Capacity development

UK NCSC evaluates best practices for open source software and supply chain risk management

The UK government, through the Department for Science, Innovation and Technology (DSIT), has commissioned research to evaluate best practices for managing risks associated with open-source software (OSS). The study assesses existing guidance on OSS security and resilience, examines its effectiveness across sectors, and provides recommendations for strengthening software supply chain security. That research is part of the government’s wider work to improve the UK’s cyber defences and protect and grow the economy.

The report outlines key recommendations for organisations using OSS, including:

  • Establishing an internal OSS policy to manage the adoption of OSS components.
  • Creating a Software Bill of Materials (SBOM) to track OSS components and their dependencies.
  • Continuously monitoring the software supply chain with software composition analysis (SCA) tools to identify vulnerabilities and licensing issues.
  • Actively engaging with the OSS community to attract talent, foster innovation, enhance reputation, and ensure a sustainable ecosystem.
  • Using automation tools to streamline OSS management processes, particularly for smaller organisations, as a cost-effective alternative to manual practices.

The report also highlights the need for further research and policy development in areas such as scale-appropriate best practice guidance, industry-specific OSS management frameworks, standardised metrics for evaluating OSS component maturity, and the impact of community engagement on OSS quality and security.

For more information on these topics, visit diplomacy.edu.

OpenSSF launches security baseline to strengthen open source software protection

The Open Source Security Foundation (OpenSSF) has introduced the Open Source Project Security Baseline (OSPS Baseline), a structured framework of security requirements designed to align with international cybersecurity regulations and best practices.

The OSPS Baseline provides a tiered approach that evolves with project maturity, integrating guidance from OpenSSF and industry experts to help open-source projects enhance their security posture. Following the Baseline enables developers to align with global cybersecurity regulations, including the EU Cyber Resilience Act (CRA) and the US National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

Several projects, including GUAC, OpenVEX, bomctl, and Open Telemetry, participated in the pilot rollout. OpenSSF encourages developers and maintainers to adopt the framework and contribute to its ongoing refinement.

For more information on these topics, visit diplomacy.edu.

Celestial AI aims to rival Nvidia with innovative photonic technology

Celestial AI has raised an additional $250 million in venture capital, bringing its total funding to $515 million. The Silicon Valley startup is developing photonics-based technology to improve the speed and efficiency of AI computing.

By using light instead of electrical signals to connect AI chips with memory, the company aims to address the growing demand for higher memory bandwidth, a crucial factor in AI development.

Nvidia currently dominates this space with its NVLink and NVSwitch technologies, prompting a race among startups to develop alternative solutions.

Celestial AI’s ‘photonic fabric’ technology is designed to act as a high-speed bridge between chips, offering improved energy efficiency and lower latency. Backed by AMD’s venture arm, the company is positioning itself as a viable alternative to Nvidia’s proprietary systems.

The latest funding round was led by Fidelity Management & Research and included major investors such as BlackRock, Maverick Capital, and Tiger Global. Other participants included Temasek, Porsche Automobil Holding, and The Engine Ventures.

As AI hardware innovation accelerates, Celestial AI is among a growing group of startups seeking to reshape the industry with new approaches to chip design.

For more information on these topics, visit diplomacy.edu.

Reliance Jio and SpaceX partner for Starlink in India

Mukesh Ambani’s Reliance Jio has struck a deal with Elon Musk’s SpaceX to bring Starlink satellite internet services to India, marking a surprising turn after months of rivalry over spectrum allocation.

Under the agreement, Jio will stock Starlink equipment in its retail stores, giving the US company direct access to thousands of outlets across the country.

Move like this one comes after New Delhi sided with Musk’s preferred method of spectrum allocation, despite Ambani’s earlier concerns that Starlink could dominate India’s telecom sector.

The deal follows a similar partnership between Starlink and Bharti Airtel, India’s second-largest telecom provider, both of which depend on government approval for operations to begin. While Airtel’s shares dipped slightly after the Jio announcement, Reliance Industries saw a marginal rise in trading.

Starlink, which has been awaiting licenses since 2022 due to national security concerns, is using the agreement as a low-cost entry into India’s fast-growing satellite internet market, expected to reach $1.9 billion by 2030.

