Cybercrime

EuroDIG 2026 debate strengthens Council of Europe digital governance push

The Council of Europe participated in EuroDIG 2026 in Brussels, contributing to discussions on digital governance, democracy, trustworthy AI, platform accountability, and the digital public sphere.

The European Dialogue on Internet Governance took place on 26 and 27 May, bringing together governments, businesses, civil society, academia, the technical community, and other stakeholders to exchange views on internet governance.

The Council of Europe participated under its New Democratic Pact for Europe, a year-long consultation focused on democratic backsliding and digital governance. The consultation covers issues including AI, data protection, media and information society, cybercrime, online discrimination and gender-based violence, digitalisation of justice, legal education, internet governance, and youth participation.

At the opening session, Claudia Luciani, Director of the Congress of Local and Regional Authorities, said democratic safeguards are critical for the integrity and functioning of Europe’s digital public sphere. She highlighted risks linked to disinformation, information bubbles, and foreign interference and manipulation campaigns.

The Council of Europe also co-organised a debate on trustworthy AI in public services, focusing on transparency, accountability, explainability, and crisis-resilient communication when automated decision-making and AI systems are used in public administration.

Another Council of Europe co-organised session addressed platform accountability and the need to strengthen the digital public sphere. Participants discussed how engagement-driven platform design, generative AI, and synthetic media can contribute to disinformation, hate speech, and other harms, and how governance frameworks could empower users as active citizens.

The Council of Europe’s European Commission for the Efficiency of Justice and its HELP programme also organised a session on how the use of AI in justice systems is changing legal professionals’ training needs.

EuroDIG 2026 was hosted by EURid, the .eu domain name registry, and supported by the European Commission.

The event was held under the theme ‘European voices for the future of the internet – celebrating 20 years of .eu and the beginning of a new internet governance era’.

Why does it matter?

The Council of Europe’s participation in EuroDIG shows how digital governance is being folded into broader debates on democratic resilience. Its focus on trustworthy AI in public services, platform accountability, synthetic media, online discrimination, and AI in justice systems reflects a broader policy shift: digital governance is increasingly treated as part of Europe’s democracy, human rights, and rule-of-law agenda, rather than solely as a technology issue.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia warns of serious frontier AI cyber risks

The Australian Government has issued a policy advisory urging Commonwealth entities to strengthen cybersecurity readiness for the frontier AI era.

Issued under the Protective Security Policy Framework, the advisory warns that frontier AI creates a dual-use challenge because advanced AI models can strengthen cyber defence while also being used by malicious actors to conduct cyber activities faster, cheaper, and at greater scale.

The Department of Home Affairs said frontier AI increases the risks posed by known vulnerabilities, legacy systems, and weak cyber hygiene, creating what it calls a ‘vulnerability storm’ for government entities.

The document says Australian Government entities do not need access to the most advanced frontier AI models to stay protected. Instead, effective readiness depends on applying existing cybersecurity mitigations and practices, including guidance from the Australian Signals Directorate and requirements under the Protective Security Policy Framework.

Commonwealth entities are told to prioritise compliance with the PSPF, Information Security Manual, and Essential Eight, confirm executive accountability for cybersecurity risk management, engage with ASD and Home Affairs guidance, and identify and remediate material gaps that AI-enabled threat actors could exploit.

The advisory also highlights requirements covering internet-facing systems, secure procurement and supply chains, attack surface reduction, patching, legacy technologies, zero-trust principles, gateway security, ASD’s Cyber Security Partnership Program, and the application of the Information Security Manual.

An annex from ASD says frontier AI is collapsing exploit timelines from days to hours and urges organisations to ‘lock down the fundamentals now’. It outlines actions to secure systems, reduce vulnerabilities, replace or isolate legacy IT, prepare for incidents, adopt AI for cyber defence, and modernise systems using secure-by-design and secure-by-default principles.

The advisory is aimed at accountable authorities, chief security officers, chief information security officers, procurement officers, and entity personnel.

Why does it matter?

The advisory frames frontier AI as an accelerant for existing cybersecurity weaknesses rather than a wholly new category of risk. Australia’s message to government entities is that AI-enabled threats make basic cyber hygiene more urgent: patching, reducing attack surfaces, managing legacy systems, securing supply chains, and preparing incident response plans. It also shows how governments are beginning to translate frontier AI risk into operational security requirements for public-sector organisations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Zealand Privacy Commissioner finds Manage My Health and Health NZ breached Privacy Act

New Zealand Privacy Commissioner Michael Webster has released the findings of Phase 1 of his inquiry into the December 2025 Manage My Health cyber incident, in which sensitive patient information was accessed, stolen, and offered for sale.

