Artificial intelligence

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

CMA opens Strategic Market Status investigation into Microsoft business software

The UK Competition and Markets Authority has opened a Strategic Market Status investigation into Microsoft’s business software ecosystem, marking another major step in the country’s digital competition regime.

The investigation will examine Microsoft’s position across workplace software products widely used throughout the UK economy, including productivity software, personal computer and server operating systems, database management systems, security software and its growing AI assistant ecosystem, including Copilot. The CMA said more than 15 million commercial users across the UK rely on Microsoft’s software ecosystem.

Regulators will assess whether Microsoft has Strategic Market Status in business software and whether its position may limit customer choice. The CMA said it will examine concerns linked to product bundling, interoperability limits and default settings that could make it harder for businesses and public-sector organisations to switch providers or combine Microsoft tools with competing products.

The authority will also examine how competing AI services can integrate with Microsoft’s business software as workplace tools increasingly incorporate AI and agentic AI functions. The CMA said customers should be able to access software and AI services from a range of suppliers rather than being locked into a single ecosystem.

Cloud competition concerns are also linked to the probe. An SMS designation would allow the CMA to consider targeted interventions related to Microsoft’s software licensing practices, which were previously identified as reducing competition in cloud services.

The CMA will gather evidence from Microsoft, customers, rivals, challenger technology firms and other stakeholders before deciding whether to designate Microsoft with Strategic Market Status. The regulator said the investigation does not assume wrongdoing and that any future interventions would depend on the evidence and relevant legal tests.

Why does it matter?

The investigation shows how digital competition oversight is moving deeper into enterprise software, cloud infrastructure and AI-enabled workplace tools. As products such as Copilot become embedded in systems used by businesses and public services, regulators are increasingly treating interoperability, bundling and switching costs as strategic competition issues rather than narrow technical questions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI integrates Codex into ChatGPT mobile app

OpenAI has integrated Codex into the ChatGPT mobile app, allowing users to monitor and manage agentic coding workflows from iOS and Android devices.

The feature, currently in preview and available across all plans, lets users view live Codex environments, review outputs, approve commands, change models, and start new tasks from their phones. OpenAI said the update is intended to support work across multiple threads and workflows, rather than to control a single task remotely.

Codex is OpenAI’s coding agent for software development, designed to help with tasks such as building features, refactoring code, generating pull requests, testing and documentation. OpenAI describes the Codex app as a command centre for agentic coding, with agents able to work in parallel across projects through worktrees and cloud environments.

The mobile integration aligns with other recent Codex updates, including background operations in desktop environments and a browser extension for live sessions. Together, the updates point to OpenAI’s effort to turn Codex into a persistent development assistant that can continue working across devices and environments.

The move also comes amid growing competition with Anthropic’s Claude Code, which has introduced similar remote-monitoring features. Both companies are competing to make agentic coding tools central to developer workflows, particularly for businesses and technical teams seeking more autonomous software development support.

Why does it matter?

Mobile access makes agentic coding less tied to a single workstation. If developers can review outputs, approve commands and manage parallel coding tasks from a phone, AI coding agents become more like always-on collaborators than occasional coding assistants. The shift could accelerate competition between OpenAI, Anthropic and other AI firms over who controls the next layer of software development workflows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK NAO guide sets AI oversight questions for public bodies

The UK National Audit Office has published a good practice guide for public sector organisations using AI, setting out questions for audit and risk assurance committees overseeing the planning, deployment and scaling of the technology.

The guide draws on NAO findings, the UK government’s AI Playbook and lessons from digital transformation programmes. It advises committees to assess whether organisations are clear on why they are using AI, what risks they need to manage and how responsible adoption will be assured. The NAO says the guide will evolve as AI continues to develop.

AI is already being used across government for fraud and error detection, imaging, document processing, operational management, research and monitoring, text generation, virtual assistants and coding support. The NAO notes that several of these uses may involve personal data, making governance, assurance and data protection especially important.

The guide warns that productivity gains from AI should not be assumed. AI may speed up individual tasks, but those gains do not automatically translate into organisation-wide savings, particularly where work still depends on approvals, governance processes or human judgement.

