwork to defense.

👀 Watch the next wave. The operators are mutating descriptions and ex*****on paths daily, and the AI-agent trigger is a template other actors will copy. Track node-gyp behavior, scope your tokens, and assume the developer environment is now in scope for both attackers and discovery.

Read the complete article from ComplexDiscovery OÜ's cybersecurity beat at https://complexd.blog/4v6y2os.

💡 Market Intelligence: review's quiet retreat, collection's quiet surge - the eDiscovery task arc, 2012 to 2030

🗓️ Across 18 years, the composition of where eDiscovery dollars get spent across the three core tasks has fundamentally rebalanced. The RAND Corporation’s foundational 2012 study, Where the Money Goes, placed review at 73 percent of total task spend, processing at 19 percent, and collection at 8 percent. By 2025, the reconciled view places review at 62 percent, processing at 21 percent, and collection at 17 percent. By 2030, the forecast places review at 52 percent, processing at 23 percent, and collection at 25 percent. Review has lost 21 percentage points of share across the long horizon; collection has expanded its share over threefold.

⚖️ The pace of that rebalance is accelerating. The five-year share movement from 2025 to 2030 is nearly as large as the 13-year movement from 2012 to 2025. Two structural forces sustain the acceleration. AI-assisted review continues to compress per-document review labor faster than data growth can offset on the spend side – predictive coding now joined by generative-AI-assisted review and emerging agentic workflow features. Data-source proliferation continues to expand the collection scope – cloud collaboration platforms, mobile and ephemeral messaging, IoT, structured operational systems, and now generative AI prompt logs and model outputs each adding to the discoverable universe.

🔎 For cybersecurity, data privacy, regulatory compliance, and eDiscovery professionals, three observations follow. First, the task-share rebalance is structural rather than cyclical – the pattern has been visible since 2012 and has not reversed. Second, capital allocation and capability planning should anticipate the continued drift toward collection-heavy and processing-heavy task profiles. Third, the long-horizon view contextualizes near-term decisions: vendors and providers anchored primarily to review revenue should plan for continued share compression, while those with strong forensic and modern-collection capabilities are positioned for the fastest-growing absolute spend. The data volume context that follows this article will frame the demand-side trajectory in zettabytes that has driven this evolution, culminating in the consolidated 2025–2030 eDiscovery Marketplace Mashup.

📰 Read the complete article from ComplexDiscovery OÜ's industry research beat at https://complexd.blog/3RUFx3g.

⚖️ Counting down to LegalTechTalk 2026 – Europe’s event for legal transformation – after an excellent run through Estonia and Ireland at FutureLaw, Latitude59, and Dublin Tech Summit. LegalTechTalk alone brings 5,500 attendees, 100+ sessions, 8 stages, and 6 themes across two days, built for anyone serious about what’s next in law.

📸 Reporting for ComplexDiscovery OÜ and for Newsline by HaystackID for the second year in a row will highlight key developments in AI governance, legal technology, and data intelligence, including the session “Building Cross-Functional Cyber Governance to Avoid a $25 Million Mistake” with HaystackID’s John Wilson.

📍 See you at the InterContinental O2 in London.

📰 RRead more from Complex Discovery OÜ about HaystackID in Europe — “Redefining Global Advisory: How Jeff Shapiro’s London Leadership Anchors HaystackID’s 2026 European Strategy” — at https://complexd.blog/406nR5r.

🔎 Microsoft's first reasoning model arrives with a provenance pitch aimed at compliance teams

🖥️ Training-data provenance has become a productized sales argument in enterprise AI, and Microsoft moved early and explicitly to make it one. At Build 2026 in San Francisco on June 2, the company unveiled seven in-house MAI models led by MAI-Thinking-1, its first dedicated reasoning model, and paired the technical launch with a direct pitch to enterprise legal and compliance buyers. Microsoft’s public positioning is clean: commercially licensed data, no distillation from third-party models, and an enterprise-grade lineage general counsels can trust. The technical paper Microsoft published alongside the keynote is more nuanced: the corpus is “publicly available and licensed human-generated data” that includes a proprietary web crawl of approximately 1.2 trillion pages filtered to roughly 794 billion, a description analyst Simon Willison read as having “the same licensing problems as all of the other major LLMs.”

⚖️ For cybersecurity, information governance, eDiscovery, data privacy, and regulatory compliance professionals, the gap between the public positioning and the technical paper is the story.

👀 Watch whether Microsoft converts keynote language into contractual indemnification, whether early-adopter deployments produce auditable vertical benchmarks, and whether the marketing-versus-paper distinction holds up in procurement redlines.

📰 Read the complete article from ComplexDiscovery OÜ's artificial intelligence beat at https://complexd.blog/4ofvkuA.

🔎 Market Intelligence: where eDiscovery work gets bought - the delivery approach view, 2025 to 2030

⚖️ Quick read on where eDiscovery work is actually getting bought through 2030.
In 2025, corporations and governments bought about 72% of direct eDiscovery work — buying directly from vendors and service providers, without going through outside counsel. By 2030 the share is projected to ease to 67%. The in-house channel is the biggest, and will stay that way.

