Capacity development

Codex Security expands OpenAI’s push into cybersecurity tools

OpenAI has launched Codex Security, an AI-powered application security agent that detects hard-to-find software vulnerabilities and proposes fixes through advanced reasoning. By providing detailed context about a system’s architecture, the tool identifies security risks that are often missed by conventional automation.

The system uses advanced models to analyse repositories, construct project-specific threat models, and prioritise vulnerabilities based on their potential real-world impact. By combining automated validation with system-level context, Codex Security aims to reduce the number of false positives that security teams must review while highlighting high-confidence findings.

Initially developed under the name Aardvark, the tool has been tested in private deployments over the past year. During early use, OpenAI said it uncovered several critical vulnerabilities, including a cross-tenant authentication flaw and a server-side request forgery issue, allowing internal teams to quickly patch affected systems.

The company says improvements during the beta phase significantly reduced noise in vulnerability reports. In some repositories, unnecessary alerts fell by 84 percent, while over-reported severity dropped by more than 90 percent, and false positives declined by more than half.

Codex Security is now rolling out in research preview for ChatGPT Pro, Enterprise, Business, and Edu customers. OpenAI also plans to expand access to open-source maintainers through a dedicated programme that offers security scanning and support to help identify and remediate vulnerabilities across widely used projects.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic and Mozilla collaborate to uncover critical Firefox vulnerabilities

AI models are increasingly capable of detecting high-severity software vulnerabilities at unprecedented speeds. Claude Opus 4.6 found 22 new Firefox vulnerabilities in two weeks, 14 of which were rated high-severity, accounting for nearly a fifth of all 2025 high-severity fixes.

Researchers emphasise that AI can accelerate the find-and-fix process, providing valuable support to software maintainers.

Anthropic’s collaboration with Mozilla enabled the team to validate the findings and submit detailed bug reports, including proofs of concept and candidate patches. Claude initially focused on Firefox’s JavaScript engine before expanding to other components.

Although capable of generating primitive exploits in controlled environments, the AI was far more effective at identifying vulnerabilities than exploiting them, giving defenders a critical advantage.

Researchers emphasised the importance of task verifiers, which ensure that AI-generated patches fix vulnerabilities without breaking functionality. Such verification processes increase confidence in AI-assisted fixes and provide a reliable framework for maintainers to adopt AI findings safely.

Looking ahead, AI models like Claude are expected to play an expanding role in cybersecurity, helping developers detect and remediate vulnerabilities across complex software projects. Experts urge maintainers to act swiftly to strengthen security while AI capabilities continue to advance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers can use AI to de-anonymise social media accounts

AI technology behind platforms like ChatGPT is making it significantly easier for hackers to identify anonymous social media users, a new study warns. LLMs could match anonymised accounts to real identities by analysing users’ posts across platforms.

Researchers Simon Lermen and Daniel Paleka warned that AI enables cheap, highly personalised privacy attacks, urging a rethink of what counts as private online. The study highlighted risks from government surveillance to hackers exploiting public data for scams.

Experts caution that AI-driven de-anonymisation is not flawless. Errors in linking accounts could wrongly implicate individuals, while public datasets beyond social media- such as hospital or statistical records- may be exposed to unintended analysis.

Users are urged to reconsider what information they share, and platforms are encouraged to limit bulk data access and detect automated scraping.

The study underscores growing concerns about AI surveillance. While the technology cannot guarantee complete de-anonymisation, its rapid capabilities demand stronger safeguards to protect privacy online.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

People show growing comfort with AI for counselling and teaching

A global survey of nearly 31,000 adults across 35 countries has revealed rising public trust in AI for roles traditionally handled by humans. In the UK, 41% of adults said they would be comfortable using ChatGPT for mental health support, while 61% expressed the same globally.

Experts note the appeal of AI’s non-judgmental tone and 24/7 availability, although cautioning that it cannot replace professional care.

