Brand Engagement Network (BNAI) Risk Analysis

The benefits to customers and projected return on investment of our products have not been substantiated through long-term trials or use. We currently have a limited frame of reference by which to evaluate the performance of the products upon which our business prospects depend, and these products may not provide the expected benefits to customers. Our products may not perform consistent with customers' expectations or consistent with other products which may be or may become available. Any failure of our products to perform as expected could harm our reputation and result in adverse publicity, lost revenue, subscription cancellation, harm to our brand, delivery delays, and other expenses and could have a material adverse impact on our business, prospects, financial condition and operating results.

In recent years, there has been significant litigation involving patents and other intellectual property rights in our industry. Companies providing software are increasingly bringing and becoming subject to suits alleging infringement, misappropriation or violation of proprietary rights, particularly patent rights, and to the extent we gain greater market visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation or violation claims. We do not currently have a large patent portfolio, which could prevent us from deterring patent infringement claims through our own patent portfolio, and our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. The risk of patent litigation has been amplified by the increase in the number of a type of patent holder, which we refer to as a non-practicing entity, whose sole or principal business is to assert such claims and against whom our own intellectual property portfolio may provide little deterrent value. We could incur substantial costs in prosecuting or defending any intellectual property litigation. If we sue to enforce our rights or are sued by a third party that claims that our products infringe, misappropriate or violate their rights, the litigation could be expensive and could divert our management resources. Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following: -   cease selling or using products that incorporate the intellectual property rights that we allegedly infringe, misappropriate or violate;-   make substantial payments for legal fees, settlement payments or other costs or damages;-   obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or -   redesign the allegedly infringing products to avoid infringement, misappropriation or violation, which could be costly, time-consuming or impossible. If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.

