Critical infrastructure

Europol dismantles cybercriminal VPN linked to ransomware investigations

Europol has announced that international law enforcement agencies dismantled the cybercriminal VPN platform known as First VPN during a coordinated operation targeting ransomware infrastructure and wider cybercrime networks.

The operation, led by authorities in France and the Netherlands with support from Eurojust, targeted infrastructure allegedly used by cybercriminals to conceal ransomware attacks, fraud, data theft and other illegal online activities.

Europol described the service as deeply embedded in the cybercrime ecosystem and said it had featured in almost every major Europol-supported cybercrime investigation over the past few years. The platform was allegedly promoted as an anonymity service for criminal use, offering anonymous payments, concealed infrastructure and tools intended to help users evade law enforcement detection.

Coordinated action days took place on 19 and 20 May, during which authorities dismantled 33 servers connected to the service and shut down associated domain names. Investigators also interviewed the alleged administrator in Ukraine and carried out a residential search linked to the operation.

According to Europol, investigators gained access to the platform’s infrastructure and user database during the investigation, which began in December 2021. The agency said the data helped identify users allegedly connected to ransomware campaigns, fraud schemes and other cybercrime operations across several jurisdictions.

Intelligence generated through the operation led to 83 intelligence packages being distributed internationally, information linked to 506 users being shared with partner agencies, and 21 Europol-supported investigations advancing through newly obtained evidence.

The operation also received support from cybersecurity company Bitdefender, while a joint investigation team coordinated by Eurojust facilitated judicial cooperation and evidence sharing among participating countries.

Why does it matter?

The takedown shows how law enforcement is increasingly targeting the infrastructure that enables cybercrime, not only the attackers themselves. VPN services marketed for criminal use can help ransomware actors and fraud networks hide their identity, route attacks and evade detection. By dismantling First VPN and obtaining user data, investigators can disrupt multiple cybercrime operations at once and strengthen ongoing ransomware investigations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Switzerland advances National Cyberstrategy implementation

Switzerland has reported progress in implementing its National Cyberstrategy, with more than 90 projects underway and new measures addressing the role of AI in cybersecurity.

The Federal Council was informed of the 2025 implementation report. The implementation report was prepared by the National Cyberstrategy Steering Committee together with the National Cyber Security Centre. The report tracks work across five objectives:

  • Empowering the public
  • Securing digital services and critical infrastructure
  • Managing cyberattacks
  • Combating cybercrime
  • Strengthening international cooperation

The report identifies AI as an important area influencing both cybersecurity risks and defensive capabilities. The report describes measures related to AI-assisted cyber threats, AI-supported cyberdefence, research projects, and public awareness activities.

The report also refers to regulatory safeguards linked to Switzerland’s ratification of the Council of Europe Convention on AI. The report frames those steps as part of a broader response to the growing importance of AI in cybersecurity.

According to the report, the National Cyber Security Centre has received 222 reports since mandatory reporting requirements for cyberattacks on critical infrastructure entered into force in April 2025. Authorities say the reports improve national cyber situational awareness and support coordinated responses to threats.

The report also highlights developments involving sector-specific cybersecurity centres, information-sharing initiatives, and vulnerability management programmes. Switzerland also continued its federal bug bounty programme and other vulnerability management initiatives.

Capacity-building programmes include the Cyber-Defence Campus Fellowship, the Cyber Startup Challenge, and the national S-U-P-E-R.ch awareness campaign. The report also notes information-sharing work through Cyber-CASE, Cyber-STRAT, and NEDIK to support faster handling of digital crimes.

International activities included participation in cyber diplomacy and capacity-building initiatives linked to Geneva Cyber Week and UN and OSCE processes.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Financial institutions increase cyber defences following AI security findings

Banking institutions across the United States, Europe, and Japan are strengthening cybersecurity measures following the identification of new vulnerabilities through AI-assisted security analysis tools. The findings have increased discussion around how AI may affect cyber risks across financial infrastructure.

Security teams are reviewing legacy system vulnerabilities and accelerating remediation efforts, according to sector reports. Smaller institutions are relying on intelligence shared by larger banks, while regulators warn that inaction increases exposure to coordinated cyberattacks.

International financial organisations, including the International Monetary Fund, have highlighted potential risks linked to evolving AI-enabled cyber threats.

Recent incidents involving platform breaches, supply-chain compromises, and AI-related exploit techniques have contributed to broader cybersecurity concerns across sectors.

Cybersecurity specialists said defence strategies increasingly rely on coordinated intelligence-sharing and AI-supported security systems.

Why does it matter?

