Critical infrastructure

China’s quantum breakthroughs push urgent need for post-quantum security

The global cybersecurity community faces a ticking clock. China’s rapid advances in quantum computing, combined with insufficient global investment in quantum-safe cryptography, have placed Chief Information Security Officers (CISOs) at a critical crossroads.

With an estimated remediation timeline of seven years for most organisations, experts warn that critical systems are already at risk of future quantum attacks.

Quantum computing’s potential is often likened to a ‘Quantum Key’ capable of simultaneously testing every possible lock combination—effectively rendering today’s encryption obsolete.

If realised, such capabilities could expose every encrypted email, financial transaction, and state secret currently thought to be secure.

A 2024 report from the Global Risk Institute estimated a 5–14% chance that RSA-2048 encryption could be broken by 2029, rising to 19–34% by 2034. Those estimates, however, may already be outdated.

In early 2025, Chinese researchers unveiled breakthroughs in photonic quantum chips and a 72-qubit quantum processor named ‘Origin Wukong,’ capable of fine-tuning billion-parameter AI models. Earlier, in October 2024, Chinese scientists published a method for breaking RSA encryption.

With China reportedly investing $10–15 billion in quantum development—vastly outpacing the US, EU, and Microsoft’s combined commitments—there are growing fears that the West is losing the quantum arms race.

The geopolitical consequences of quantum dominance could be immediate and devastating. From unlocking encrypted communications to enabling undetectable weapons systems, a lead in quantum technology may deliver military and economic supremacy

The ‘harvest now, decrypt later’ strategy—where sensitive data is collected now to be decrypted when quantum computing is mature—presents an especially urgent concern for governments, banks, and healthcare providers.

Despite the looming threat, many organisations are underprepared. The long remediation period—estimated at over seven years for full transition—means that even proactive companies are not immune to future breaches.

The National Institute of Standards and Technology (NIST) has recommended the ML-KEM algorithm for post-quantum cryptography, with the HQC algorithm selected as a backup.

In contrast, China launched its own national cryptographic competition (NGCC) in early 2025, signalling distrust of foreign standards and intent to develop domestic alternatives.

To prepare for a post-quantum world, organisations should act now:

  • Conduct discovery: Identify systems reliant on RSA or ECC encryption, and catalogue keys based on risk.
  • Engage vendors: Ask suppliers about their post-quantum transition plans and expected compliance timelines.
  • Build a team: Assemble a multidisciplinary group including cryptography specialists, project managers, architects, and change leaders to lead a 5–7 year remediation program.

The systems most vulnerable to quantum threats include public-key cryptography (RSA, ECC), SSL/TLS protocols, secure messaging platforms, and cryptocurrency infrastructure.

By contrast, legacy and non-networked systems without encryption are generally considered low risk.

While some may compare this to the Y2K scare, there’s a critical difference: Y2K had a known deadline. The quantum threat has no set arrival date.

As with a surprise exam, unpreparedness can be far more dangerous. Still, the transition will likely unfold gradually rather than overnight, giving early movers a significant advantage.

The message is clear: the time to begin migrating to quantum-resistant cryptography is now. The future of national security, economic stability, and digital privacy may well depend on who gets there first.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft bans DeepSeek app for staff use

Microsoft has confirmed it does not allow employees to use the DeepSeek app, citing data security and propaganda concerns.

Speaking at a Senate hearing, company president Brad Smith explained the decision stems from fears that data shared with DeepSeek could end up on Chinese servers and be exposed to state surveillance laws.

Although DeepSeek is open source and widely available, Microsoft has chosen not to list the app in its own store.

Smith warned that DeepSeek’s answers may be influenced by Chinese government censorship and propaganda, and its privacy policy confirms data is stored in China, making it subject to local intelligence regulations.

Interestingly, Microsoft still offers DeepSeek’s R1 model via its Azure cloud service. The company argued this is a different matter, as customers can host the model on their servers instead of relying on DeepSeek’s infrastructure.

Even so, Smith admitted Microsoft had to alter the model to remove ‘harmful side effects,’ although no technical details were provided.

While Microsoft blocks DeepSeek’s app for internal use, it hasn’t imposed a blanket ban on all chatbot competitors. Apps like Perplexity are available in the Windows store, unlike those from Google.

The stance against DeepSeek marks a rare public move by Microsoft as the tech industry navigates rising tensions over AI tools with foreign links.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware Bitcoin addresses exposed

Nearly 60,000 Bitcoin addresses linked to LockBit’s ransomware operations have been exposed following a major breach of the group’s dark web affiliate panel.

The leak, which included a MySQL database dump, was shared publicly online and could assist blockchain analysts in tracing LockBit’s financial activity instead of leaving such transactions untracked.

Despite the scale of the breach, no private keys were leaked. A LockBit representative reportedly confirmed the incident in a message, stating that no sensitive access data was compromised.

However, the exposed database included 20 tables, such as one labelled ‘builds’ that contained details about ransomware created by affiliates and their targeted companies.

