Access

Agentic AI drives a new identity security crisis

New research from Rubrik Zero Labs warns that agentic AI is reshaping the identity landscape faster than organisations can secure it.

The study reveals a surge in non-human identities created through automation and API driven workflows, with numbers now exceeding human users by a striking margin.

Most firms have already introduced AI agents into their identity systems or plan to do so, yet many struggle to govern the growing volume of machine credentials.

Experts argue that identity has become the primary attack surface as remote work, cloud adoption and AI expansion remove traditional boundaries. Threat actors increasingly rely on valid credentials instead of technical exploits, which makes weaknesses in identity governance far more damaging.

Rubrik’s researchers and external analysts agree that a single compromised key or forgotten agent account can provide broad access to sensitive environments.

Industry specialists highlight that agentic AI disrupts established IAM practices by blurring distinctions between human and machine activity.

Organisations often cannot determine whether a human or an automated agent performed a critical action, which undermines incident investigations and weakens zero-trust strategies. Poor logging, weak lifecycle controls and abandoned machine identities further expand the attack surface.

Rubrik argues that identity resilience is becoming essential, since IAM tools alone cannot restore trust after a breach. Many firms have already switched IAM providers, reflecting widespread dissatisfaction with current safeguards.

Analysts recommend tighter control of agent creation, stronger credential governance and a clearer understanding of how AI-driven identities reshape operational and security risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic uncovers a major AI-led cyberattack

The US R&D firm, Anthropic, has revealed details of the first known cyber espionage operation largely executed by an autonomous AI system.

Suspicious activity detected in September 2025 led to an investigation that uncovered an attack framework, which used Claude Code as an automated agent to infiltrate about thirty high-value organisations across technology, finance, chemicals and government.

The attackers relied on recent advances in model intelligence, agency and tool access.

By breaking tasks into small prompts and presenting Claude as a defensive security assistant instead of an offensive tool, they bypassed safeguards and pushed the model to analyse systems, identify weaknesses, write exploit code and harvest credentials.

The AI completed most of the work with only a few moments of human direction, operating at a scale and speed that human hackers would struggle to match.

Anthropic responded by banning accounts, informing affected entities and working with authorities as evidence was gathered. The company argues that the case shows how easily sophisticated operations can now be carried out by less-resourced actors who use agentic AI instead of traditional human teams.

Errors such as hallucinated credentials remain a limitation, yet the attack marks a clear escalation in capability and ambition.

The firm maintains that the same model abilities exploited by the attackers are needed for cyber defence. Greater automation in threat detection, vulnerability analysis and incident response is seen as vital.

Safeguards, stronger monitoring and wider information sharing are presented as essential steps for an environment where adversaries are increasingly empowered by autonomous AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital ID arrives for Apple users

Apple has introduced Digital ID, a new feature that lets users create an identification card in Apple Wallet using information from a US passport.

The feature launches in beta at Transportation Security Administration checkpoints across more than two hundred and fifty airports for domestic travel, instead of relying solely on physical documentation.

It offers an alternative for users who lack a Real ID-compliant card while not replacing a physical passport for international journeys.

Users set up a Digital ID by scanning the passport’s photo page, reading the chip on the back of the document, and completing facial movements for verification.

Once added, the ID can be presented with an iPhone or Apple Watch by holding the device near an identity reader and confirming the request with Face ID or Touch ID. New verification options for in-person checks at selected businesses, apps and online platforms are planned.

The company highlights privacy protection by storing passport data only on the user’s device, instead of Apple’s servers. Digital ID information is encrypted and cannot be viewed by Apple, and biometric authentication ensures that only the owner can present the identity.

Only the required information is shared during each transaction, and the user must approve it before it is released.

The launch expands Apple Wallet’s existing support for driver’s licences and state IDs, which are already available in twelve states and Puerto Rico. Recent months have added Montana, North Dakota and West Virginia, and Japan adopted the feature with the My Number Card.