AI is accelerating both the discovery of system weaknesses and the sophistication of cyberattacks, increasing systemic risk across interconnected financial infrastructure. As banking becomes more digitally dependent, cybersecurity shifts into a core stability concern for global financial governance and market resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Claude Mythos AI model triggers global cyber risk review

Anthropic’s Claude Mythos Preview has drawn attention from financial regulators after the UK AI Security Institute found a notable increase in the model’s cybersecurity capabilities, including stronger performance on multi-step cyber-attack simulations.

AISI said earlier that its evaluation found continued improvement in capture-the-flag challenges and significant improvement in multi-step cyber-attack simulations. The institute said Mythos completed a previously unsolved 32-step simulated corporate network attack, marking the first time one of its tested models had completed that scenario.

Anthropic has also published its own technical assessment of Claude Mythos Preview, describing the model as a general-purpose system with advanced cybersecurity capabilities. The company has limited access to the model, reflecting concerns about the dual-use nature of systems that can support vulnerability discovery and cyber operations.

According to media reports, Anthropic is expected to brief the Financial Stability Board on the cybersecurity implications of Claude Mythos, as regulators examine whether frontier AI models could create new risks for banks and other financial institutions. The reports said the model has not been made publicly available because of concerns that its capabilities could be misused.

The scrutiny comes as financial authorities pay closer attention to the links between AI, cyber resilience and systemic risk. Advanced AI models support defenders by helping identify vulnerabilities and improve security testing, but similar capabilities could also lower the cost and complexity of offensive cyber activity.

Some experts have cautioned against treating Mythos as a wholly new category of threat, arguing that it amplifies existing cyber risks rather than replacing them. Weak authentication, unpatched systems and poor cyber hygiene remain central causes of breaches, making baseline resilience and governance critical as AI capabilities advance.

Why does it matter?

Claude Mythos shows how frontier AI models can become dual-use infrastructure: useful for strengthening cyber defence, but potentially risky if similar capabilities are misused. For financial institutions, the issue is systemic. If advanced models can accelerate vulnerability discovery or cyber operations across interconnected organisations, regulators may need to treat AI model oversight as part of financial stability and cyber resilience planning.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

WEF highlights cybersecurity as a strategic economic priority in the AI era

The World Economic Forum said cybersecurity is rapidly evolving into a strategic economic and national security priority as AI systems, geopolitical tensions, and increasingly interconnected digital ecosystems reshape global cyber risks.

During the Annual Meeting on Cybersecurity 2026 held in Geneva, participants discussed how cyber threats are increasingly affecting economic activity, supply chains, financial systems, and critical infrastructure.

The forum said large-scale cyber incidents can disrupt national economies and critical infrastructure. The report referenced a major 2025 cyberattack that disrupted UK automotive production and reportedly contributed to weaker GDP growth, with estimated economic losses reaching approximately £1.9 billion.

WEF argued that organisations are increasingly abandoning compliance-driven cybersecurity models in favour of measurable resilience strategies focused on rapid recovery, operational continuity, incident response readiness, and stronger governance structures.

AI featured heavily throughout the discussions. The forum warned that attackers are using AI almost universally, allowing cyber operations to become faster, more autonomous, and more scalable. Leaders also highlighted emerging risks linked to agentic AI systems, software supply chain vulnerabilities, and quantum computing developments.

Participants stressed that cyber resilience now requires far broader coordination between governments, regulators, businesses, insurers, and infrastructure operators. Public-private cooperation, information-sharing systems, interoperable intelligence frameworks, and cross-border regulatory coordination were described as increasingly necessary to manage systemic cyber risks.

The discussions also focused on cyber-enabled fraud, scams, and online criminal operations that increasingly target both institutions and ordinary citizens across digital ecosystems. Experts argued that cybersecurity strategies must combine technological protection, digital literacy, public awareness, and platform-level safeguards instead of relying solely on reactive responses.

WEF concluded that cybersecurity is becoming inseparable from economic security and strategic stability in the AI era, with future resilience depending heavily on how effectively governments and industries align incentives, quantify cyber risk, and strengthen cooperation across interconnected systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Europe’s AI future increasingly depends on electricity and power infrastructure

A new opinion piece published by the World Economic Forum argues that the global AI race is rapidly shifting from software and models towards electricity generation, power infrastructure, and compute capacity.

The analysis by Lucy Yu, CEO for Centre for Net Zero, suggests that Europe’s future competitiveness in AI may depend less on research talent and more on whether the region can deliver clean and reliable energy fast enough to support expanding AI infrastructure.

The article highlights how the US and China continue to dominate the global AI ecosystem through massive investments in data centres, cloud infrastructure, and semiconductor capacity. Europe, meanwhile, faces growing concerns over digital dependence, particularly because US hyperscalers control most of the European cloud market while China maintains a leading position in AI patent filings and industrial deployment.