The first phase of the inquiry focused on the causes of the breach and accountability. The Commissioner found that both Manage My Health and Health NZ breached Rule 5 of the Health Information Privacy Code by failing to ensure reasonable security safeguards for patient information.

The breach affected nearly 100,000 people and caused serious anxiety and distress for many of those impacted. Around 91% of affected patients were based in Northland, with the Commissioner noting that many were likely to be Māori.

The investigation found that a single failure did not cause the breach, but it was a combination of security weaknesses. Manage My Health had gaps in technical safeguards, lacked systems to detect large-scale access to information, and raised concerns about the quality of its security design and risk management practices.

Health NZ was criticised for not doing enough to ensure that Northland hospital patients’ information would be kept safe before arranging to share it through the Manage My Health portal. The inquiry found that the project team lacked specialist privacy and security expertise, relied too heavily on information from Manage My Health, used poor-quality internal privacy risk assessments, and operated under a contract that was not fit for purpose.

The Commissioner said he intends to issue compliance notices requiring both organisations to complete the remaining necessary work and to demonstrate that their security controls are effective in preventing similar incidents. He also recommended that the Ministry of Health establish a process for verifying and ensuring that patient portals meet health-sector security standards.

A second phase of the inquiry will examine the broader impacts of the breach, including patient authorisation, information provided to patients, retention and deletion practices, breach communications, notification compliance, and whether the incident had a disproportionate impact on any group, particularly Northland Māori.

Why does it matter?

The findings show how privacy and cybersecurity failures in health portals can create large-scale risks when sensitive patient data is shared through third-party systems. The case also raises a wider governance issue for digital health: agencies cannot rely only on vendor assurances when transferring large volumes of health information. Independent security assessment, privacy-by-design, effective contracts, and ongoing monitoring are becoming essential safeguards for digital health infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU and Mexico strengthen cooperation against crypto-related money laundering

Mexico and the European Union have agreed to expand cooperation on addressing money laundering involving cryptocurrencies and digital assets. The announcement was made during the 8th EU-Mexico summit, where both sides also advanced discussions on a modernised trade agreement.

Officials highlighted concerns regarding the use of digital assets in cross-border illicit financial activities linked to organised crime. The discussions focused on improving coordination related to identifying and disrupting suspected illicit financial flows.

The cooperation forms part of broader EU-Mexico engagement covering trade, investment, security, and digital policy. Both parties said they intend to continue dialogue and cooperation on evolving financial crime risks linked to the digital economy.

Why does it matter? 

The agreement reflects a broader shift towards coordinated international enforcement against crypto-enabled financial crime, where illicit flows are increasingly moving across multiple jurisdictions with limited friction.

Strengthened cooperation between major regions like the EU and Mexico is intended to reduce enforcement gaps that criminal networks have been able to exploit.

It also signals how digital assets are becoming a central focus in global security and trade diplomacy, not just financial regulation. By linking anti-money laundering efforts with wider economic and strategic agreements, both sides are treating crypto-related crime as part of the broader challenge of safeguarding the integrity of the digital financial system.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

United Kingdom and Australia tighten alliance on AI security risks

The United Kingdom and Australia are deepening cooperation on AI security through a new partnership between the UK AI Security Institute and the Australian AI Safety Institute.

Under a Memorandum of Understanding, the two institutes will share information on frontier AI capabilities, collaborate on AI evaluation practices and exchange research findings. The UK government said the partnership will focus partly on how advanced AI systems could be used in cyberattacks, as well as how they can strengthen defensive capabilities.

The agreement will also support staff exchanges between the two institutes, strengthening day-to-day collaboration. UK officials said the partnership reflects the need for trusted international cooperation as AI systems evolve quickly and create new security and safety risks.

The UK’s AI Minister Kanishka Narayan is expected to sign the agreement with Australia’s Assistant Minister for Science, Technology and the Digital Economy, Andrew Charlton, during a meeting in Canberra. Narayan said no country can address fast-moving AI risks alone, particularly in cybersecurity.

The announcement follows research from the UK AI Security Institute showing that advanced AI systems are rapidly improving their ability to carry out complex cyberattacks, creating opportunities for both attackers and defenders. The UK said the institute’s frontier AI research continues to inform policymaking to protect businesses, critical infrastructure, and the public.

Why does it matter?