The NAO also highlights external risks from AI use, including increased demand on public services, more low-quality or repeated submissions, higher fraud risks, cyberattacks and attempts to extract sensitive data. Audit committees are advised to ensure organisations can anticipate, monitor and mitigate such risks.

Key areas for oversight include innovation, AI strategy, leadership and skills, data, security, pilots, scaling, guardrails and workforce culture. The guide says strong digital and AI strategies should be business-led, aligned with organisational priorities, backed by leadership support and supported by clear governance, funding and measurable objectives.

Data quality, accessibility and governance are presented as foundational risks, with weak data affecting model performance, bias, explainability and reliability. The NAO also warns that AI can increase exposure to operational and security risks, including data breaches, model manipulation, supply-chain risk and resilience problems.

Recommended guardrails include acceptable use policies, data protection controls, bias testing, human oversight of automated decisions and clear accountability for AI outcomes. The guide also urges organisations to plan for workforce changes, including new skills needs, role redesign, AI literacy, risks to entry-level learning, overreliance on automation and loss of institutional knowledge.

Why does it matter?

The guide shows that public-sector AI adoption is becoming an audit, governance and accountability issue, not only a technology project. By focusing on oversight questions, the NAO is pushing public bodies to test whether AI projects have clear objectives, reliable data, measurable benefits, security controls and safeguards for staff and citizens before they are scaled.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google outlines AI-driven measures against online scams and fraud

Google has outlined new and existing measures to tackle online scams and fraud ahead of the second EMEA Anti-Scams and Fraud Summit, hosted by the Google Safety Engineering Centre in Zurich.

The company said the summit brings together representatives from governments, technology companies, consumer groups and academia to discuss collective responses to increasingly sophisticated scams. Google said its approach combines AI-driven protections across its products with wider cooperation involving industry and public authorities.

Google highlighted the use of AI-powered systems in services including Gmail, Chrome, Search, Ads and Phone by Google. The company said Gmail blocks more than 99.9% of spam, phishing and malware, while Search filters out hundreds of millions of spam-related pages daily. It also said its systems caught more than 99% of policy-violating ads before they reached users in 2025.

User-facing tools are also part of the company’s anti-scam strategy. Google pointed to Security Checkup, Passkeys, 2-Step Verification, Circle to Search and Google Lens as tools that can help users strengthen account protection and verify suspicious messages or content.

The company also highlighted public awareness and education initiatives, including Be Scam Ready, a game-based programme that uses simulated scam scenarios to help users recognise common tactics. Google said a previous Google.org commitment of $5 million is supporting anti-scam initiatives in Europe and the Middle East, including work by the Internet Society and Oxford Information Labs.

Google also referred to cooperation through the Global Signal Exchange, a threat-intelligence sharing platform for scams and fraud. As a founding partner, Google said it both contributes to and draws from the platform, which now stores more than 1.2 billion signals used to identify and disrupt criminal activity.

The company said it also works with law enforcement agencies, including the UK’s National Crime Agency, and participates in the Industry Accord Against Online Scams and Fraud. Google also pointed to legal actions against scam operations and botnets, including cases involving Lighthouse and BadBox.

Why does it matter?

Online scams are increasingly industrialised, cross-platform and supported by AI-enabled tactics, making them difficult to address through product-level security alone. Google’s approach shows how major technology companies are combining automated detection, user education, threat-intelligence sharing and law enforcement cooperation to respond to fraud. The wider policy issue is how much responsibility large platforms should bear for detecting and disrupting scams before they reach users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Kazakhstan warns AI could displace up to 400,000 jobs

Kazakhstan’s Ministry of Labour and Social Protection has warned that widespread AI adoption could affect between 300,000 and 400,000 jobs over the next decade, highlighting concerns over structural shifts in the labour market.

First Vice-Minister Yerbol Tuyakbayev said the Workforce Development Centre is studying the potential impact of AI on the labour market. He said possible reductions could affect auxiliary and administrative roles, including accounting and some legal positions where tasks do not require direct human involvement.

At the same time, labour officials said demand remains strong for skilled technical and manual professions. The ministry pointed to current vacancies on the Enbek.kz platform and noted continued shortages in occupations requiring specialised practical expertise.

In response, the government has expanded retraining initiatives to help workers move into new roles. Tuyakbayev said around 186,000 people have already completed retraining programmes this year, including through regional initiatives and local centres such as JOLTAP in Astana.