Another table, ‘chats,’ revealed over 4,400 messages from negotiations between victims and LockBit operators, offering a rare glimpse into the inner workings of ransomware extortion tactics.

Analysts believe the hack may be connected to a separate breach of the Everest ransomware site, as both featured identical messages, hinting at a possible link.

The incident has again underscored the central role of cryptocurrency in the ransomware economy. Each victim is typically given a unique address for payments, making tracking difficult.

Instead of remaining hidden, these addresses now give law enforcement and blockchain experts a chance to trace payments and potentially link them to previously unidentified actors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AMD faces a $1.5 billion loss from US chip curbs

AMD expects to lose around US$1.5 billion in revenue this year because of new US export restrictions on advanced AI chips, which now require a licence to be sold to China.

The US government, under both the Biden and Trump administrations, has tightened curbs on chip exports in an effort to slow China’s progress in developing powerful AI systems, citing national security risks.

China makes up roughly a quarter of AMD’s total revenue, so these measures could reduce AMD’s expected annual earnings by almost 5 per cent.

Despite this setback, AMD posted stronger-than-expected second-quarter revenue guidance, forecasting around US$7.4 billion, likely driven by customers rushing to stockpile chips before the new rules fully take effect.

CEO Lisa Su said the impact from the curbs would be mostly felt during the second and third quarters, yet she still expects revenue from the company’s AI data centre chips to grow by strong double digits in 2024.

AMD’s finance chief Jean Hu clarified the projected US$1.5 billion revenue loss is tied directly to the latest export controls introduced in April.

Although AMD is under pressure, demand for its high-performance chips remains solid, with tech giants like Microsoft and Meta continuing to invest heavily in AI infrastructure.

The company’s data centre division saw sales jump 57 per cent to US$3.7 billion, helping push total revenue up 36 per cent to US$7.44 billion—both figures exceeding analyst expectations. Adjusted earnings stood at 96 cents per share, slightly above estimates.

Rival chipmaker Nvidia has also warned it now requires a licence to export to China and faces an even larger US$5.5 billion hit.

Meanwhile, other tech firms didn’t fare as well—Marvell Technology and Super Micro disappointed investors, with shares falling after they issued weaker outlooks, adding further signs of turbulence in the chip sector.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers target UK retailers with fake IT calls

British retailers are facing a new wave of cyberattacks as hackers impersonate IT help desk staff to infiltrate company systems. The National Cyber Security Centre (NCSC) has issued an urgent warning following breaches at major firms including Marks & Spencer, Co-op, and Harrods.

Attackers use sophisticated social engineering tactics—posing as locked-out employees or IT support staff—to trick individuals into giving up passwords and security details. The NCSC urges companies to strengthen how their IT help desks verify employee identities, particularly when handling password resets for senior staff.

Security experts in the UK recommend using multi-step verification methods and even code words to confirm identities over the phone. These additional layers are vital, as attackers increasingly exploit trust and human error rather than technical vulnerabilities.

While the NCSC hasn’t named any group officially, the style of attack closely resembles the methods of Scattered Spider, a loosely connected network of young, English-speaking hackers. Known for high-profile cyber incidents—including attacks on Las Vegas casinos and public transport systems—the group often coordinates via platforms like Discord and Telegram.

However, those claiming responsibility for the latest breaches deny links to Scattered Spider, calling themselves ‘DragonForce.’ Speaking to the BBC, the group claimed to have stolen significant customer and employee data from Co-op and hinted at more disruptions in the future.

The NCSC is investigating with law enforcement to determine whether DragonForce is a new player or simply a rebranded identity of the same well-known threat actors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump eases auto tariffs amid industry concerns

President Donald Trump has signed executive orders easing his controversial 25% tariffs on automobiles and parts, aiming to relieve pressure on carmakers struggling with rising costs.

The move follows warnings from manufacturers and analysts that the tariffs could inflate prices, harm domestic production and slow the industry’s recovery. Trump framed the measure as a temporary bridge, allowing automakers time to shift more manufacturing into the US instead of facing harsh penalties.

The changes include a short-term rebate system tied to the proportion of foreign parts used in vehicles assembled domestically. Automakers have been told they’ll have two years of reduced levies, giving them time to reconfigure supply chains and invest in new US-based facilities.

Officials claim announcements on job creation and plant expansion are expected soon, with companies like Stellantis, Ford, and GM praising the policy shift as a step toward competitiveness rather than an immediate fix.

However, some experts warn that the industry needs stability instead of unpredictable policy swings. They argue that relocating production takes years and billions in investment, not mere months.

With vehicle prices already high and supply chains stretched, economists question whether the tariff adjustments can offset the broader economic risks posed by Trump’s wider trade strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

4chan returns after major cyberattack

After suffering what it called a ‘catastrophic’ cyberattack earlier this month, controversial image board 4chan has returned online, admitting its systems were breached through outdated software.

The attacker, reportedly using a UK-based IP address, gained entry by uploading a malicious PDF, allowing access to 4chan’s database and administrative dashboard. The intruder exfiltrated source code and sensitive data before vandalising the site, which led to its temporary shutdown on 14 April.

