Consumer protection

Meta sues AI firm over fake nude images created without consent

Meta has filed a lawsuit against Joy Timeline HK Ltd in Hong Kong, accusing the firm of using its platforms to promote a generative AI app called CrushAI.

The app allows users to digitally strip clothes from images of people, often without consent. Meta said the company repeatedly attempted to bypass ad review systems to push harmful content, advertising phrases like ‘see anyone naked’ on Facebook and Instagram.

The lawsuit follows Meta’s broader investigation into ‘nudity’ apps, which are increasingly being used to create sexualised deepfakes. Despite bans on nonconsensual explicit content, the company said such apps evade detection by disguising ads or rotating domain names after bans.

According to research by Cornell Tech, over 8,000 ads linked to CrushAI appeared on Meta platforms in recent months. Meta responded by updating its detection systems with a broader range of flagged terms and emojis.

While many of the manipulated images target celebrities, concerns are growing about the use of such technology to exploit minors. In one case in Florida, two teenagers used similar AI tools to create sexualised images of classmates.

The issue has sparked legal action in the US, where the Take It Down Act, signed into law earlier this year, criminalises the publication of nonconsensual deepfake imagery and simplifies removal processes for victims.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto conferences face rising phishing risks

Crypto events have grown rapidly worldwide in recent years. Unfortunately, this expansion has led to an increase in scams targeting attendees, according to Kraken’s chief security officer, Nick Percoco.

Recent conferences have seen lax personal security, with exposed devices and careless sharing of sensitive information. These lapses make it easier for criminals to launch phishing campaigns and impersonation attacks.

Phishing remains the top threat at these events, exploiting typical conference activities such as QR code scanning and networking. Attackers distribute malicious links disguised as legitimate follow-ups, allowing them to gain access to wallets and sensitive data with minimal technical skill.

Use of public Wi-Fi, unverified QR codes, and openly discussing high-value trades in public areas further increase risks. Attendees are urged to use burner wallets and verify every QR code carefully.

The dangers have become very real, highlighted by violent crimes in France, where prominent crypto professionals were targeted in kidnappings and ransom demands. These incidents show that risks are no longer confined to the digital world.

Basic security mistakes such as leaving devices unlocked or oversharing personal information can have severe consequences. Experts call for a stronger security culture at events and beyond, including multi-factor authentication, cautious password management, and heightened situational awareness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta and TikTok contest the EU’s compliance charges

Meta and TikTok have taken their fight against an the EU supervisory fee to Europe’s second-highest court, arguing that the charges are disproportionate and based on flawed calculations.

The fee, introduced under the Digital Services Act (DSA), requires major online platforms to pay 0.05% of their annual global net income to cover the European Commission’s oversight costs.

Meta questioned the Commission’s methodology, claiming the levy was based on the entire group’s revenue instead of the specific EU-based subsidiary.

The company’s lawyer told judges it still lacked clarity on how the fee was calculated, describing the process as opaque and inconsistent with the spirit of the law.

TikTok also criticised the charge, alleging inaccurate and discriminatory data inflated its payment.

Its legal team argued that user numbers were double-counted when people switched between devices. The Commission had wrongly calculated fees based on group profits rather than platform-specific earnings.

The Commission defended its approach, saying group resources should bear the cost when consolidated accounts are used. A ruling is expected from the General Court sometime next year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools are not enough without basic cybersecurity

At London Tech Week, Darktrace and UK officials warned that many firms are over-relying on AI tools while failing to implement basic cybersecurity practices.

Despite the hype around AI, essential measures like user access control and system segmentation remain missing in many organisations.

Cybercriminals are already exploiting AI to automate phishing and accelerate intrusions in the UK, while outdated infrastructure and short-term thinking leave companies vulnerable.

Boards often struggle to assess AI tools properly, buying into trends rather than addressing real threats.

Experts stressed that AI is not a silver bullet and must be used alongside human expertise and solid security foundations.

Domain-specific AI models, built with transparency and interpretability, are needed to avoid the dangers of overconfidence and misapplication in high-risk areas.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI must protect dignity, say US bishops

The US Conference of Catholic Bishops has urged Congress to centre AI policy on human dignity and the common good.

Their message outlines moral principles rather than technical guidance, warning against misuse of technology that may erode truth, justice, or the protection of the vulnerable.

The bishops caution against letting AI replace human moral judgement, especially in sensitive areas like family life, work, and warfare. They express concern about AI deepening inequality and harming those already marginalised without strict oversight.

Their call includes demands for greater transparency, regulation of autonomous weapons, and stronger protections for children and workers in the US.

Rooted in Catholic social teaching, the letter frames AI not as a neutral innovation but as a force that must serve people, not displace them.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Guardz doubles down on SMB protection with $56M funding boost

Cybersecurity startup Guardz has secured $56 million in Series B funding to expand its AI-native platform designed for managed service providers (MSPs).

The round was led by ClearSky, with backing from Phoenix Financial, Glilot Capital Partners, SentinelOne, Hanaco Ventures, and others, bringing the company’s total funding to $84 million in just over two years.