For Musk, the stakes in India go beyond Starlink, as he recently secured a deal to open Tesla’s first showroom in the country.

However, high tariffs on imported electric vehicles remain a challenge. Meanwhile, Jio and SpaceX are also exploring other areas of cooperation, while Jio continues its own satellite broadband plans with Luxembourg-based SES.

Despite past disputes, the partnership signals a shift from competition to collaboration in India’s evolving telecom landscape.

For more information on these topics, visit diplomacy.edu.

Duffy criticises Verizon over FAA contract delays

US Transportation Secretary Sean Duffy criticised Verizon on Tuesday for delays in its $2.4 billion, 15-year contract with the Federal Aviation Administration (FAA), saying the company is ‘not moving fast enough.’

As the FAA works to upgrade ageing air traffic control systems, Duffy stressed the need for multiple companies to contribute to the effort, adding that the American public ‘can’t wait 10 or 12 years’ for improvements.

Verizon defended its progress, stating it is actively working with FAA technology teams and is open to collaborating with other firms offering complementary services.

Meanwhile, SpaceX’s Starlink denied reports that it aims to take over the FAA contract, saying it could be a partial solution but has no plans to replace Verizon’s role.

The FAA has been testing Starlink terminals in Alaska to improve weather data access, while the Government Accountability Office warns that one-third of US air traffic control systems are outdated and unsustainable.

Some Democrats have suggested shifting the FAA contract to Starlink due to Elon Musk’s ties to Donald Trump, but no official decisions have been made.

For more information on these topics, visit diplomacy.edu.

ICBC unveils $11 billion innovation fund

China’s Industrial and Commercial Bank (ICBC), the world’s largest commercial lender by assets, has launched an 80 billion yuan ($11.04 billion) technology and innovation fund to bolster the private sector.

The state-owned bank announced that the fund will focus on ‘hard technology’ fields such as semiconductors and advanced manufacturing rather than ‘soft’ technology like internet services.

ICBC chairman Liao Lin emphasised that the initiative aligns with central leadership directives, aiming to turn supportive policies into tangible benefits for private enterprises. The bank described the fund as ‘patient capital,’ indicating a long-term investment strategy rather than a rush for quick profits.

The launch follows China’s recent policy priorities for 2025, unveiled at its annual parliamentary meeting, which stress boosting consumption and achieving technological advances amid ongoing tensions with the US.

Additionally, the government plans to establish a state-backed fund to raise 1 trillion yuan from private investment to support technology startups.

For more information on these topics, visit diplomacy.edu.

Trump administration ends support for cybersecurity projects

The Trump administration has cut funding for two key cybersecurity initiatives, including one supporting election security, sparking concerns over potential vulnerabilities in future US elections.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it would end around $10 million in annual funding to the non-profit Center for Internet Security, which manages election-related cybersecurity programmes.

However, this move comes as part of a broader review of CISA’s election-related work, during which over a dozen staff members were placed on administrative leave.

The decision follows another controversial step by the administration to dismantle an FBI task force that investigated foreign influence in US elections.

Critics warn that reducing government involvement in election security weakens safeguards against interference, with Larry Norden from the Brennan Center for Justice calling the cuts a serious risk for state and local election officials.

The National Association of Secretaries of State is now seeking clarification on CISA’s decision and its wider implications.

CISA has faced Republican criticism in recent years for its role in countering misinformation related to the 2020 election and the coronavirus pandemic. However, previous leadership maintained that the agency’s work was limited to assisting states in identifying and addressing misinformation.

While CISA argues the funding cuts will streamline its focus on critical security areas, concerns remain over the potential impact on election integrity and cybersecurity protections across local and state governments.

For more information on these topics, visit diplomacy.edu.

Xpeng plans major investment in humanoid robots

Chinese electric vehicle maker Xpeng is making a long-term push into humanoid robots, with potential investments reaching up to 100 billion yuan ($13.8 billion), according to CEO He Xiaopeng. Speaking at the annual parliamentary session, He described the company’s current investment as conservative but signalled a willingness to scale up significantly over the next two decades. Xpeng, which entered the humanoid robotics sector in 2020, unveiled its Iron humanoid robot last November, positioning it as a rival to Tesla’s Bot.