Apple expects Digital ID to broaden secure personal identification across more services over time.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU investigates Google over potential Digital Markets Act breach

The European Commission has opened an investigation into whether Google may be breaching the Digital Markets Act by unfairly demoting news publishers in search results.

An inquiry that centres on Google’s ‘site reputation abuse policy’, which appears to lower rankings for publishers that host content from commercial partners, even when those partnerships support legitimate ways of monetising online journalism.

The Commission is examining whether Alphabet’s approach restricts publishers from conducting business, innovating, and cooperating with third-party content providers. Officials highlighted concerns that such demotions may undermine revenue at a difficult moment for the media sector.

These proceedings do not imply a final decision; instead, they allow the EU to gather evidence and assess Google’s practices in detail.

If the Commission finds evidence of non-compliance, it will present preliminary findings and request corrective measures. The investigation is expected to conclude within 12 months.

Under the DMA, infringements can lead to fines of up to ten percent of a company’s worldwide turnover, rising to twenty percent for repeated violations, alongside possible structural remedies.

Senior Commissioners stressed that gatekeepers must offer fair and non-discriminatory access to their platforms. They argued that protecting publishers’ ability to reach audiences supports media pluralism, innovation, and democratic resilience.

Google Search, designated as a core platform service under the DMA, has been required to comply fully with the regulation since March 2024.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New York Times lawsuit prompts OpenAI to strengthen privacy protections

OpenAI says a New York Times demand to hand over 20 million private ChatGPT conversations threatens user privacy and breaks with established security norms. The request forms part of the Times’ lawsuit over alleged misuse of its content.

The company argues the demand would expose highly personal chats from people with no link to the case. It previously resisted broader requests, including one seeking more than a billion conversations, and says the latest move raises similar concerns about proportionality.

OpenAI says it offered privacy-preserving alternatives, such as targeted searches and high-level usage data, but these were rejected. It adds that chats covered by the order are being de-identified and stored in a secure, legally restricted environment.

The dispute arises as OpenAI accelerates its security roadmap, which includes plans for client-side encryption and automated systems that detect serious safety risks without requiring broad human access. These measures aim to ensure private conversations remain inaccessible to external parties.

OpenAI maintains that strong privacy protections are essential as AI tools handle increasingly sensitive tasks. It says it will challenge any attempt to make private conversations public and will continue to update users as the legal process unfolds.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New AI platforms approved for Surrey Schools classrooms

Surrey Schools has approved MagicSchool, SchoolAI, and TeachAid for classroom use, giving teachers access through the ONE portal with parental consent. The district says the tools are intended to support instruction while maintaining strong privacy and safety safeguards.

Officials say each platform passes rigorous reviews covering educational value, data protection, and technical security before approval. Teachers receive structured guidance on appropriate use, supported by professional development aligned with wider standards for responsible AI in education.

A two-year digital literacy programme helps staff explore online identity, digital habits, and safe technology use as AI becomes more common in lessons. Students use AI to generate ideas, check code, and analyse scientific or mathematical problems, reinforcing critical reasoning.

Educators stress that pupils are taught to question AI outputs rather than accept them at face value. Leaders argue this approach builds judgment and confidence, preparing young people to navigate automated systems with greater agency beyond school settings.

Families and teachers can access AI safety resources through the ONE platform, including videos, podcasts and the ‘Navigating an AI Future’ series. Materials include recordings from earlier workshops and parent sessions, supporting shared understanding of AI’s benefits and risks across the community.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI credentials grow as AWS launches practical training pathway

AWS is launching four solutions to help close the AI skills gap as demand rises and job requirements shift. The company positions the new tools as a comprehensive learning journey, offering structured pathways that progress from foundational knowledge to hands-on practice and formal validation.

AWS Skill Builder now hosts over 220 free AI courses, ranging from beginner introductions to advanced topics in generative and agentic AI. The platform enables learners to build skills at their own pace, with flexible study options that accommodate work schedules.

