Access

Microsoft enters AI-powered 3D modelling race with Copilot 3D

Microsoft has launched Copilot 3D, an AI-powered tool that transforms 2D images into realistic 3D models without requiring specialist skills. Available through Copilot Labs, it aims to make 3D creation faster, more accessible, and more intuitive for global users signed in with a Microsoft account.

The tool supports only image-to-3D conversion, with no text-to-3D capability. Users can upload images up to 10 MB, generate a model, and download it in GLB format. Microsoft states uploaded images are used solely for model generation and are not retained for training or personalisation.

Copilot 3D is designed for applications that range from prototyping and creative exploration to interactive learning, thereby reducing the steep learning curve associated with conventional 3D programs. It can be used on PCs or mobile browsers; however, Microsoft recommends a desktop experience for optimal results.

Tech rivals are also advancing similar tools. Apple’s Matrix3D model can build 3D scenes from images, while Meta’s 3D Gen AI system creates 3D assets from text or applies textures to existing models. Nvidia’s NeRF technology generates realistic 3D scenes from multiple 2D images.

The release underscores growing competition in AI-driven 3D design, as companies race to make advanced modelling tools more accessible to everyday creators.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Black Hat demo reveals risks in hybrid Microsoft environments

Security researcher Dirk-jan Mollema demonstrated methods for bypassing authentication in hybrid Active Directory (AD) and Entra ID environments at the Black Hat conference in Las Vegas. The techniques could let attackers impersonate any synced hybrid user, including privileged accounts, without triggering alerts.

Mollema demonstrated how a low-privilege cloud account can be converted into a hybrid user, granting administrative rights. He also demonstrated ways to modify internal API policies, bypass enforcement controls, and impersonate Exchange mailboxes to access emails, documents, and attachments.

Microsoft has addressed some issues by hardening global administrator security and removing specific API permissions from synchronised accounts. However, a complete fix is expected only in October 2025, when hybrid Exchange and Entra ID services will be separated.

Until then, Microsoft recommends auditing synchronisation servers, using hardware key storage, monitoring unusual API calls, enabling hybrid application splitting, rotating SSO keys, and limiting user permissions.

Experts say hybrid environments remain vulnerable if the weakest link is exploited, making proactive monitoring and least-privilege policies critical to defending against these threats.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

University of Western Australia hit by password breach

The University of Western Australia has ordered a mass password reset for all staff and students after detecting unauthorised access to stored password data.

The incident was contained over the weekend by the university’s IT and security teams, who then moved to recovery and investigation. Australian authorities have been notified.

While no other systems are currently believed to have been compromised, access to UWA services remains locked until credentials are changed.

The university has not confirmed if its central access management system was targeted.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI-powered heist drains $1m from crypto wallets via Firefox add-ons

Hackers have stolen over $1 million in cryptocurrency using AI-generated malicious Firefox extensions disguised as legitimate wallet tools.

The group, known as GreedyBear, created over 150 fake add-ons for platforms like MetaMask and Phantom, bypassing security checks to drain funds from thousands of users. Analysts say AI enabled the attackers to automate coding and deployment at an industrial scale.

The theft comes amid a record-breaking year for crypto crime, with Chainalysis data showing over $2.17 billion stolen so far in 2025. Many incidents exploit smart contract flaws and human error, with access control attacks accounting for the most recent losses.

Security experts warn that AI is now a double-edged sword, helping attackers and defenders. They urge exchanges, developers, and users to adopt AI-powered monitoring, stronger verification, and collaborative defences to restore trust in digital assets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Tesla seeks approval to supply electricity in the UK

Tesla has applied for a licence to supply electricity to homes and businesses across Britain, challenging the dominance of major energy firms. Ofgem could take up to nine months to decide, with operations potentially starting next year.

Known for electric vehicles, Tesla also runs solar and battery storage divisions, with more than 250,000 EVs and tens of thousands of home batteries already sold in the UK. The company’s experience in Texas, where it rewards customers for feeding surplus power to the grid, could inform its UK plans.

The move comes as Tesla’s European car sales decline sharply, with July registrations falling almost 60% in the UK and over 55% in Germany. Increased competition from Chinese manufacturer BYD has added to the pressure.

Tesla has faced public criticism linked to Elon Musk’s political positions, yet the energy push signals a strategic shift towards broader utility services in its key markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Users warned to update WinRAR after active attacks

A critical flaw in the Windows version of WinRAR is being exploited to install malware that runs automatically at startup. Users are urged to update to version 7.13 immediately, as the software does not update itself.

Tracked as CVE-2025-8088, the vulnerability allows malicious RAR files to place content in protected system folders, including Windows startup locations. Once there, the malware can steal data, install further payloads and maintain persistent access.