Chinese automakers are increasingly venturing into robotics, encouraged by policymakers aiming for breakthroughs in the field. Stellantis-backed Leapmotor has also joined the race, forming a robotics team to develop machines for industrial applications such as factory assembly lines. CEO Zhu Jiangming stated that these robots are intended to enhance efficiency by replacing human labour in production processes.

Xpeng’s CEO suggested that automakers could invest between 1-2 billion yuan per year in developing and deploying humanoid robots in real-world scenarios. As the industry shifts towards automation, carmakers are betting that advanced robotics will play a crucial role in future manufacturing and mobility solutions.

For more information on these topics, visit diplomacy.edu.

Chinese investors turn to AI for stock market edge

Chinese retail investors are rapidly embracing AI tools like DeepSeek to navigate the stock market, marking a striking shift from last year’s government crackdown on computer-driven quantitative trading.

Online courses and packed training rooms reflect a growing eagerness among small-time traders to use AI-powered models, with many seeing them as essential in the digital age.

DeepSeek, developed by a hedge fund in Hangzhou, has not only boosted Chinese stocks but also reshaped perceptions of the country’s $700 billion hedge fund industry.

Despite the initial backlash against quant funds, which were previously blamed for market volatility, investors are now paying thousands of yuan to attend AI trading seminars.

Social media is flooded with courses teaching traders how to use DeepSeek to analyse companies, pick stocks, and even code their own trading strategies.

While major US funds like BlackRock and Renaissance Technologies have long used AI for investments, DeepSeek’s open-source model makes these tools accessible to China’s smaller asset managers and individual traders.

Financial institutions are also adapting to the AI-driven shift. Brokers are rushing to integrate AI models into their platforms, with industry leaders predicting a complete transformation in how Chinese investors make decisions.

Many now seek trading advice from DeepSeek instead of human wealth managers, reflecting a deep trust in the technology. However, experts warn that AI models still have limitations and could create market risks, especially if large numbers of traders act on the same signals.

While some remain cautious about AI’s role in investing, DeepSeek has undeniably changed public attitudes towards quant fund managers.

Many now view them as contributors to market efficiency rather than as culprits behind retail losses. As China’s stock market continues to evolve, AI looks set to play an increasingly dominant role in shaping investor behaviour.

For more information on these topics, visit diplomacy.edu.

Meta has developed an AI chip to cut reliance on Nvidia, Reuters reports

Meta, the owner of Facebook, Instagram, and WhatsApp, is testing its first in-house chip designed for training AI systems, sources told Reuters.

The social media giant has started a limited rollout of the chip, planning to scale up production if testing delivers positive results. The move represents a crucial step in Meta’s strategy to lessen dependence on external suppliers like Nvidia and lower substantial infrastructure costs.

The company has projected expenses between $114 billion and $119 billion for 2025, with up to $65 billion dedicated to AI infrastructure.

The chip, part of Meta’s Meta Training and Inference Accelerator (MTIA) series, is a dedicated AI accelerator, meaning it is specifically designed for AI tasks rather than general processing. This could make it more power-efficient than traditional GPUs.

Meta is collaborating with Taiwan-based chip manufacturer TSMC to produce the new hardware. The test phase follows Meta’s first ‘tape-out’ of the chip, a crucial milestone in silicon development where an initial design is sent to a chip factory.

However, this process is costly and time-consuming, with no guarantee of success, and any failure would require repeating the tape-out step.

Meta has previously faced setbacks in its custom chip development, including scrapping an earlier version of an inference chip after poor test results. However, the company has since used another MTIA chip for AI-powered recommendations on Facebook and Instagram.

The new training chip aims to first enhance recommendation systems before expanding to generative AI applications like the chatbot Meta AI.

Meta executives hope to implement their own chips for AI training by 2026, although the company continues to be one of Nvidia’s biggest customers, investing heavily in GPUs for its AI operations.

The development comes as AI researchers increasingly question whether scaling up large language models by adding more computing power will continue to drive progress. The recent emergence of more efficient AI models, such as those from Chinese startup DeepSeek, has intensified these debates.

While Nvidia remains a dominant force in AI hardware, fluctuating investor confidence and broader market concerns have caused turbulence in the company’s stock value.

For more information on these topics, visit diplomacy.edu.