Practical experience anchors the new suite. The Meeting Simulator helps learners explain AI concepts to realistic personas and refine communication with instant feedback. Cohorts Studio offers team-based training through study groups, boot camps, and game-based challenges.

AWS is expanding its credential portfolio with the AWS Certified Generative AI Developer – Professional certification. The exam helps cloud practitioners demonstrate proficiency in foundation models, RAG architectures, and responsible deployment, supported by practice tasks and simulated environments.

Learners can validate hands-on capability through new microcredentials that require troubleshooting and implementation in real AWS settings. Combined credentials signal both conceptual understanding and task-ready skills, with Skill Builder’s more expansive library offering a clear starting point for career progression.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Coding meets creativity in Minecraft Education’s AI tutorial

Minecraft Education is introducing an AI-powered twist on the classic first night challenge with a new Hour of AI world. Players explore a puzzle-driven environment that turns early survival stress into a guided coding and learning experience.

The activity drops players into a familiar biome and tasks them with building shelter before sunset. Instead of panicking at distant rustles or looming shadows, learners work with an AI agent designed to support planning and problem-solving.

Using MakeCode programming, players teach their agent to recognise patterns, classify resources, and coordinate helper bots. The agent mimics real AI behaviour by learning from examples and occasionally making mistakes that require human correction to improve its decisions.

As the agent becomes more capable, it shifts from a simple tool to a partner that automates key tasks and reduces first-night pressure. The aim is to let players develop creative strategies rather than resort to frantic survival instincts.

Designed for ages seven and up, the experience is free to access through Minecraft Education. It introduces core AI literacy concepts, blending gameplay with lessons on how AI systems learn, adapt, and occasionally fail, all wrapped in a familiar, family-friendly setting.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hidden freeze controls uncovered across major blockchains

Bybit’s Lazarus Security Lab says 16 major blockchains embed fund-freezing mechanisms. An additional 19 could adopt them with modest protocol changes, according to the study. The review covered 166 networks using an AI-assisted scan plus manual validation.

Whilst using AI, researchers describe three models: hardcoded blacklists, configuration-based freezes, and on-chain system contracts. Examples cited include BNB Chain, Aptos, Sui, VeChain and HECO in different roles. Analysts argue that emergency tools can curb exploits yet concentrate control.

Case studies show freezes after high-profile attacks and losses. Sui validators moved to restore about 162 million dollars post-Cetus hack, while BNB Chain halted movement after a 570 million bridge exploit. VeChain blocked 6.6 million in 2019.

New blockchain debates centre on transparency, governance and user rights when freezes occur. Critics warn about centralisation risks and opaque validator decisions, while exchanges urge disclosure of intervention powers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Qwen relaunch aims to unify Alibaba’s mobile AI ecosystem

Alibaba is preparing a major overhaul of its mobile AI apps, renaming Tongyi as Qwen and adding early agentic features. The update aims to make Qwen resemble leading chatbots while linking AI tools to Taobao and other services. Alibaba also plans a global version once the new design stabilises.

Over one hundred developers are working on the project as part of wider AI investments. Alibaba hopes Qwen can anchor its consumer AI strategy and regain momentum in a crowded market. It still trails Doubao and Yuanbao in user popularity and needs a clearer consumer path.

Monetisation remains difficult in China because consumers rarely pay for digital services. Alibaba thinks shopping features will boost adoption by linking AI directly to e-commerce use. Qwen will stay free for now, allowing the company to scale its user base before adding paid options.

Alibaba wants to streamline its overlapping apps by directing users to one unified Qwen interface. Consolidation is meant to strengthen brand visibility and remove confusion around different versions. A single app could help Alibaba stand out as Chinese firms race to deploy agentic AI.

Chinese and US companies continue to expand spending on frontier AI models, cloud infrastructure, and agent tools. Alibaba reported strong cloud growth and rising demand for AI products in its latest quarter. The Qwen relaunch is its largest attempt to turn technical progress into a viable consumer business.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.