Officials stressed that future employability and wages will depend heavily on qualification levels, as AI continues to reshape job structures and skills requirements across the economy.

Why does it matter?

Kazakhstan’s warning shows how governments are starting to treat AI as a labour-market transition issue, not only a productivity tool. The estimate points to potential pressure on routine administrative and professional roles, while also highlighting the need for retraining systems that can move workers into higher-demand technical and skilled occupations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Microsoft MDASH agentic AI security system tops vulnerability discovery benchmarks

Microsoft has described a multi-model agentic AI security system, codenamed MDASH, designed to support vulnerability discovery and cybersecurity research across complex codebases.

According to Microsoft, the system helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including issues in the Windows TCP/IP stack, IKEv2 services, DNS handling and Netlogon processes. Several of the vulnerabilities were reachable over networks without authentication, the company said.

MDASH was developed by Microsoft’s Autonomous Code Security team and combines more than 100 specialised AI agents with an ensemble of frontier and distilled AI models. The system is structured as a multi-stage pipeline covering code preparation, scanning, validation, deduplication and proof generation.

The publication says the system identified remote code execution flaws, denial-of-service issues, information disclosure vulnerabilities and security feature bypasses. Microsoft also described the use of specialised auditor, debater and prover agents designed to analyse vulnerabilities across multiple files and code paths.

Microsoft said MDASH uses plugins and domain-specific knowledge to support validation and proof-of-concept generation, allowing security experts to add context that foundation models may not capture on their own.

The company also reported benchmark results from internal and public tests. It said MDASH identified all 21 deliberately inserted vulnerabilities in a private test driver with zero false positives in that run, achieved 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% in tcpip.sys, and scored 88.45% on the public CyberGym benchmark.

Microsoft said the system is already being used by its security engineering teams and is being tested with a small group of customers through a limited private preview.

Why does it matter?

MDASH shows how agentic AI is moving into high-value cybersecurity tasks such as vulnerability discovery, validation and proof generation. If systems like this can reliably reduce false positives and help researchers find exploitable flaws earlier, they could improve defensive security at scale. The same development also raises governance questions around access, oversight and dual-use risk, since tools capable of finding and proving vulnerabilities may be valuable to both defenders and attackers.

The company also discussed broader implications for AI-assisted cybersecurity operations, including the use of agentic AI systems for vulnerability discovery, validation, and remediation workflows. Microsoft stated that the system is currently being tested internally and through a limited private preview involving selected customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Practice Note on AI issued by Australia’s Supreme Court of Victoria

Australia’s Supreme Court of Victoria has issued a Practice Note for court users and Judicial Guidelines for judicial officers on the use of AI, setting out how the technology may be used in court processes while preserving accuracy, privacy, accountability and fairness.

The Practice Note recognises that AI may enhance access to justice, but warns court users to understand the risks when using AI to prepare court documents. It states that users remain responsible for the content of documents they file, whether or not AI has been used.

Court users are also warned that filing documents containing inaccuracies could lead to costs orders. The Practice Note outlines privacy issues linked to different types of AI tools and notes possible sanctions for legal practitioners who rely on unverified AI outputs.

The Judicial Guidelines state that generative AI must not be used for judicial decision-making. Court-approved AI tools may, however, assist judicial officers and court staff with supportive tasks such as organising and locating case materials, producing summaries and chronologies, aiding legal research and proofreading.

The guidelines stress that such uses are not a substitute for reading or listening to evidence and submissions, or for fact-finding where required in judicial decision-making. Judicial officers must consider each matter before them and exercise their own judgement in reaching decisions and giving reasons where appropriate.

The Court said the new documents build on earlier AI guidelines developed in 2024 and respond to a review by the Victorian Law Reform Commission. Chief Justice Richard Niall said the Practice Note and Judicial Guidelines would help mitigate actual and perceived risks of AI use.

Niall said AI should be ‘an aid to, not a replacement of, judicial decision-making’, adding that the Court would continue adapting its practice without sacrificing impartiality, privacy, accountability and fairness.

Why does it matter?