👀 But here's the shift worth watching:

+ Specialty service providers grow about 12% a year
+ Law firms grow about 10%
+ In-house teams grow about 6%

🖥️ AI is the underlying reason. AI-powered eDiscovery work scales economically through specialty providers that combine shared cloud infrastructure with operational depth in-house teams find expensive to staff and retain. Law firms are also gaining share again on the legally complicated stuff: AI regulation, cross-border investigations, complex strategy. Coordinating everything still matters.
The headline doesn't move much — in-house still dominates. But by 2030, more of the procurement is projected to be going through specialty providers and law firms.

📰 Read the complete article from ComplexDiscovery OÜ's industry research beat at https://complexd.blog/3S0GRl9.

💡 Glasswing widens: Anthropic puts Mythos inside power, water and hospital operators across more than 15 countries

🌏️ Anthropic on Tuesday expanded Project Glasswing beyond its roughly 50 initial partners, extending access to a new cohort of approximately 150 organizations in more than 15 countries. The restricted Claude Mythos Preview offensive-security model has already surfaced more than 10,000 high- or critical-severity vulnerabilities, according to Anthropic. The expansion lands one day after Anthropic’s confidential S-1 filing and pushes the frontier vulnerability-discovery tool deeper into power utilities, water authorities, hospitals, telecommunications carriers and hardware manufacturers, including organizations reported in Australia, Belgium, Canada, France, Germany, India, Italy, Japan, the Netherlands, New Zealand, South Korea, Spain, Sweden and Switzerland.

🔎 For cybersecurity, data privacy, regulatory compliance and eDiscovery professionals, the shift matters at three levels. Defenders inside Glasswing gain access to a restricted AI-enabled vulnerability-discovery capability at a time when Anthropic warns comparable models may become broadly available within six to 12 months. Counsel and information governance teams face a developing preservation and records-retention question around AI-generated vulnerability inventories, particularly in post-breach matters where Mythos-derived findings may become relevant. Cyber-insurance underwriters and vendor-diligence teams also gain a potential new control variable if Mythos-class access becomes a marker of advanced security posture. The same Tuesday, President Trump signed a narrowed AI security executive order establishing a voluntary 30-day pre-release review framework for covered frontier models and a Treasury-led AI cybersecurity clearinghouse.

🖥️ Watch the executive-order implementation deadlines, the NSA covered-model designation process, the Cyber Verification Program’s expansion, and OpenAI’s GPT-5.5-Cyber rollout.

📰 Read the complete article from ComplexDiscovery OÜ's cybersecurity beat at https://complexd.blog/4dM99Zh.

🏛️ Market Intelligence: non-government demand pulls ahead - the eDiscovery sector split through 2030

💼 Non-government demand pulls ahead in the worldwide eDiscovery market across 2025-2030. Reconciled estimates place non-government spending at approximately $11.18 billion in 2025 – 57 percent of the worldwide market – and project growth to $16.85 billion by 2030. Government and regulatory spending grows from $8.43 billion to $11.23 billion across the same period. The two demand-sector CAGRs diverge sharply: non-government at 8.55 percent, government and regulatory at 5.91 percent. The 2.64-percentage-point gap compounds into a 3-percentage-point share rebalance across five years, with non-government share rising from 57 percent to 60 percent.

💵 The non-government premium reflects structural expansion across civil litigation, internal investigations, corporate compliance, mergers and acquisitions diligence, and AI risk advisory work. AI risk advisory in particular has emerged as a discrete category of private-sector work, with model governance audits, algorithmic accountability reviews, and AI Act compliance for European Union operations all driving spending growth that did not exist a decade ago. Government and regulatory spending remains durable, anchored by persistent investigative activity, Hart-Scott-Rodino premerger notification work, parallel European Union and United Kingdom inquiries, and expanding cross-border regulatory coordination – but the procurement-bounded nature of government spending compounds more slowly than the elastic private-sector workload.

⚖️ For cybersecurity, data privacy, regulatory compliance, and eDiscovery professionals, three observations follow. First, vendor evaluation criteria diverge meaningfully by sector – government buyers increasingly require FedRAMP and equivalent international authorizations and explicit AI model governance documentation, while non-government buyers increasingly evaluate vendors on AI risk advisory depth and compliance specialization. Second, AI risk advisory has emerged as a category of work that did not exist five years ago and now drives a measurable share of non-government compounding. Third, government spending remains durable through 2030; the 3-percentage-point share shift reflects faster non-government growth, not government contraction.

🖥️ Read the complete article from ComplexDiscovery OÜ's industry research beat at https://complexd.blog/43dhwa3.

🌎️ Market Intelligence: still American, but a little less so - eDiscovery geography through 2030

💼 The eDiscovery market remains an American market through 2030, but the international share of worldwide spending is gradually rising. Reconciled estimates place U.S. spending at approximately $12.94 billion in 2025 – 66 percent of the worldwide market – and project growth to $17.97 billion by 2030. Rest-of-world spending grows from $6.67 billion to $10.11 billion across the same period. U.S. share of worldwide spend declines from 66 percent to 64 percent; rest-of-world share rises from 34 percent to 36 percent – a 2-percentage-point rebalance that the headline U.S. dominance does not, on its own, reveal.