In the ordinary course of our business, we and the third parties upon which we rely, collect, receive, store, process, generate, use, transfer, disclose, make accessible, protect, secure, dispose of, transmit, and share (collectively, "process") proprietary, confidential, and sensitive data, including personal data (such as health-related data), intellectual property and trade secrets (collectively, "sensitive information"). Our and our third-party vendors' and business partners' information technology systems may be damaged or compromised by malicious events, such as cyberattacks, physical or electronic security breaches, malicious internet-based activity, online and offline fraud, natural disasters, fire, power loss, telecommunications failures, personnel misconduct and human error. Such threats are prevalent and continue to rise, are increasingly difficult to detect, and come from a variety of sources, including internal bad actors, such as employees or contractors (through theft or misuse), or third parties (including traditional computer hackers, "hacktivists," persons involved with organized crime, or sophisticated foreign state or foreign state-supported actors). Cybersecurity threats can employ a wide variety of methods and techniques, which are constantly evolving, and have become increasingly complex and sophisticated; all of which increase the difficulty of detecting and successfully defending against them. We and the third parties upon which we rely are subject to a variety of these evolving threats, including but not limited to social-engineering attacks (including through deep fakes, which may be increasingly more difficult to identify as fake, and phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), credential harvesting, personnel misconduct or error, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss of data or other information technology assets, adware, telecommunications failures, earthquakes, fires, floods, and other similar threats. In particular, severe ransomware attacks are becoming increasingly prevalent - particularly for companies like ours that are engaged in critical infrastructure or manufacturing - and can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Furthermore, because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until after they are launched against a target, we and our third-party vendors and business partners may be unable to anticipate these techniques or implement adequate preventative measures. Remote work has become more common and has increased risks to our information technology systems and data, as more of our employees utilize network connections, computers, and devices outside our premises or network, including working at home, while in transit and in public locations. Additionally, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program. We rely on third-party service providers and technologies to operate critical business systems to process sensitive information in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology, and other functions. We also rely on third-party service providers to provide other products, services, parts, or otherwise to operate our business. Our ability to monitor these third parties' information security practices is limited, and these third parties may not have adequate information security measures in place. Certain of the third parties on which we rely have experienced cybersecurity incidents in the past and may again in the future. We could experience adverse consequences resulting from any security incidents or other interruptions experienced by third-party service providers. While we may be entitled to damages if our third-party service providers fail to satisfy their privacy or security-related obligations to us, any award may be insufficient to cover our damages, or we may be unable to recover such award, and our reputation could be harmed. In addition, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties' infrastructure in our supply chain or our third-party partners' supply chains have not been compromised. We, and the third-party business partners and vendors upon which we rely, have experienced, and may in the future experience, cybersecurity threats, including threats or attempts to disrupt our information technology infrastructure and unauthorized attempts to gain access to sensitive or confidential information. In April 2024, our primary commercial partner and exclusive reseller for the automotive industry, AFG, publicly disclosed that it was the victim of a ransomware attack in the Fall of 2023 prior to entering into the Reseller Agreement. To the extent negative publicity AFG receives from the incident has, or the incident otherwise causes, a material adverse effect on AFG's business or AFG's ability to resell our products, our results of operations and financial condition could suffer. Although prior cyberattacks directed at us have not had a material impact on our financial results, and we are continuing to bolster our threat detection and mitigation processes and procedures, we cannot guarantee that future cyberattacks, if successful, will not have a material impact on our business or financial results. While we have security measures in place designed to protect our information and our customers' information and to prevent data loss and other security incidents, we have not always been able to do so, and there can be no assurance that in the future these measures will be successful. Security incidents could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to our sensitive information or our information technology systems, or those of the third parties upon whom we rely. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our platform and services. We may expend significant resources or modify our business activities to try to protect against security incidents. Certain data privacy and security obligations may require us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our information technology systems and sensitive information. We take steps to detect and remediate vulnerabilities, but we may not be able to detect and remediate all vulnerabilities because the threats and techniques used to exploit the vulnerability change frequently and are often sophisticated in nature. Therefore, such vulnerabilities could be exploited but may not be detected until after a security incident has occurred. These vulnerabilities pose material risks to our business. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. Applicable data privacy and security obligations may require us to provide notice of data security incidents involving certain types of data, including personal data. Such disclosures are costly, and the disclosure or the failure to comply with such requirements could lead to adverse consequences. Actual or perceived breaches of security measures, unauthorized access to our systems or the systems of the third-party vendors that we rely upon, or any other cybersecurity threats may cause us to experience adverse consequences, such as government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing sensitive information (including personal data); litigation (including class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop using our platform and services, deter new customers from using our platform and services, and negatively impact our ability to grow and operate our business. In addition, our reliance on third-party service providers and business partners could introduce new cybersecurity risks and vulnerabilities, including supply-chain attacks, and other threats to our business operations. We rely on third-party service providers and technologies to operate critical business systems to process sensitive data in a variety of contexts, including, without limitation, cloud-based infrastructure, data center facilities, encryption and authentication technology and other functions. Our ability to monitor these third parties' information security practices is limited, and these third parties may not have adequate information security measures in place. Our contracts may not contain limitations on liability. There can be no assurance that any limitations of liability provisions in our contracts or license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any claim. In addition to experiencing a security incident, third parties may gather, collect, or infer sensitive information about us from public sources, data brokers, or other means that reveals competitively sensitive details about our organization and such information could be used to undermine our competitive advantage or market position. Additionally, sensitive information of the Company or our customers could be leaked, disclosed, or revealed as a result of or in connection with our employees', personnels', or vendors' use of generative AI technologies. Any or all of the above issues, or the perception that any of them have occurred, could result in adverse consequences including, but not limited to, business interruptions and diversions of funds, decreased ability to attract new customers, existing customers deciding to terminate or not renew their agreements, reduced ability to obtain and maintain required or desirable cybersecurity certifications, reputational damage, government enforcement actions (for example, investigations, fines, penalties, audits, and inspections), and private litigation (including class claims), any of which could materially adversely affect our results of operations, financial condition, and future prospects. There can be no assurance that any limitations of liability provisions in our license arrangements with customers or in our agreements with vendors, partners, or others would be enforceable, applicable, or adequate or would otherwise protect us from any such liabilities or damages with respect to any claim.