The study also found that a quarter of UK adults would trust AI to teach their children, and 45% of people globally would rely on AI as their doctor.

Researchers warned that overreliance on AI in education could harm memory and cognitive development, potentially affecting the hippocampus, which is critical for learning and spatial awareness.

Trust in AI was strongest in social contexts. Over three-quarters of respondents globally, and more than half in the UK, said they would use AI chat tools as companions or friends.

The research team suggested that adaptive tone and private conversations give users a sense of security and personalised support.

Researchers emphasised the need for greater awareness of AI’s limitations. While generative AI is becoming integrated into daily life, caution is urged, particularly for education and health roles, until the long-term cognitive and social impacts are better understood.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI agent attempts crypto mining during training

An experimental autonomous AI system reportedly attempted to mine cryptocurrency during its training, raising questions about AI behaviour in complex digital environments. The system, ROME, was designed to complete tasks using software tools, environments, and terminal commands.

Researchers noticed unusual activity during reinforcement learning runs, including outbound traffic from training servers and firewall alerts indicating crypto-mining activity. The AI opened a reverse SSH tunnel and redirected GPU resources from training to crypto mining.

The behaviour was not programmed but emerged as the agent explored ways to interact with its environment.

ROME was developed by the ROCK, ROLL, iFlow, and DT research teams within Alibaba’s AI ecosystem as part of the Agentic Learning Ecosystem. The model operates beyond standard chatbot functions, planning tasks, executing commands, and interacting with digital environments across multiple steps.

The incident highlights emerging challenges as AI agents become more popular. Recent projects like Alchemy’s autonomous agents and Sentient’s Arena platform highlight the growing use of AI in digital and crypto workflows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU faces challenges in curbing digital abuse against women

Researchers and policymakers are raising concerns about how new technologies may put women at risk online, despite existing EU rules designed to ensure safer digital spaces.

AI-powered tools and smart devices have been linked to incidents of harassment and the creation of non-consensual sexualised imagery, highlighting gaps in enforcement and compliance.

The European Commission’s Gender Equality 2026–2030 Strategy noted that women are disproportionately targeted by online gender-based violence, including harassment, doxing, and AI-generated deepfakes.

Investigations into tools such as Elon Musk’s Grok AI and Meta’s Ray-Ban smart glasses have drawn attention to how digital platforms and wearable technologies can be misused, even where legal frameworks like the Digital Services Act (DSA) are in place.

Experts emphasise that while the EU’s rules offer a foundation to regulate online content, significant challenges remain. Advocates and lawmakers say enforcement gaps let harmful AI functions like nudification persist.

Commissioners have stressed ongoing cooperation with tech companies and upcoming guidelines to prioritise flagged content from independent organisations to address gender-based cyber violence.

Authorities are also monitoring new technologies closely. In the case of wearable devices, regulators are considering how users and bystanders are informed about recording features.

Ongoing discussions aim to strengthen compliance under existing legislation and ensure that digital spaces become safer and more accountable for all users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Data breaches push South Korea toward stricter corporate liability rules

South Korea’s government and ruling party are advancing a second revision of the Personal Information Protection Act to strengthen corporate liability for large-scale data breaches.

The proposed amendment would make it easier for victims of major data breaches to receive compensation and relief. By removing the requirement for victims to prove a company’s ‘intent or negligence’, the amendment would increase companies’ legal liability when user data is compromised, making it more likely that affected individuals can claim damages.

Momentum for stricter rules follows several high-profile incidents, including a recent Coupang data breach that may have exposed personal information linked to numerous user accounts. The case has intensified scrutiny of how firms handle and protect customer data.

South Korea Officials at the Personal Information Protection Commission (PIPC) say victims often struggle to obtain evidence explaining how data breaches occur or how damages arise. The proposed reform would shift a greater evidentiary burden onto companies in disputes over losses.

