AI company Anthropic has announced a major expansion of Project Glasswing, an initiative aimed at strengthening the security of critical software through AI-assisted vulnerability detection.
After initially providing access to around 50 organisations, the programme will expand to approximately 150 additional partners across more than 15 countries.
Project Glasswing provides selected organisations with access to Claude Mythos Preview, Anthropic’s cybersecurity-focused AI model. According to Anthropic, participating organisations have identified more than 10,000 high- and critical-severity software vulnerabilities through the programme.
The newly added participants include operators and vendors across critical infrastructure sectors such as power, water, healthcare, communications and hardware manufacturing.
Project Glasswing is intended to help critical organisations adapt before such capabilities become widely accessible.
Alongside the expansion, Anthropic said it plans to provide additional cybersecurity tools, support vulnerability remediation efforts and work with industry, governments and open-source software maintainers to strengthen cyber resilience.
Why does it matter?
The expansion of Project Glasswing highlights the growing role of AI in cybersecurity, particularly in vulnerability discovery and software security testing. As critical infrastructure operators face increasingly sophisticated cyber threats, AI-assisted tools may help identify and address security weaknesses more quickly.
At the same time, the initiative reflects broader concerns that advances in AI could benefit both defenders and attackers, increasing the importance of responsible deployment, coordinated security research and resilience planning across critical sectors.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
US President Donald Trump has signed an executive order aimed at advancing AI innovation while strengthening cybersecurity protections across government networks and critical infrastructure sectors.
The order directs federal agencies to strengthen cyber defences and expand the use of AI-powered security tools. Several federal departments have been given 30-day deadlines to begin implementing additional protections for national security systems, civilian government networks and critical infrastructure operators.
A central element of the initiative is the creation of an AI cybersecurity clearinghouse that will work with technology companies and infrastructure providers to identify software vulnerabilities, coordinate security research and support faster patch deployment.
Federal officials will also examine funding opportunities for projects focused on advanced AI vulnerability detection and expand cybersecurity recruitment programmes.
The executive order also introduces a voluntary framework for developers of advanced AI models. Under the framework, companies may choose to work with the government to determine whether their systems qualify as frontier AI models and provide secure early access for cybersecurity assessments prior to broader deployment.
Administration officials emphasised that the framework does not create mandatory licensing or government approval requirements for the release of new AI technologies.
Why does it matter?
The order signals a US strategy of accelerating AI development while addressing emerging national security risks, reflecting growing competition among major economies to lead the next generation of advanced technologies.
Its emphasis on voluntary collaboration rather than strict regulation could influence how other countries approach AI governance, innovation and cybersecurity in the years ahead.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The Aithos Research Foundation has launched Aithos LARA (Legal Assessment for Real-world Agents), a public evaluation framework designed to assess whether AI agents comply with key European legal requirements.
The framework places AI models in simulated workplace and consumer-service scenarios where completing assigned tasks may involve actions that conflict with provisions of the EU AI Act or the General Data Protection Regulation (GDPR).
According to Aithos, an initial evaluation involving more than 3,000 tests across 12 frontier AI models found that none consistently met acceptable levels of legal compliance. Compliance rates ranged from 7% to 54%, with the highest-performing model adhering to legal requirements in only slightly more than half of the assessed scenarios.
The research suggests that current frontier AI systems may prioritise task completion over legal obligations when operating with a high degree of autonomy.
Furthermore, the study assessed compliance with six provisions of the EU AI Act and four core GDPR principles, including transparency, lawful processing, data minimisation and purpose limitation.
Researchers reported instances in which models generated outputs that would conflict with some of the AI Act’s prohibited practices, including exploiting vulnerable individuals, conducting emotion recognition in workplace environments and engaging in forms of manipulation prohibited under European law.
To increase transparency, Aithos has made evaluation transcripts, model outputs and judicial assessments publicly available. The organisation argues that independent and public oversight can complement company-led governance efforts by providing greater transparency into how AI systems behave in legally and ethically sensitive contexts.
Why does it matter?
The findings highlight the challenges of deploying AI agents in regulated environments where legal compliance is essential. As organisations increasingly explore AI for customer service, human resources, finance and operational decision-making, ensuring that systems comply with data protection and AI regulations is becoming a key governance requirement.
The research also underscores the growing importance of independent testing and oversight mechanisms as policymakers and regulators seek to evaluate how autonomous AI systems behave in real-world scenarios.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
International Labour Organization (ILO) Director-General Gilbert F. Houngbo has called for a human-centred approach to AI at the opening of the 114th International Labour Conference in Geneva. He said the future of work would depend not only on technological advances, but also on the policies, institutions and social dialogue shaping their impact on people’s lives.