Although 4chan avoided directly naming the software vulnerability, it indirectly confirmed suspicions that a severely outdated backend—possibly an old version of PHP—was at fault. The site confessed that slow progress in updating its infrastructure resulted from a chronic lack of funds and technical support.

It blamed years of financial instability on advertisers, payment processors, and providers pulling away under external pressure, leaving it dependent on second-hand hardware and a stretched, largely volunteer development team.

Despite purchasing new servers in mid-2024, the transition was slow and incomplete, meaning key services still ran on legacy equipment when the breach occurred. Following the attack, 4chan replaced the compromised server and implemented necessary software updates.

PDF uploads have been suspended, and the Flash board permanently closed due to the difficulty in preventing similar exploits through .swf files.

Now relying on volunteer tech workers to support its recovery efforts, the site insists it won’t be shut down. ‘4chan is back,’ it declared, claiming no other site could replace its unique community, despite long-standing criticism over its content and lax moderation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Apple to shift US iPhone assembly to India by 2025

Apple is preparing to assemble all iPhones sold inside the US in India by next year, aiming to produce over 60 million units annually in the country by 2026.

The move comes in response to mounting geopolitical tensions and renewed tariff threats under former President Donald Trump’s trade agenda, which once imposed duties as high as 145% on Chinese imports.

The decision marks a major shift in Apple’s supply chain strategy, which has long depended on China. By doubling production in India, Apple hopes to reduce its exposure to trade-related risks instead of relying on short-term tariff exemptions.

Foxconn’s plant in Tamil Nadu and Tata Electronics are leading the effort, with support from India’s government through manufacturing incentives and subsidies.

While Apple remains dependent on Chinese suppliers for many components, shifting final assembly to India reflects growing urgency. Trump-era tariffs triggered a $700 billion market loss for the company in early 2024, prompting Apple to act swiftly instead of waiting for further shocks.

Around 20% of all iPhones are now made in India, a figure expected to rise sharply in the coming years.

Although challenges remain, such as the complexity of relocating the broader supply chain, analysts believe the shift is crucial for Apple’s long-term growth.

With US production capacity lacking the scale and workforce needed, India presents a more viable solution to ensure continued momentum and price stability in Apple’s most important market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump’s first 100 days show steady tech policy

In his blog post ‘Tech continuity in President Trump’s first 100 days,’ Jovan Kurbalija highlights that Trump’s approach to technology remained remarkably stable despite political turbulence in trade and environmental policy. Out of 139 executive orders, only nine directly addressed tech issues, focusing mainly on digital finance, AI leadership, and cybersecurity, reflecting a longstanding US tradition of business-centric tech governance.

Trump’s administration reinforced the idea of letting the tech sector evolve without heavy regulatory interference, even as international players like the EU pushed for stronger digital sovereignty measures. Content moderation policies saw a significant shift, notably with an executive order to curb federal involvement in online censorship, aligning with moves by platforms like Meta and X (formerly Twitter) toward deregulation.

Meanwhile, the prolonged TikTok saga underlined the growing intersection of tech and geopolitics, with ByteDance receiving a deadline extension to sell its US operations amid rising tensions with China. In AI policy, Trump steered away from Biden-era safety concerns, favouring economic competitiveness and educational reforms to strengthen American AI leadership, while public consultations revealed a broad range of industry perspectives.

Kurbalija also noted the administration’s steady hand in cybersecurity, focusing on technical infrastructure while minimising concern over misinformation, and in digital economy matters, where new tariffs and the removal of the de minimis import exemption pointed toward a potentially fragmented global internet. In the cryptocurrency sector, Trump adopted a crypto-friendly stance by creating a Strategic Bitcoin Reserve and easing previous regulatory constraints, though these bold moves sparked fears of financial volatility.

Despite these tactical shifts, Kurbalija concludes that Trump’s overarching tech policy remains one of continuity, firmly rooted in supporting private innovation while navigating increasingly strained global digital relations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

IBM commits $150 billion to US tech

IBM has announced a major investment plan worth $150 billion over the next five years to solidify its role as a global leader in advanced computing and quantum technologies.

The move also aims to support US economic growth by expanding local innovation and manufacturing, instead of relying heavily on overseas operations.

Over $30 billion of the funding will be directed towards research and development, helping IBM advance in areas such as mainframe and quantum computer production.

According to CEO Arvind Krishna, this commitment ensures that IBM remains the core hub of the world’s most sophisticated computing and AI capabilities. The company already operates the largest fleet of quantum computing systems and intends to continue building them in the US.

The announcement comes amid a wider shift among major tech firms investing heavily in US-based infrastructure.

Companies like Nvidia and Apple have each pledged massive sums—Nvidia alone is preparing to invest up to $500 billion—in response to President Donald Trump’s call for greater domestic manufacturing through policies like reciprocal tariffs.

By focusing investment at home instead of abroad, IBM joins a growing list of tech leaders aligning with government efforts to revitalise American industry while maintaining their global competitiveness in AI and next-generation computing.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!