Access

EU to propose new rules and app to protect children online

The European Commission is taking significant steps to create a safer online environment for children by introducing draft guidelines under the Digital Services Act. These guidelines aim to ensure that online platforms accessible to minors maintain a high level of privacy, safety, and security.

The draft guidelines propose several key measures to safeguard minors online. These include verifying users’ ages to restrict access where appropriate, improving content recommendation systems to reduce children’s exposure to harmful or inappropriate material, and setting children’s accounts to private by default.

Additionally, the guidelines recommend best practices for child-safe content moderation, as well as providing child-friendly reporting channels and user support. They also offer guidance on how platforms should govern themselves internally to maintain a child-safe environment.

These guidelines will apply to all online platforms that minors can access, except for very small enterprises, and will also cover very large platforms with over 45 million monthly users in the EU. The European Commission has involved a wide range of stakeholders in developing the guidelines, including Better Internet for Kids (BIK+) Youth ambassadors, children, parents, guardians, national authorities, online platform providers, and experts.

The inclusive consultation process helps ensure the guidelines are practical and comprehensive. The guidelines are open for feedback until June 10, 2025, with adoption expected by summer.

Meanwhile, the Commission is creating an open-source age-verification app to confirm users’ age without risking privacy, as a temporary measure before the EU Digital Identity Wallet launches in 2026.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Japan approves preemptive cyberdefence law

Japan’s parliament has passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Instead of reacting only after incidents, this law lets the government take preventive steps to counter threats before they escalate.

Operators of vital infrastructure, such as electricity and railway companies, must now report cyber breaches directly to the government. The shift follows recent cyber incidents targeting banks and an airline, prompting Japan to put a full framework in place by 2027.

Although the law permits monitoring of IP addresses in communications crossing Japanese borders, it explicitly bans surveillance of domestic messages and their contents.

A new independent panel will authorise all monitoring and response actions beforehand, instead of leaving decisions solely to security agencies.

Police will handle initial countermeasures, while the Self-Defense Forces will act only when attacks are highly complex or planned. The law, revised to address opposition concerns, includes safeguards to ensure personal rights are protected and that government surveillance remains accountable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump seals $200 billion UAE AI deal

US President Donald Trump has secured €179 billion ($200 billion) in deals with the United Arab Emirates, capping his Persian Gulf tour with plans for the world’s largest AI campus outside the US.

Located in Abu Dhabi and spanning 10 square miles, the facility will be built by UAE-based firm G42 in partnership with American companies, aimed at boosting regional computing capacity while supporting the Global South.

Instead of focusing solely on energy, Trump’s trip saw investments broaden to include AI, aviation, and industrial sectors. In total, his visit to the Gulf states yielded €1.3 trillion ($1.4 trillion) in investment pledges, including major agreements with Saudi Arabia and Qatar.

Gulf leaders are using AI as a vehicle to diversify their economies, while Trump is turning foreign capital into support for US manufacturing and tech exports.

The UAE deal includes plans to import up to 500,000 Nvidia H100 AI chips annually through 2027, with 20% allocated to G42. US officials, however, continue to express concern over potential Chinese access to advanced American technology.

The US Department of Commerce insists that strict safeguards are in place to prevent any misuse or diversion of AI hardware.

Other agreements include a $14.5 billion aircraft purchase by Etihad Airways from Boeing and GE Aerospace, a $60 billion energy partnership with ADNOC, and aluminium and gallium production deals with Emirates Global Aluminum.

Trump’s push to expand American business influence in the Gulf appears to be paying off, instead of letting China or Europe dominate future AI and industrial markets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta’s Behemoth AI model faces setback

Meta Platforms has postponed the release of its flagship AI model, known as ‘Behemoth,’ due to internal concerns about its performance, according to a report by the Wall Street Journal.

Instead of launching as planned, engineers are struggling to deliver improvements that would meaningfully advance the model beyond earlier versions.

Behemoth was originally scheduled for release in April to coincide with Meta’s first AI developer conference but was quietly delayed to June. The latest update suggests the launch has now been pushed to autumn or later, as internal doubts grow over whether it is ready for public deployment.

In April, Meta previewed Behemoth under the Llama 4 line, calling it ‘one of the smartest LLMs in the world’ and positioning it as a teaching model for future AI systems. Instead of Behemoth, Meta released Llama 4 Scout and Llama 4 Maverick as the latest iterations in its AI portfolio.

The delay comes amid intense competition in the generative AI space, where rivals like Google, OpenAI, and Anthropic continue advancing their models. Meta appears to be opting for caution instead of rushing an underwhelming product to market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI launches AI safety hub

OpenAI has launched a public online hub to share internal safety evaluations of its AI models, aiming to increase transparency around harmful content, jailbreaks, and hallucination risks. The hub will be updated after major model changes, allowing the public to track progress in safety and reliability over time.

The move follows growing criticism about the company’s testing methods, especially after inappropriate ChatGPT responses surfaced in late 2023. Instead of waiting for backlash, OpenAI is now introducing an optional alpha testing phase, letting users provide feedback before wider model releases.

The hub also marks a departure from the company’s earlier stance on secrecy. In 2019, OpenAI withheld GPT-2 over misuse concerns. Since then, it has shifted towards transparency by forming safety-focused teams and responding to calls for open safety metrics.