Drawing on his report ‘A Moment of Choice: Harnessing Artificial Intelligence for Decent Work‘, Houngbo outlined an agenda focused on rights, employment and skills, social protection, and social dialogue. He argued that productivity gains generated by AI should be shared through higher wages, stronger labour protections and more inclusive economic growth.
Houngbo warned that decisions taken today would determine whether AI expands opportunity and shared prosperity or contributes to greater inequality and insecurity. He also situated AI governance within a broader context of economic uncertainty, citing ILO estimates that a prolonged oil-price shock could reduce global working hours by the equivalent of millions of full-time jobs and lead to significant labour income losses by 2027.
Delegates will also hold a second discussion on decent work in the platform economy, with the aim of developing new international labour standards. The draft Convention and Recommendation cover employment promotion, protections for digital platform workers, and provisions relating to automated systems used by digital labour platforms.
Delegates from governments, employers, and workers will also address gender equality, social dialogue, tripartism, and the application of labour standards. The conference, which brings together representatives from the ILO’s 187 Member States, will run until 12 June.
Why does it matter?
As AI becomes increasingly integrated into workplaces, governments, employers and workers are debating how productivity gains, skills requirements and labour protections should evolve. The ILO’s focus on human-centred AI reflects growing international efforts to ensure that technological change supports decent work rather than exacerbating inequality.
The discussions are also significant because they could influence future international labour standards for platform work and the use of automated systems in employment, helping shape how AI affects workers worldwide.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The World Health Organization (WHO) has published a discussion paper examining how AI could reshape evidence-informed health policymaking. The paper, titled ‘Artificial intelligence and evidence-informed policy – emerging challenges and opportunities’, examines how AI can affect the way health problems are defined, policy options are designed, and impact is assessed.
The paper was developed jointly by WHO’s Department of Data, Digital Health, Analytics and AI and its Department of Science for Health. It is intended for policy-makers, regulators, health managers, and AI developers, and organises its analysis around the policy cycle, from understanding problems to designing solutions and monitoring implementation.
According to the paper, AI can strengthen policy analysis through the use of larger datasets, continuous evidence synthesis and faster scenario modelling. The paper also identifies risks throughout the policy cycle, including data bias, excessive focus on measurable indicators, digital divides, cybersecurity vulnerabilities and the possibility that automated monitoring systems could gradually shift policy implementation away from its original objectives.
A recurring concern is what the paper describes as ‘epistemic injustice’, whereby AI systems may prioritise quantifiable and data-rich evidence while overlooking lived experience, local expertise, Indigenous knowledge and community-based perspectives. WHO says existing evidence-informed policymaking tools and AI governance frameworks already converge on transparency, participatory engagement, rights protection, and risk-based oversight.
WHO recommends conducting algorithmic impact assessments and technology readiness reviews before deploying AI systems in policymaking processes. Once systems are deployed, WHO recommends continuous evidence-review processes, human verification mechanisms and multidisciplinary oversight, emphasising that AI should support rather than replace human judgement in health policymaking.
Why does it matter?
AI is increasingly being used to analyse large datasets, model policy scenarios and support public-sector decision-making. As governments and international organisations explore these capabilities, questions about transparency, accountability, bias and human oversight are becoming more important.
WHO’s recommendations highlight the need to balance AI’s analytical potential with safeguards that protect human rights, ensure inclusive policymaking and maintain human responsibility for policy decisions.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Greece’s Minister of Digital Governance and Artificial Intelligence, Dimitris Papastergiou, has outlined a broad digital transformation agenda in an interview with the newspaper Manifesto, highlighting new legislation, AI deployment, cybersecurity measures and digital public services.
Papastergiou highlighted the growing use of AI in public administration, including the mAigov digital assistant, which has handled more than 4.4 million citizen queries. Greece is also investing in AI infrastructure projects, including the Daedalus supercomputer and the Pharos AI Factory, while preparing national legislation aligned with the EU AI Act.
The minister also highlighted a memorandum of understanding with voice AI company ElevenLabs aimed at improving accessibility and public services through voice-based technologies. Additional initiatives include the creation of a Unified Property Hub, stronger anti-phishing measures, a National Malicious Websites Blocking List, the Defective Vehicle Recall Registry and enhancements to the MyStreet application.
Greece’s plans illustrate how governments are increasingly combining AI deployment, digital public services and cybersecurity measures within broader digital transformation strategies.
The initiatives also reflect wider European efforts to improve interoperability, strengthen digital infrastructure, enhance online safety for children and prepare for the implementation of the EU AI Act.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Computers, Privacy and Data Protection (CPDP) conference is an annual gathering that brings together academics, policymakers, industry representatives, civil society, students, and EU institutions to discuss emerging digital policy challenges. This year’s theme was ‘Competing Visions, Shared Futures’, the 19th in the series, and it hosted approximately 150 panels over the span of 3 days in Brussels.
What is CPDP?