One of the central concerns involves the speed of infrastructure deployment. Grid connection timelines in some European markets can reportedly stretch close to a decade, while energy prices remain significantly higher than in the USA.

Such delays are already affecting investment decisions, with some operators reportedly bypassing congested electricity networks through direct links to gas-fired power plants, despite Europe’s broader net-zero objectives.

One more argument is that Europe’s challenge is not necessarily a shortage of renewable energy resources, but rather the inability to coordinate energy generation, electricity demand, and infrastructure deployment efficiently.

Offshore wind in the North Sea, southern European solar generation, and Scandinavian hydropower are identified as major strategic assets that remain underutilised because of fragmented infrastructure planning.

Large-scale data centres may help stabilise electricity systems by creating predictable demand patterns capable of improving grid utilisation and spreading infrastructure costs across greater consumption volumes.

Flexible AI data centres, battery systems, distributed energy resources, and AI-powered energy management systems are presented as possible solutions capable of reducing network strain and supporting cleaner electricity integration.

Lucy Yu’s analysis concludes that Europe still has an opportunity to compete in the next phase of AI development, but warns that the window is narrowing quickly. Without faster regulatory coordination, grid modernisation, and energy infrastructure reform, AI investment could increasingly shift towards regions capable of delivering power and compute capacity more rapidly.

Why does it matter?

The debate reflects a major structural shift in the global AI economy. Instead of competing only on algorithms and talent, countries are increasingly competing on access to electricity, semiconductor infrastructure, and data centre capacity. Decisions taken during the next few years could determine whether Europe becomes a major AI infrastructure hub or remains dependent on foreign cloud providers and external compute ecosystems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft MDASH agentic AI security system tops vulnerability discovery benchmarks

Microsoft has described a multi-model agentic AI security system, codenamed MDASH, designed to support vulnerability discovery and cybersecurity research across complex codebases.

According to Microsoft, the system helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including issues in the Windows TCP/IP stack, IKEv2 services, DNS handling and Netlogon processes. Several of the vulnerabilities were reachable over networks without authentication, the company said.

MDASH was developed by Microsoft’s Autonomous Code Security team and combines more than 100 specialised AI agents with an ensemble of frontier and distilled AI models. The system is structured as a multi-stage pipeline covering code preparation, scanning, validation, deduplication and proof generation.

The publication says the system identified remote code execution flaws, denial-of-service issues, information disclosure vulnerabilities and security feature bypasses. Microsoft also described the use of specialised auditor, debater and prover agents designed to analyse vulnerabilities across multiple files and code paths.

Microsoft said MDASH uses plugins and domain-specific knowledge to support validation and proof-of-concept generation, allowing security experts to add context that foundation models may not capture on their own.

The company also reported benchmark results from internal and public tests. It said MDASH identified all 21 deliberately inserted vulnerabilities in a private test driver with zero false positives in that run, achieved 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% in tcpip.sys, and scored 88.45% on the public CyberGym benchmark.

Microsoft said the system is already being used by its security engineering teams and is being tested with a small group of customers through a limited private preview.

Why does it matter?

MDASH shows how agentic AI is moving into high-value cybersecurity tasks such as vulnerability discovery, validation and proof generation. If systems like this can reliably reduce false positives and help researchers find exploitable flaws earlier, they could improve defensive security at scale. The same development also raises governance questions around access, oversight and dual-use risk, since tools capable of finding and proving vulnerabilities may be valuable to both defenders and attackers.

The company also discussed broader implications for AI-assisted cybersecurity operations, including the use of agentic AI systems for vulnerability discovery, validation, and remediation workflows. Microsoft stated that the system is currently being tested internally and through a limited private preview involving selected customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

G7 working group advances cybersecurity approach for AI systems

The German Federal Office for Information Security published guidance developed by the G7 Cybersecurity Working Group outlining elements for a Software Bill of Materials for AI. The document aims to support both public and private sector stakeholders in improving transparency in AI systems.

The guidance builds on a shared G7 vision introduced in 2025 and focuses on strengthening cybersecurity throughout the AI supply chain. It sets out baseline components that should be included in an AI SBOM to better track and understand system dependencies.

The document outlines seven baseline building blocks that should form part of an AI Software Bill of Materials (SBOM for AI), designed to improve visibility into how AI systems are built and how their components interact across the supply chain.

At the foundation is a Metadata cluster, which records information about the SBOM itself, including who created it, which tools and formats were used, when it was generated, and how software dependencies relate to one another.

The framework then moves to System Level Properties, covering the AI system as a whole. This includes the system’s components, producers, data flows, intended application areas, and the processing of information between internal and external services.