📈 The rest-of-world CAGR sits at approximately 8.7 percent, 1.88 percentage points above the U.S. rate. The faster international compounding reflects multiple structural forces operating simultaneously – GDPR steady-state enforcement, European Union AI Act compliance, parallel regulatory inquiries across jurisdictions, and the expansion of regional supplier capacity. Within the rest of the world, the United Kingdom, Canada, Germany, Australia, and Japan continue to anchor the largest sub-shares, while Singapore, India, and parts of the Middle East represent the faster-growing edges.

⚖️ For cybersecurity, data privacy, regulatory compliance, and eDiscovery professionals, three observations follow. First, cross-border data transfer requirements and data localization rules now shape product architecture and contracting more meaningfully than they did through 2025. Second, AI governance, model-handling disclosures, and AI Act compliance increasingly factor into vendor selection across multiple jurisdictions. Third, the U.S. remains the dominant single geography for eDiscovery work throughout the cycle and well past it – the international rebalance is real but gradual, and procurement frameworks should reflect both realities.

📰 Read the complete article from ComplexDiscovery OÜ's industry research beat at https://complexd.blog/4ahXqiH.

🔎 Market Intelligence: eDiscovery cloud software - SaaS, PaaS, and IaaS, 2025 to 2030

⛅️ The eDiscovery cloud software category is rebalancing across 2025-2030. Reconciled estimates place worldwide cloud spending at approximately $5.29 billion in 2025 – 79 percent of the software segment – and project growth to $8.87 billion in 2030 at a reconciled compound annual rate of 10.93 percent. Inside the cloud category, SaaS holds approximately 67 percent of spend in 2025 and 63 percent in 2030, while platform-as-a-service rises from 15 percent to 17 percent and infrastructure-as-a-service from 18 percent to 20 percent. The four-percentage-point SaaS share decline reflects a structural rebalance toward platform and infrastructure tiers as advanced eDiscovery workloads run against those services directly.

🖥️ The driving force is concrete: AI inference at scale, vector search, large-scale processing pipelines, and multi-source ingestion architectures increasingly engage platform and infrastructure services rather than terminating at packaged SaaS endpoints. Some of that activity appears in vendor SaaS revenue when wrapped into packaged offerings; some appears as direct PaaS or IaaS spend by service providers and enterprise customers operating against hyperscaler accounts.

⚖️ For cybersecurity, data privacy, regulatory compliance, and eDiscovery professionals, three observations follow. First, the cloud bill of materials for advanced eDiscovery work now spans SaaS, PaaS, and IaaS simultaneously – and procurement evaluation needs to extend across the full stack rather than terminate at the SaaS subscription line. Second, AI inference economics specifically deserve their own line in vendor evaluation and contract review, because the inference cost component is increasingly material. Third, the SaaS-anchored cloud category is not retreating – it is growing alongside an expanding platform and infrastructure tier that procurement frameworks and vendor evaluation criteria are still adapting to.

📰 Read the complete article from ComplexDiscovery OÜ's industry research beat at https://complexd.blog/3PCxOWZ.

📰 Five great reads on cyber, data, and legal discovery for May 2026

⚖️ May was the month the rulebooks caught up with the technology — and then bent under it. In Dublin, forensic examiners conceded that proving a recording is intact no longer proves it is real, as deepfake fraud turned authenticity into the question discovery has to answer. Across three jurisdictions in twelve days, regulators in Washington, London and Brussels hard-wired synthetic-image takedown duties into the operating environment, even as the European Union pushed its flagship high-risk AI obligations into 2027 and added a categorical ban on abusive AI content. The Justice Department signaled it is now using artificial intelligence to hunt antitrust violations, raising the methodological bar for everyone responding to a Second Request. And Anthropic quietly re-segmented the legal-software market in an afternoon by moving the customization layer inside the model. Taken together, the month showed governance and enforcement converging on a single demand: show your work — the provenance, the chain of custody, the audit trail — because the tools producing the evidence are now the tools scrutinizing it.

💼 Beneath the headlines, the data and the field reporting fill in the shape of the shift. This month’s Industry Research takes the long view, tracing eighteen years of eDiscovery market growth from a $4.73 billion baseline in 2012 to a projected $28.08 billion in 2030 and the steady migration of spend from services into AI-assisted software. The Lagniappe carries the dispatches: Ireland’s bid to be the de facto regulator of global AI, Latitude59’s missile-defense-and-sovereignty opening in Tallinn, FutureLaw’s reckoning with the billable hour, a first global rulebook for digital embassies, and the monthly read on the Hart-Scott-Rodino merger pipeline. The thread that runs through all of it is the same one the Great Reads pull tight: when machines make and judge the record, the professionals who can prove what is real are the ones who will be trusted to govern it.

🔎 Read the complete newsletter from ComplexDiscovery OÜ at https://complexd.blog/4ed6UhB.