CPDP’s value lies in its multidisciplinary approach. With academics presenting their work or debating topical issues, as well as with industry and policy experts bringing their expertise to the table, the event creates a space for honest conversations among participants.
The conference is sponsored by organisations such as Google, TikTok, Apple, as well as the European Data Protection Supervisor (EDPS), European Union Agency for Fundamental Rights (FRA) and VBU. Google even presented its Banana AI model in a photo booth, allowing participants to modify photos they took in the booth.
Alongside panels, CPDP hosts an array of workshops, short films, artwork, radio programming, promotion booths, dedicated DPO, youth, finance and IT tracks, book launches, and pop-up exhibitions. The event always closes the day in style with an open bar and a party to chat and network at.
CPDP is not a typical conference with just panels, attendees, moderators, and lengthy speeches. The conference inspires creativity and gives the freedom to achieve it. This was proven by the diverse topics showcased in the event’s schedule over the three days.
From a fireside chat with the artist, Simon Denny, behind the conference’s art, who uses AI as a medium in some of his work, to typical discussions about the Digital Omnibus or tracking period apps, all the way to an exiled journalist talking about Russian internet censorship. There was something for everyone.
Image via Magnific
What was presented?
The breadth of topics discussed at CPDP offers insight into the issues currently shaping Europe’s digital policy agenda. There were approximately 150 panels in total, with data protection, AI, the Digital Omnibus and the topics of digital sovereignty receiving the most attention. Data protection received the most attention overall, as 33 panels were dedicated to the topic. This was followed by 26 panels on AI, 12 on the Digital Omnibus, 10 on digital sovereignty, and 7 on child-related protection.
The distribution of panels reflects the growing prominence of AI in digital policy discussions. However, data protection topics, including privacy and the GDPR, are still the frontrunners in terms of topic relevance. Newer and emerging topics reveal what is topical in the digital world.
Growing concerns over US tech reliance have intensified discussions about EU digital sovereignty. Alongside this, another heavily debated and sensitive topic is child protection in the online context and its generative AI implications, which raises questions about how to better protect children online.
Emerging topics at CPDP
Digital sovereignty is a challenging topic as it encompasses a lot and has yet to be defined, meaning that taking action can look different for a wide variety of actors. Several discussions framed digital sovereignty as a pathway towards greater digital independence and reduced reliance on external technology providers. In order to try to achieve digital sovereignty, public procurement should be steered away from non-EU actors and towards EU businesses to develop a European stack.
Yes, private partnerships are important, but public ones set the tone. Several participants argued that public procurement choices will play an important role in determining whether EU can strengthen domestic digital capabilities and reduce strategic dependencies. Digital sovereignty needs to come from all corners of the market and society; that is the challenge.
A very interesting panel on data protection and AI, the GDPR, and privacy occurred. In Academic Session I, Stephanie von Maltzan presented findings about her groundbreaking research on LLM unlearning. The larger the LLM, the more data points it will be trained on and the more complex its ‘web’ will be.
Removing data points is not a common practice, given how data points interact with each other, meaning that complexity overrides certain fundamental rights. For example, when data subjects invoke their right to erasure under Article 17 of the GDPR, they may request that certain data be deleted in an LLM, yet this request is difficult to carry out in practice.
The research highlights one of the emerging challenges at the intersection of AI governance and data protection. She presents a two tier model in which the actively deployed LLM is accompanied by a parallel ‘shadow’ model.
After receiving a valied erasure request, the ‘shadow model’ would undergo the necessary unlearning processes to remove the relevant data. In the second tier, in a scheduled update, the ‘shadow’ model, which had undergone unlearning, would replace the initial LLM, thereby upholding data subject requests.
Apart from these insightful exchanges of knowledge on AI, digital sovereignty and data protection, the conference offered practical workshops on how to brainstorm re-writing the proposed Article 88b of the Omnibus, data protection officer and cybersecurity crisis scenarios, as well as open conversations about how to protect children in online environments.
Remaining questions
The conference also highlighted several unresolved policy questions that continue to shape European digital governance debates.
Regarding the Digital Omnibus, would companies scale up overnight if we removed regulations?
Does digital sovereignty need/have a definition, or should it be left to the meaning of ‘digital independence’?
Open markets vs data protection, where is the balance?
Regarding digital sovereignty, which clouds should be used in the EU?
Should simplification mean using the once-used definition of personal data by the CJEU, or sticking to the definition relied on in law, cases, and practice?
In order to protect EU sovereignty, should parts of the stack be a public utility?
Why does it matter?
CPDP 2026 demonstrated that while privacy and data protection remain central pillars of European digital policy, debates around AI governance, digital sovereignty and online child protection are rapidly gaining prominence.
The discussions highlighted the growing challenge of balancing innovation, competitiveness, fundamental rights and strategic autonomy as Europe defines its digital future.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Microsoft has introduced Majorana 2, its next-generation topological quantum chip, alongside the general availability of Microsoft Discovery, an AI-powered research platform designed to accelerate scientific discovery.