AI is an emerging technology that offers new capabilities which are not fully developed. The development of AI technology is a new and rapidly evolving industry that is subject to a high degree of uncertainty. Factors affecting the further development of the AI industry include, without limitation: -   continued worldwide growth in the adoption and use of AI technology;-   changes in consumer demographics;-   changes in public tastes and preferences;-   the popularity or acceptance of AI technology; and -   government and quasi-government regulation of AI technology, including any restrictions on access, operation and the use of AI. If investments in the AI industry become less attractive to investors, innovators and developers, or if AI technology does not continue to gain public acceptance or are not adopted and used by a substantial number of individuals, companies and other entities, it could adversely affect our business, financial condition and results of operations.

Our results of operations may vary based on the impact of changes in our industry, our target verticals, or the global economy on us, our customers and our strategic partners. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the general economy, including a severe or prolonged economic downturn and/or the impact of increased interest rates and inflation, both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, political turmoil, natural catastrophes, warfare and terrorist attacks on the United States or elsewhere, could cause a decrease in business investments by our customers and potential customers, including spending on information technology, and negatively affect the growth of our business. Such conditions could also limit our ability to raise additional capital when needed on acceptable terms, or at all. To the extent our offerings are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, customers may choose to develop in-house software as an alternative to using our products. Moreover, competitors may respond to market conditions by lowering prices. We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations and financial condition could be adversely affected.

To encourage awareness, usage, familiarity and adoption of our platform and products, we may offer discounts on our pricing models. These strategies may not be successful entering into long-term contracts with company-favorable pricing terms. To the extent that users do not become, or we are unable to successfully attract paying customers, we will not realize the intended benefits of these marketing strategies and our ability to grow our revenue will be adversely affected.

We will become subject to laws and regulations domestically, and potentially worldwide, affecting our operations in areas including, but not limited to, intellectual property, ownership and infringement; data privacy requirements; employment; product regulations; cybersecurity; the responsible use of AI; and consumer laws. Compliance with such requirements can be onerous and expensive, could impact our competitive position, and may negatively impact our business operations and ability to develop and deploy our products. There can be no assurance that our employees, contractors, customers or agents will not violate applicable laws or the policies, controls, and procedures that we have designed to help ensure compliance with such laws, and violations could result in fines and other civil, criminal and administrative actions against us, our officers, or our employees, prohibitions on the conduct of our business, and damage to our reputation. Changes to the laws, rules and regulations to which we are subject, or changes to their interpretation and enforcement, could lead to materially greater compliance and other costs and/or further restrictions on our ability to manufacture and supply our products and operate our business. For example, we may face increased compliance costs as a result of changes or increases in antitrust legislation, regulation, administrative rule making, increased focus from regulators on cybersecurity vulnerabilities and risks, and enforcement activity resulting from growing public concern over concentration of economic power in corporations. The increasing focus on the risks and strategic importance of AI technologies has already resulted in regulatory restrictions that target products and services capable of enabling or facilitating AI and may in the future result in additional restrictions impacting some or all of our product and service offerings. Concerns regarding third-party use of AI for purposes contrary to local governmental interests, including concerns relating to the misuse of AI applications, models, and solutions, could result in unilateral or multilateral restrictions on products that can be used for training, refining, and deploying large language models. Such restrictions could limit the ability of downstream customers and users worldwide to acquire, deploy, and use systems that include our products, software, and services, and negatively impact our business and financial results. Management of changing regulatory requirements is complicated and time consuming. Our results and competitive position may be harmed, especially over the long-term, if there are further changes in certain regulations affecting our business.