A dedicated Models cluster focuses on the AI models embedded within the system, documenting details such as model identifiers, versions, architectures, training methods, limitations, licenses, and dependencies. The goal is to make the origins and characteristics of models easier to trace and assess.

The document also introduces a Dataset Properties cluster to improve transparency into the data used throughout the AI lifecycle. It captures dataset provenance, content, statistical properties, sensitivity levels, licensing, and the tools used to create or modify datasets.

Beyond software and data, the framework includes an Infrastructure cluster that maps the software and hardware dependencies required to run AI systems, including links to hardware bills of materials where relevant.

Cybersecurity considerations are grouped under Security Properties, which document implemented safeguards such as encryption, access controls, adversarial robustness measures, compliance frameworks, and vulnerability references.

Finally, the framework proposes a Key Performance Indicators cluster that includes metrics related to both security and operational performance, including robustness, uptime, latency, and incident response indicators.

According to the paper, the objective is to provide practical direction that organisations can adopt to enhance visibility and manage risks linked to AI technologies. The framework is intended to support more secure development and deployment practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

World Economic Forum highlights AI role in infrastructure security

The World Economic Forum has highlighted AI-driven network defence as a possible tool for protecting critical infrastructure, as cyberattacks on hospitals, power grids, schools and transport systems become faster and harder to detect.

Lumu Technologies founder and CEO Ricardo Villadiego says nation state actors and ransomware groups are increasingly targeting critical infrastructure such as hospitals, power grids, schools, utilities and transport networks. It argues that local authorities and community-level service providers often face these threats with limited resources and small teams.

The author points to the convergence of operational technology and internet-connected IT systems as a major source of vulnerability. As sensors, smart meters and programmable logic controllers become more connected, the attack surface expands across both digital and physical infrastructure.

The article also argues that AI is increasing the speed and stealth of cyberattacks, making it harder for human-led security teams to detect and respond to threats quickly. In response, it presents AI-driven network monitoring as one way to identify anomalies across connected systems and block malicious activity before it reaches physical control systems.

A key concern is the reliance on endpoint-only security. The article notes that many critical infrastructure environments contain unmanaged or outdated devices, such as industrial systems, medical equipment and physical control assets, where conventional security agents may not be practical.

Why does it matter?

Critical infrastructure cybersecurity is increasingly about the connection between digital systems and physical services. As hospitals, utilities, schools and transport networks become more connected, cyberattacks can cause real-world disruption. AI-driven defence tools may help overstretched teams monitor complex environments more effectively, but their use also raises questions about reliability, oversight and dependence on automated security decisions in essential services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

WEF report highlights supply chain risks in quantum-safe cybersecurity transition

A new World Economic Forum (WEF) analysis argues that coordination failures across global technology supply chains could slow the transition towards quantum-safe cybersecurity, despite growing pressure from governments, regulators, and major technology companies to accelerate adoption of post-quantum cryptography (PQC).

The article highlights how the migration towards quantum-safe security has shifted from long-term planning into active deployment after the National Institute of Standards and Technology finalised its first PQC standards in 2024. The UK’s National Cyber Security Centre has already set phased migration targets extending to 2035, while Google has set 2029 as the target timeline for parts of its own transition roadmap.

Furthermore, WEF argues that post-quantum migration cannot be treated as a routine software update because quantum-safe security depends on every layer of the digital ecosystem. Semiconductors, firmware, operating systems, applications, cloud services, telecoms infrastructure, and critical national infrastructure all need coordinated upgrades. Delays at one stage of the supply chain could affect every downstream deployment.

Critical infrastructure operators face particular pressure because many systems rely on long operational cycles, globally sourced equipment, and tightly regulated procurement frameworks. Energy networks, telecoms systems, transport infrastructure, and financial institutions are already making procurement decisions that may shape cybersecurity resilience for decades.

According to the report, deploying infrastructure without a clear PQC migration pathway could create substantial future remediation costs and operational risks.

The piece also links the post-quantum transition to broader cyber resilience concerns tied to AI. Frontier AI systems are increasingly being used to identify vulnerabilities at scale, accelerating both defensive security testing and potential offensive cyber capabilities.

The article references Anthropic and its Claude Mythos model, along with examples of Mozilla Firefox vulnerability discovery, as evidence that AI is rapidly changing software assurance and implementation testing.

Organisations treating PQC migration as a coordinated resilience programme instead of a narrow compliance exercise will be better positioned to protect critical services, economic stability, and trust in digital systems over the coming decade.

Why does it matter?

Quantum computing is steadily moving from theoretical risk to practical cybersecurity challenge, forcing governments and industries to rethink the foundations of digital security. The WEF analysis shows that the greatest obstacle may not be the cryptographic technology itself, but the coordination required across suppliers, infrastructure operators, regulators, cloud providers, and hardware manufacturers.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.