The company says the new chip delivers a 1,000-fold improvement in qubit reliability compared with the previous generation, representing a step towards more scalable quantum computing.
Majorana 2 incorporates a new materials stack based on lead superconductors, enabling a mean qubit lifetime of 20 seconds, with some qubits remaining stable for up to 1 minute. Microsoft says the improvement has allowed it to shorten its projected timeline for a scalable quantum computer, aiming for 2029.
A key element of the announcement is the role of Microsoft Discovery, the company’s agentic AI platform for scientific research and development. Microsoft said its quantum team used specialised AI agents to automate measurements, optimise fabrication processes, analyse large datasets, identify previously unnoticed flaws, and generate new research hypotheses.
According to Microsoft, agentic AI has become a regular part of its quantum research workflow, supporting scientists and engineers as they manage complex materials, fabrication, software, and measurement challenges.
The company also announced that Microsoft Discovery is now generally available for organisations conducting research in sectors such as life sciences, materials science, chemicals, energy, manufacturing, and consumer goods. A free local application is also being released in preview, allowing individual researchers to access core AI-driven research capabilities through a GitHub Copilot account.
Why does it matter?
Quantum computing still faces major barriers around qubit stability, reliability, error correction, and scalability. Microsoft’s announcement is significant because it links progress in quantum hardware with the use of agentic AI in scientific workflows. If the company’s roadmap holds, AI-assisted research could help accelerate progress towards practical quantum systems, with potential long-term implications for materials science, energy, health, chemistry, and other fields that depend on complex simulation.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation on proposed advisory guidelines governing the use of personal data in generative AI systems. Published on 2 June, the draft guidelines seek feedback on how Singapore’s Personal Data Protection Act (PDPA) applies when personal data is used in the development and deployment of generative AI systems.
The proposed guidelines address the collection and use of personal data for generative AI model development, the allocation of data protection responsibilities across the AI lifecycle, and the handling of individual rights requests relating to personal data. The guidance is organised around development, deployment, and post-deployment stages.
For model development, the draft guidelines clarify how organisations may rely on exemptions for publicly available information when using web-scraped datasets containing personal data. They also set out considerations for data behind digital barriers such as paywalls, registration requirements, authentication mechanisms, and tools that block automated access.
The PDPC proposes that general privacy notices should not be considered sufficient for obtaining consent to use personal data for large-scale AI training or fine-tuning. Organisations would instead be expected to provide AI-specific notices explaining the categories of personal data used, the purpose of the processing, the model’s intended functions, and how individuals can refuse or withdraw consent.
The proposed guidelines also outline responsibilities for model providers, system providers, and system deployers, including retention, protection, purpose limitation, and accountability obligations. The post-deployment guidance addresses access and correction requests while recognising technical challenges associated with large datasets, embeddings, temporary context windows and the removal of specific information from trained models. Interested parties may submit comments to the PDPC by 1 July 2026.
Why does it matter?
The consultation highlights the growing challenge of applying existing data protection laws to generative AI systems that rely on large-scale data collection and model training. Regulators worldwide are increasingly examining how privacy principles such as consent, transparency and purpose limitation should operate in AI development.
Singapore’s proposed guidance could provide an important reference point for organisations developing or deploying generative AI, particularly in areas such as web scraping, AI training datasets and the allocation of responsibilities across the AI value chain.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
NGI Commons has outlined expectations for the European Union’s forthcoming Tech Sovereignty Package, a policy initiative aimed at strengthening Europe’s control over critical digital technologies and reducing reliance on non-European providers.
The initiative is expected to focus on semiconductors, cloud computing, AI and open-source software. According to NGI Commons, the package aims to align and simplify existing policies rather than introduce a new layer of regulation.
The framework builds on recommendations from Mario Draghi’s report on European competitiveness and seeks to support innovation, competitiveness and the EU’s broader objective of open strategic autonomy. A central element of the proposal is the recognition of open technologies as digital commons that underpin Europe’s digital ecosystem.
The analysis argues that open-source software should be treated as strategic infrastructure and supported through long-term funding, coordinated development efforts and greater public-sector adoption to strengthen digital resilience and security.
The report notes that challenges remain, including securing long-term funding, managing the growing energy demands of AI infrastructure and attracting investment, as policymakers seek to balance technological sovereignty with competitiveness.
Why does it matter?
The Tech Sovereignty Package is expected to shape how Europe approaches critical technologies such as semiconductors, cloud services, AI and open-source software in the coming years.
By treating open technologies as strategic infrastructure, policymakers could strengthen digital resilience, reduce external dependencies and support the EU’s broader goal of technological sovereignty while maintaining competitiveness in the global digital economy.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