OpenAI’s approach appears timely, as several countries are building AI Safety Institutes to evaluate models before launch. Instead of relying on private sector efforts alone, the global landscape now reflects a multi-stakeholder push to create stronger safety standards and governance for advanced AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TikTok adds AI tool to animate photos with realistic effects

TikTok has launched a new feature called AI Alive, allowing users to turn still images into dynamic, short videos. Instead of needing advanced editing skills, creators can now use AI to generate movement and effects with a few taps.

By accessing the Story Camera and selecting a static photo, users can simply type how they want the image to change — such as making the subject smile, dance, or tilt forward. AI Alive then animates the photo, using creative effects to produce a more engaging story.

TikTok says its moderation systems review the original image, the AI prompt, and the final video before it’s shown to the user. A second check occurs before a post is shared publicly, and every video made with AI Alive will include an ‘AI-generated’ label and C2PA metadata to ensure transparency.

The feature stands out as one of the first built-in AI image-to-video tools on a major platform. Snapchat and Instagram already offer AI image generation from text, and Snapchat is reportedly developing a similar image-to-video feature.

Meanwhile, TikTok is also said to be working on adding support for sending photos and voice messages via direct message — something rival apps have long supported.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Seattle startup ElastixAI raises $16 million for AI inference tech

A stealthy new AI startup in Seattle, ElastixAI, has raised $16 million to build technology that aims to reduce the cost and complexity of running large language models.

Rather than focusing on training, the company is developing an AI inference platform to optimise how these models operate, whether on cloud servers or edge devices. The funding round is led by Bellevue-based venture capital firm FUSE, with support from several others.

ElastixAI is led by CEO Mohammad Rastegari, formerly CTO of Xnor, a startup acquired by Apple in 2020. He co-founded the company with Saman Naderiparizi, also ex-Apple and Xnor, and Mahyar Najibi, who worked at both Apple and Waymo.

The team’s background in AI hardware and software gives them a unique edge in addressing challenges at a stage where AI models generate responses from trained data.

Instead of building a one-size-fits-all solution, the startup’s platform is designed for flexibility, allowing customers to fine-tune infrastructure to specific needs. ‘We saw a gap in delivering scalable and low-cost inference,’ said Rastegari.

The company remains in stealth but says its platform could serve both hyperscalers and enterprises looking to integrate AI into everyday operations.

With other players like Nvidia and Fireworks.ai competing in the inference space, ElastixAI may even count some of them as future customers.

Rastegari and Naderiparizi are also affiliate assistant professors at the University of Washington, and their startup reflects Seattle’s growing reputation as a hub for advanced AI development — a trend Apple has helped shape with several acquisitions in the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Valve denies Steam data breach

Valve has confirmed that a cache of old Steam two-factor authentication codes and phone numbers, recently circulated by a hacker known as ‘Machine1337’, is indeed real, but insists it did not suffer a data breach.

Instead of pointing to its own systems, Valve explained that the leak involves outdated SMS messages, which are typically sent unencrypted and routed through multiple providers. These codes, once valid for only 15 minutes, were not linked to specific Steam accounts, passwords, or payment information.

The leaked data sparked early speculation that third-party messaging provider Twilio was the source of the breach, especially after their name appeared in the dataset. However, both Valve and Twilio denied any direct involvement, with Valve stating it does not even use Twilio’s services.

The true origin of the breach remains uncertain, and Valve acknowledged that tracing it may be difficult, as SMS messages often pass through several intermediaries before reaching users.

While the leaked information may not immediately endanger Steam accounts, Valve advised users to remain cautious. Phone numbers, when combined with other data, could still be used for phishing attacks.

Instead of relying on SMS for security, users are encouraged to activate the Steam Mobile Authenticator, which offers a more secure alternative for account verification.

Despite the uncertainty surrounding the source of the breach, Valve reassured users there’s no need to change passwords or phone numbers. Still, it urged vigilance, recommending that users routinely review their security settings and remain wary of any unsolicited account notifications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use fake PayPal email to seize bank access

A man from Virginia fell victim to a sophisticated PayPal scam that allowed hackers to gain remote control of his computer and access his bank accounts.

After receiving a fake email about a laptop purchase, he called the number listed in the message, believing it to be legitimate. The person on the other end instructed him to enter a code into his browser, which unknowingly installed a program giving the scammer full access to his system.

Files were scanned, and money was transferred between his accounts—all while he was urged to stay on the line and visit the bank, without informing anyone.

The scam, known as a remote access attack, starts with a convincing email that appears to come from a trusted source. Instead of fixing any problem, the real aim is to deceive victims into granting hackers full control.

Once inside, scammers can steal personal data, access bank accounts, and install malware that remains even after the immediate threat ends. These attacks often unfold in minutes, using fear and urgency to manipulate targets into acting quickly and irrationally.

Quick action helped limit the damage in this case. The victim shut down his computer, contacted his bank and changed his passwords—steps that likely prevented more extensive losses. However, many people aren’t as fortunate.

Experts warn that scammers increasingly rely on psychological tricks instead of just technical ones, isolating their victims and urging secrecy during the attack.

To avoid falling for similar scams, it’s safer to verify emails by using official websites instead of clicking any embedded links or calling suspicious numbers.

Remote control should never be granted to unsolicited support calls, and all devices should have up-to-date antivirus protection and multifactor authentication enabled. Online safety now depends just as much on caution and awareness as it does on technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!