The partnership shows how AI security is becoming a matter of international coordination, especially as frontier models develop stronger cyber capabilities. By sharing research, evaluation methods and staff expertise, the UK and Australia are trying to reduce blind spots in oversight and develop more consistent approaches to testing fast-moving AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Europol concludes major operation targeting criminal assets and crypto laundering

Europol has concluded the third operational phase of Project A.S.S.E.T., an international initiative focused on criminal asset tracing and money laundering investigations.

The operational phase took place between 19 and 22 May 2026 at Europol headquarters in The Hague and involved law enforcement agencies from 31 countries. More than 40 law enforcement agencies participated, including Asset Recovery Offices, Financial Intelligence Units, and specialised anti-money laundering teams from 31 countries.

The initiative also involved cooperation with Eurojust, INTERPOL, the European Public Prosecutor’s Office, and private-sector financial and cryptocurrency partners.

According to Europol, investigators identified bank accounts, cryptocurrency wallets, companies, vehicles, and real estate assets allegedly linked to criminal activities. Authorities additionally located two suspected criminals, with one arrested through the European Network of Fugitive Active Search Teams.

Europol said the operation generated intelligence related to emerging money laundering techniques and cross-border financial structures associated with organised crime networks. Investigators also reported identifying operational patterns involving cryptocurrencies and international asset concealment practices.

The operation followed an earlier cryptocurrency-focused enforcement phase conducted in October 2025.

European Commissioner for Internal Affairs and Migration Magnus Brunner said online fraud and crypto-related crime have become increasingly significant revenue sources for organised criminal groups. Europol officials additionally emphasised that international cooperation and financial intelligence increasingly play a central role in disrupting organised crime ecosystems and recovering illicit proceeds.

Europol said investigations are ongoing and that the full value of identified assets remains under assessment. Follow-up investigations are continuing across participating jurisdictions.

Why does it matter?

The operation reflects growing international focus on financial intelligence, cryptocurrency tracing, and cross-border asset recovery as organised crime groups increasingly rely on digital financial infrastructures. Furthermore, it demonstrates how law enforcement agencies and private-sector financial actors are strengthening cooperation to combat money laundering, online fraud, and illicit cryptocurrency operations across multiple jurisdictions simultaneously.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

CNIL reports record complaints and data breaches

The French data protection authority CNIL reported a record year in 2025 for complaints, fines and data breach notifications, while preparing for new responsibilities under the EU AI Act.

CNIL received 20,150 complaints in 2025, up 10% from 2024. The complaints covered issues linked to work, commerce, real estate, social networks and data breaches, with around 1,900 complaints directly concerning breaches.

The authority also received 6,167 data breach notifications, an increase of 9.5% from 2024. Hacking accounted for one in two reported incidents, while cybersecurity failures represented one-third of investigations and nearly 30% of sanctions.

In total, CNIL carried out 323 investigations and issued 259 corrective measures, including 83 sanctions worth nearly €487 million. Two major sanctions accounted for a large share of the total, while the simplified procedure introduced in 2022 allowed faster action in less complex cases.

Cybersecurity will become an even bigger enforcement focus in 2026, with CNIL planning to devote 50% of its controls and enforcement actions to data security. Checks will focus on organisations affected by breaches, those subject to complaints and sectors processing large volumes of sensitive or highly personal data.

The report also highlights CNIL’s role in supporting professionals and public authorities. In 2025, it processed 539 health authorisation applications, handled 1,351 professional advice requests, delivered 90 opinions on draft laws or regulatory texts and launched seven public consultations.

On AI, CNIL is already designated to monitor prohibited uses under the EU AI Act and is expected to become the market surveillance authority for certain high-risk AI systems, including in biometrics, migration, law enforcement, employment and education.

The authority also published AI resources for designers and developers, developed a traceability tool for open-source AI models and joined the PANAME project with ANSSI, Inria and PEReN to test whether AI models process personal data.

Why does it matter?

CNIL’s annual report shows how data protection enforcement is increasingly shaped by cybersecurity and AI. Record breach notifications and complaints point to growing pressure on organisations to secure personal data, while CNIL’s future AI Act responsibilities place the authority at the centre of France’s oversight of prohibited and high-risk AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Myanmar proposes Anti-Online Fraud Bill targeting digital currency scams

Myanmar’s military-backed authorities have proposed a new Anti-Online Fraud Bill to tackle digital currency scams and online fraud networks operating in the country.

The draft legislation would introduce severe penalties for offences linked to online fraud and ‘digital currency fraud’. Reports citing the text say those convicted could face prison sentences ranging from 10 years to life imprisonment.

The bill also proposes the death penalty in the most serious cases involving online scam centres, particularly where people are unlawfully detained, violently coerced or forced into scam operations. AFP, cited by Malay Mail, reported that the proposed penalty would apply to those who detain or violently coerce victims into working in online scam centres.