Since emerging from stealth in early 2023, Guardz has built a global presence, partnering with hundreds of MSPs to secure thousands of small and mid-sized businesses.

With the new capital, the company aims to accelerate go-to-market efforts and enhance its platform with more automation, compliance tools, and cyber insurance capabilities.

The Guardz platform integrates threat protection across identities, email, endpoints, cloud, and data into a single engine. Combining AI-driven automation with human-led Managed Detection and Response (MDR), it provides 24/7 monitoring and rapid response to threats.

Seamless integrations with Microsoft 365 and Google Workspace allow MSPs to pre-emptively detect suspicious activity and respond in real time.

‘Our goal is to empower MSPs with enterprise-grade security tools to protect the global economy’s most vulnerable targets — small and mid-sized businesses,’ said Guardz CEO and co-founder Dor Eisner. ‘This funding allows us to further that mission and help businesses thrive in a secure environment.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Massive leak exposes data of millions in China

Cybersecurity researchers have uncovered a brief but significant leak of over 600 gigabytes of data, exposing information on millions of Chinese citizens.

The haul, containing WeChat, Alipay, banking, and residential records, is part of a centralised system, possibly aimed at large-scale surveillance instead of a random data breach.

According to research from Cybernews and cybersecurity consultant Bob Diachenko, the data was likely used to build individuals’ detailed behavioural, social and economic profiles.

They warned the information could be exploited for phishing, fraud, blackmail or even disinformation campaigns instead of remaining dormant. Although only 16 datasets were reviewed before the database vanished, they indicated a highly organised and purposeful collection effort.

The source of the leak remains unknown, but the scale and nature of the data suggest it may involve government-linked or state-backed entities rather than lone hackers.

The exposed information could allow malicious actors to track residence locations, financial activity and personal identifiers, placing millions at risk instead of keeping their lives private and secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital Social Security cards coming this summer

The US Social Security Administration is launching digital access to Social Security numbers in the summer of 2025 through its ‘My Social Security’ portal. The initiative aims to improve convenience, reduce physical card replacement delays, and protect against identity theft.

The digital rollout responds to the challenges of outdated paper cards, rising fraud risks, and growing demand for remote access to US government services. Cybersecurity experts also recommend using VPNs, antivirus software, and identity monitoring services to guard against phishing scams and data breaches.

While it promises faster and more secure access, experts urge users to bolster account protection through strong passwords, two-factor authentication, and avoidance of public Wi-Fi when accessing sensitive data.

Users should regularly check their credit reports and SSA records and consider requesting an IRS PIN to prevent tax-related fraud. The SSA says this move will make Social Security more efficient without compromising safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta boosts AGI efforts with new team

Mark Zuckerberg, Meta Platforms CEO, is reportedly building a new team dedicated to achieving artificial general intelligence (AGI), aiming for machines that can match or exceed human intellect.

The initiative is linked to an investment exceeding $10 billion in Scale AI, whose founder, Alexandr Wang, is expected to join the AGI group. Meta has not yet commented on these reports.

Zuckerberg’s personal involvement in recruiting around 50 experts, including a new head of AI research, is partly driven by dissatisfaction with Meta’s recent large language model, Llama 4. Last month, Meta even delayed the release of its flagship ‘Behemoth’ AI model due to internal concerns about its performance.

The move signals an intensifying race in the AI sector, as rivals like OpenAI are also making strategic adjustments to attract further investment in their pursuit of AGI. This highlights a clear push by major tech players towards developing more advanced and capable AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Growing push in Europe to regulate children’s social media use

Several European countries, led by Denmark, France, and Greece, are intensifying efforts to shield children from the potentially harmful effects of social media. With Denmark taking over the EU Council presidency from July, its Digital Minister, Caroline Stage Olsen, has made clear that her country will push for a ban on social media for children under 15.

Olsen criticises current platforms for failing to remove illegal content and relying on addictive features that encourage prolonged use. She also warned that platforms prioritise profit and data harvesting over the well-being of young users.

That initiative builds on growing concern across the EU about the mental and physical toll social media may take on children, including the spread of dangerous content, disinformation, cyberbullying, and unrealistic body image standards. France, for instance, has already passed legislation requiring parental consent for users under 15 and is pressing platforms to verify users’ ages more rigorously.

While the European Commission has issued draft guidelines to improve online safety for minors, such as making children’s accounts private by default, some countries are calling for tougher enforcement under the EU’s Digital Services Act. Despite these moves, there is currently no consensus across the EU for an outright ban.

Cultural differences and practical hurdles, like implementing consistent age verification, remain significant challenges. Still, proposals are underway to introduce a unified age of digital adulthood and a continent-wide age verification application, possibly even embedded into devices, to limit access by minors.

Olsen and her allies remain adamant, planning to dedicate the October summit of the EU digital ministers entirely to the issue of child online safety. They are also looking to future legislation, like the Digital Fairness Act, to enforce stricter consumer protection standards that explicitly account for minors. Meanwhile, age verification and parental controls are seen as crucial first steps toward limiting children’s exposure to addictive and damaging online environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!