ESET researchers linked the attacks to the RomCom hacking group, a Russian-speaking operation known for espionage and ransomware campaigns. The flaw has been used in spear-phishing attacks where victims opened infected archives sent via email.

WinRAR’s July update fixes the cybersecurity issue by blocking extractions outside user-specified folders. Security experts recommend caution with email attachments, antivirus scanning of archives and regular checks of startup folders for suspicious files.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek’s efficiency forces OpenAI to rethink closed AI model strategy

OpenAI has released reasoning-focused open-weight models in a strategic response to China’s surging AI ecosystem, led by DeepSeek’s disruptive efficiency. Unlike earlier coverage, the shift is framed not merely as competitive posturing but as a deeper recognition of shifting innovation philosophies.

DeepSeek’s rise stems from maximizing limited resources under the US’s export restrictions, proving that top-tier AI doesn’t require massive chip clusters. The agility has emboldened the open-source AI sector in China, where over 10 labs now rival those in the US, fundamentally reshaping competitive dynamics.

OpenAI’s ‘gpt-oss’ models, which reveal numerical parameters for customization, mark a departure from its traditional closed approach. Industry watchers see this as a hybrid play, retaining proprietary strengths while embracing openness to appeal to global developers.

The implications stretch beyond technology into geopolitics. US export controls may have inadvertently fueled Chinese AI innovation, with DeepSeek’s self-reliant architecture now serving as a proof point for resilience. DeepSeek’s achievement challenges the US’s historically resource-intensive approach to AI.

AI rivalry may spur collaboration or escalate competition. DeepSeek advances models like DeepSeek-MoE, while OpenAI strikes a balance between openness and monetization. Global AI dynamics shift, raising both technological and philosophical stakes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Altman warns of harmful AI use after model backlash

OpenAI chief executive Sam Altman has warned that many ChatGPT users are engaging with AI in self-destructive ways. His comments follow backlash over the sudden discontinuation of GPT-4o and other older models, which he admitted was a mistake.

Altman said that users form powerful attachments to specific AI models, and while most can distinguish between reality and fiction, a small minority cannot. He stressed OpenAI’s responsibility to manage the risks for those in mentally fragile states.

Using ChatGPT as a therapist or life coach was not his concern, as many people already benefit from it. Instead, he worried about cases where advice subtly undermines a user’s long-term well-being.

The model removals triggered a huge social-media outcry, with complaints that newer versions offered shorter, less emotionally rich responses. OpenAI has since restored GPT-4o for Plus subscribers, while free users will only have access to GPT-5.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New Instagram Map lets users share location with consent

Instagram has introduced an opt-in feature called Instagram Map, allowing users in the US to share their recent active location and explore location-based content.

Adam Mosseri, head of Instagram, clarified that location sharing is off by default and visible only when users choose to share.

Confusion arose as some users mistakenly believed their location was automatically shared because they could see themselves on the map upon opening the app.

The feature also displays location tags from Stories or Reels, making location-based content easier to find.

Unlike Snap Map, Instagram Map updates location only when the app is open or running in the background, without providing continuous real-time tracking.

Users can access the Map by going to their direct messages and selecting the Map option, where they can control who sees their location, choosing between Friends, Close Friends, selected users, or no one. Even if location sharing is turned off, users will still see the locations of others who share with them.

Instagram Map shows friends’ shared locations and nearby Stories or Reels tagged with locations, allowing users to discover events or places through their network.

Additionally, users can post short, temporary messages called Notes, which appear on the map when shared with a location. The feature encourages cautious consideration about sharing location tags in posts, especially when still at the tagged place.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UAE Ministry of Interior uses AI and modern laws to fight crime

The UAE Ministry of Interior states that AI, surveillance, and modern laws are key to fighting crime. Offences are economic, traditional, or cyber, with data tools and legal updates improving investigations. Cybercrime is on the rise as digital technology expands.

Current measures include AI monitoring, intelligent surveillance, and new laws. Economic crimes like fraud and tax evasion are addressed through analytics and banking cooperation. Cross-border cases and digital evidence tampering continue to be significant challenges.

Traditional crimes, such as theft and assault, are addressed through cameras, patrols, and awareness drives. Some offences persist in remote or crowded areas. Technology and global cooperation have improved results in several categories.

UAE officials warn that AI and the internet of Things will lead to more sophisticated cyberattacks. Future risks include evolving criminal tactics, privacy threats, skills shortages, and balancing security and individual rights.

Opportunities include AI-powered security, stronger global ties, and better cybersecurity. Dubai Police have launched a bilingual platform to educate the public, viewing awareness as the first defence against online threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!