The proposal reflects growing pressure on Myanmar over large scam compounds where trafficked people have reportedly been forced into online fraud schemes, including romance and cryptocurrency scams. International scrutiny has intensified as cyber-fraud networks across Southeast Asia continue to target victims globally.

Myanmar’s authorities have presented online fraud and online gambling as national security concerns. State media has previously reported crackdowns, deportations and plans for a national anti-scam centre, while also describing telecom fraud and online gambling as threats requiring stronger enforcement.

The bill comes amid wider regional action against transnational scam networks. China has pursued criminal cases linked to Myanmar-based fraud syndicates, while international organisations and law enforcement agencies have warned that online scam compounds combine cybercrime, financial fraud and human trafficking.

Why does it matter?

The proposed bill shows how governments are escalating responses to transnational online fraud networks, particularly where crypto scams overlap with human trafficking and forced labour in scam compounds. Myanmar’s approach would mark a shift towards extreme punitive measures, raising both enforcement and human rights concerns, while highlighting how digital fraud has become a cross-border security issue involving organised crime, financial losses and exploitation of vulnerable people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Claude Mythos AI model triggers global cyber risk review

Anthropic’s Claude Mythos Preview has drawn attention from financial regulators after the UK AI Security Institute found a notable increase in the model’s cybersecurity capabilities, including stronger performance on multi-step cyber-attack simulations.

AISI said earlier that its evaluation found continued improvement in capture-the-flag challenges and significant improvement in multi-step cyber-attack simulations. The institute said Mythos completed a previously unsolved 32-step simulated corporate network attack, marking the first time one of its tested models had completed that scenario.

Anthropic has also published its own technical assessment of Claude Mythos Preview, describing the model as a general-purpose system with advanced cybersecurity capabilities. The company has limited access to the model, reflecting concerns about the dual-use nature of systems that can support vulnerability discovery and cyber operations.

According to media reports, Anthropic is expected to brief the Financial Stability Board on the cybersecurity implications of Claude Mythos, as regulators examine whether frontier AI models could create new risks for banks and other financial institutions. The reports said the model has not been made publicly available because of concerns that its capabilities could be misused.

The scrutiny comes as financial authorities pay closer attention to the links between AI, cyber resilience and systemic risk. Advanced AI models support defenders by helping identify vulnerabilities and improve security testing, but similar capabilities could also lower the cost and complexity of offensive cyber activity.

Some experts have cautioned against treating Mythos as a wholly new category of threat, arguing that it amplifies existing cyber risks rather than replacing them. Weak authentication, unpatched systems and poor cyber hygiene remain central causes of breaches, making baseline resilience and governance critical as AI capabilities advance.

Why does it matter?

Claude Mythos shows how frontier AI models can become dual-use infrastructure: useful for strengthening cyber defence, but potentially risky if similar capabilities are misused. For financial institutions, the issue is systemic. If advanced models can accelerate vulnerability discovery or cyber operations across interconnected organisations, regulators may need to treat AI model oversight as part of financial stability and cyber resilience planning.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Interpol warns AI is increasing scale and accessibility of cybercrime

Interpol said AI tools are changing cybercrime operations by lowering technical barriers and enabling broader use of online fraud techniques. Interpol Cybercrime Director Neal Jetton said AI tools, including chatbots and automated phishing services, can enable individuals with limited technical expertise to conduct online scams.

According to Interpol, phishing-as-a-service models and AI-generated content are contributing to more scalable fraud campaigns.

Interpol said organised criminal groups are increasingly using outsourced technical services and AI-supported tools in cyber-enabled fraud operations. Law enforcement officials said AI-enabled fraud may increase the scale and profitability of some cybercrime activities.

Interpol said international law enforcement cooperation is expanding in response to cross-border fraud networks and evolving cyber threats. Authorities are focusing on disrupting cross-border fraud infrastructure and strengthening national cyber capabilities as AI-driven threats continue to evolve.

Why does it matter?

AI is effectively industrialising cybercrime by reducing the skill threshold required to execute sophisticated fraud at scale. That shift expands the pool of potential attackers and increases the speed, volume, and personalisation of scams, placing sustained pressure on digital trust in financial, governmental, and communication systems.

At the same time, it forces law enforcement and cybersecurity frameworks to adapt from reactive investigation models to more proactive, intelligence-led, and cross-border coordination mechanisms to keep pace with rapidly evolving threat capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Diplo chatbot can make mistakes. Consider checking important information.