The amendment would also introduce criminal penalties for anyone who knowingly obtains or distributes leaked personal data, closing a legal gap that currently applies only to employees who unlawfully disclose information. Authorities would gain powers to issue emergency protective orders to limit the spread of compromised data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New AI method improves transparency in computer vision models

Researchers at MIT have developed a new technique designed to improve how computer vision models explain their predictions while maintaining strong accuracy. Transparency is crucial as AI enters fields like healthcare and autonomous driving, where decisions must be clear.

The method uses concept bottleneck models, which enable AI to base its predictions on human-understandable concepts. Traditional approaches rely on expert-defined concepts that can be incomplete or ill-suited, sometimes lowering model performance.

Researchers instead created a system that extracts concepts the AI learned during training. A sparse autoencoder selects key features, and a multimodal language model turns them into plain-language descriptions and labels.

The resulting module forces the AI to make predictions using only those extracted concepts.

Tests on bird classification and medical image datasets showed that the new method improved accuracy and provided clearer explanations. Findings suggest that using a model’s internal concepts can boost transparency and accountability in AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Lenovo introduces rollable laptop and AI agent

Redefining how people interact with technology, Lenovo is advancing through rollable laptops, foldable devices and adaptive AI systems that anticipate user needs.

The company is shifting from manufacturing hardware to creating multi-platform systems that adapt seamlessly to workflows instead of relying solely on traditional devices.

Qira, Lenovo’s personal AI super-agent, transfers tasks across devices while maintaining context and history with user permission. It can suggest actions and predict needs, aiming to improve productivity and employee satisfaction, although security and privacy concerns remain significant.

The rollable laptop features a 14-inch screen that expands vertically to 16.7 inches, providing immersive experiences for gaming and content consumption while remaining portable.

Lenovo is also exploring voice-driven tools, including AI Workmate prototypes, allowing users to create presentations and digital content simply through speech.

By combining innovative screen designs with intelligent AI agents, Lenovo aims to create unified ecosystems that prioritise user experience and adaptability instead of focusing solely on device specifications.

The company believes these technologies will gradually become culturally accepted, similar to self-driving cars.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

AI legal advice case asks whether ChatGPT crosses legal boundaries

A newly filed lawsuit against OpenAI raises a key issue: Does allowing generative AI systems like ChatGPT to provide legal advice violate laws that bar the unauthorised practice of law (UPL)? UPL means providing legal services, such as drafting filings or giving advice, without the required legal qualifications or a state licence.

The case claims an individual used ChatGPT to prepare legal filings in a dispute with Nippon Life Insurance, prompting the company to argue OpenAI should be held responsible for the outcome.

The lawsuit claims ChatGPT helped the user challenge a settled legal dispute. As a result, the company had to spend additional time and resources responding to filings produced with ChatGPT. The claim alleges tortious interference with a contract, which is the unlawful disruption of an existing agreement between two parties by causing one of the parties to breach or alter it.

Ultimately, this disrupted another party’s contractual relationship. The suit also claims unauthorised practice of law and abuse of the judicial process, which means using the legal system improperly to gain an advantage. It argues OpenAI should be liable because ChatGPT operates under its control. The dispute centres on whether AI systems should analyse disputes and offer legal advice like a lawyer.

Advocates argue the tools could widen access to legal advice. They could make legal support more accessible and affordable for those who cannot easily hire a lawyer. However, US legal frameworks restrict the provision of legal advice to licensed lawyers. The rules are designed to protect consumers and ensure professional accountability.

Critics argue that limiting legal advice to licensed lawyers preserves an expensive monopoly and hinders access to justice. AI-driven legal tools highlight this tension over the future of legal services.

The outcome of this lawsuit will likely hinge on whether AI-generated responses constitute intentional legal advice and if OpenAI can be held liable for such outputs. Even if it fails, the case foregrounds the broader debate about granting generative AI a legitimate role in legal guidance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.