The guidance shows how courts are beginning to define practical limits for AI use without banning it entirely. By allowing supportive uses while excluding generative AI from judicial decision-making, Victoria’s Supreme Court is drawing a line between administrative assistance and the exercise of judicial judgement, a distinction likely to become increasingly important as AI tools enter legal practice.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Africa and China expand digital education ties

South Africa and China have agreed on measures to deepen cooperation in digital education, technical skills development and student mobility following bilateral talks at the World Digital Education Conference in Hangzhou.

The talks brought together South Africa’s Minister of Higher Education and Training, Buti Manamela, and China’s Vice Minister of Education, Xu Qingsen. According to SAnews, the meeting produced a framework for stronger cooperation in areas including AI, vocational training and industry-linked education pathways.

Planned measures include a structured cooperation framework on AI in education and digital transformation, as well as a Joint Technical Working Group to oversee the rollout of China-South Africa Vocational and Technical Centres across all nine South African provinces.

Both countries also committed to expanding technical and vocational education and training cooperation, aligning programmes with industrial sectors such as AI, robotics, renewable energy and advanced manufacturing. Scholarship programmes are also expected to be more closely linked to South Africa’s industrial priorities, including AI, engineering, green energy and the development of TVET lecturers.

The cooperation will include expanded postgraduate study opportunities and joint research initiatives. Future short-term training programmes are expected to focus on AI governance, digital learning systems, industrial policy and digital public infrastructure, to strengthen institutional capacity across government and the post-school education sector.

Officials also highlighted the goal of linking education more directly with employment. Existing cooperation includes a partnership with Beijing Polytechnic College, where South African TVET students completed specialised training in new energy vehicles and hybrid technologies, with Chinese automaker BYD committing to provide internships and employment opportunities.

Why does it matter?

The cooperation links digital education with industrial policy, skills development and employment pathways, rather than treating AI education as a standalone technology issue. By focusing on vocational centres, scholarships, AI governance and digital public infrastructure, South Africa and China are positioning education cooperation as part of broader workforce and institutional capacity-building for the digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

OpenAI sued over alleged ChatGPT role in Florida State University shooting

The family of a victim killed in the April 2025 Florida State University shooting has filed a federal lawsuit in Florida against OpenAI, alleging that ChatGPT enabled the attack. The lawsuit was filed on Sunday by Vandana Joshi, the widow of Tiru Chabba, who was killed alongside university dining director Robert Morales.

The complaint states that the accused shooter, Phoenix Ikner, engaged in extensive conversations with ChatGPT months before leading up to the incident. According to the suit, those exchanges included images and discussions about firearms he had acquired, ideological material, ideological far-right beliefs, and possible outcomes of violent attacks.

The chatbot is further accused of providing contextual information about campus activity and commenting on factors that could increase public attention in violent incidents. This is indicated by the fact that at one point, ChatGPT said, ‘if children are involved, even 2-3 victims can draw more attention’. The filing also claims Ikner asked about legal consequences and planning considerations shortly before the attack.

The lawsuit contends that OpenAI failed to identify escalating risk indicators within the conversations and did not adequately prevent harmful guidance. It argues the system ‘failed to connect the dots’ despite Ikner’s repeated questions about suicide, terrorism and mass shootings.

OpenAI has rejected responsibility for the attack, claiming its platform is not to blame. Company spokesperson Drew Pusateri said ChatGPT generated factual responses that could be found broadly across publicly available information and did not encourage or promote illegal activity. He also stated that OpenAI continues to strengthen safeguards to identify harmful intent, reduce misuse and respond appropriately when safety risks arise.

Joshi’s complaint argues that the system reinforced the shooter’s beliefs and failed to interrupt conversations involving violent ideation. The filing alleges the ChatGPT inflamed, validated and endorsed delusional thinking and contributed to planning discussions while ‘convincing him that violent acts can be required to bring about change’.

The lawsuit forms part of a broader wave of litigation involving AI systems and alleged harm. OpenAI is already facing separate lawsuits linked to incidents involving violence and suicide, raising wider questions about safeguards and user protection

Florida’s Attorney General James Uthmeier announced a criminal investigation into OpenAI and ChatGPT following a review of chat logs connected to the case. Uthmeier said in a statement that ‘If ChatGPT is a person it would be facing charges for murder’.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.