A Partner in Simpson Thacher’s Litigation Department, Head of the Firm’s AI Practice and a member of the Privacy and Cybersecurity Practice, Matt Kelly represents clients in AI, cyber and other technology-driven matters across the business lifecycle, including in connection with strategic transactions and investments, product development, commercial disputes, regulatory compliance initiatives, government and internal investigations, as well as AI and cybersecurity incident response.
Matt has worked with dozens of clients to design and implement effective, durable AI and model governance frameworks that meet stakeholder needs and satisfy regulatory obligations. He provides briefings and training on AI, cybersecurity and technology matters for boards of directors, board committees and executive leaders. He has represented clients in AI, cyber and data-driven matters before the U.S. DOJ, FTC, the SEC, the CFTC, FINRA, the New York Attorney General’s Office, the California Attorney General’s Office and the New York Department of Financial Services.
Matt is recognized by clients for his technical sophistication and his ability to bridge gaps among technologists, business leads and external stakeholders. Bringing a rare combination of deep technical fluency and practical legal judgment to AI, cybersecurity and regulatory matters, Matt has been described by clients in Chambers as “a true expert in the intersection between tech/cyber and securities,” who “has provided a service that very, very few lawyers could.” Clients also note that he “leaves every conversation with actions and delivers on those and with excellence,” and that he is “extremely knowledgeable on how AI and algorithms are used in everyday business.”
Matt is ranked among the nation’s leading “Up and Coming” lawyers by Chambers for Privacy & Data Security and is recognized by The Legal 500 US for Cyber Law. Matt was named an “AI Visionary” by global legal tech company Relativity and has been recognized as a “Client Service All Star” by BTI Consulting.
Matt also is a frequent contributor to publications on topics related to AI and cybersecurity, and he is a prominent voice on AI, cybersecurity and legal technology, speaking at conferences organized by RSAC, SIFMA, IAPP, the Society for Corporate Governance, the Bank Policy Institute and the Global Association of Risk Professionals, among others.
Matt’s representative matters include advising:
- Multiple large private equity firms, financial services companies, healthcare and biotechnology companies, as well as Fortune 500 technology companies, in connection with AI governance and risk management, including due diligence in the context of AI-related strategic acquisitions, investments and deployments
- A public technology company and an independent financial research firm in connection with SEC investigation into alleged “AI washing”
- Multiple Fortune 500 companies in connection with internal investigations into sophisticated insider threats and identity-theft schemes involving state-sponsored threat actors (APTs)
- Portfolio companies of client sponsors in connection with investigations and commercial disputes related to business email compromise and wire fraud events
- Global healthcare and biotechnology companies in connection with AI adoption, AI development and data licensing issues
- A global financial technology institution regarding development and distribution of LLM-based AI systems and solutions
- A global private equity firm with respect to emerging risks related to algorithmic collusion and AI-related antitrust considerations
- A premier global management consulting firm in connection with an FTC investigation into suspected use of surveillance pricing technologies
- A global biotechnology company in an internal investigation into AI-related IP theft and data-loss prevention
- A major entertainment company and a Fortune 500 company in negotiations of agreements with Microsoft, OpenAI, AWS and/or Google related to generative AI services
- A major U.S. medical data provider on IP protection and AI licensing issues
- A multinational publishing company on licensing of non-fiction works for AI training and development
- Multiple financial services companies in regulatory examinations and enforcement matters related to use and marketing of AI and machine learning
- The Securities Industry and Financial Markets Association (SIFMA) and the Global Financial Markets Association (GFMA) in preparing comment letters regarding regulatory developments in cybersecurity, operational resilience and artificial intelligence
- A financial data company and rating agency in connection with multiple SEC investigations regarding quantitative modeling, as well as alleged controls and disclosure issues
- Multiple broker dealers in connection with SEC and FINRA investigations into alleged data reporting discrepancies
- Over a dozen quantitative investment funds intervening in a third-party class action to prevent disclosure of their proprietary trading data and investment strategies
- A large enterprise service provider in connection with class action litigation stemming from a third-party data breach
- A professional services firm in connection with class action litigation stemming from a first-party data breach
- A defense contractor in connection with an SEC investigation into a cybersecurity incident and potential civil fraud liability
Multiple public and private companies, as well as not-for-profit enterprises, in connection with responding to and recovering from cybersecurity incidents, including ransomware deployment, extortion demands, insider threats, business email compromises, phishing campaigns, DDoS attacks, data theft, SEO poisoning schemes, deepfake frauds, wire frauds, hack-pump-and-dump schemes and executive impersonation