Critical infrastructure

Microsoft MDASH agentic AI security system tops vulnerability discovery benchmarks

Microsoft has described a multi-model agentic AI security system, codenamed MDASH, designed to support vulnerability discovery and cybersecurity research across complex codebases.

According to Microsoft, the system helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including issues in the Windows TCP/IP stack, IKEv2 services, DNS handling and Netlogon processes. Several of the vulnerabilities were reachable over networks without authentication, the company said.

MDASH was developed by Microsoft’s Autonomous Code Security team and combines more than 100 specialised AI agents with an ensemble of frontier and distilled AI models. The system is structured as a multi-stage pipeline covering code preparation, scanning, validation, deduplication and proof generation.

The publication says the system identified remote code execution flaws, denial-of-service issues, information disclosure vulnerabilities and security feature bypasses. Microsoft also described the use of specialised auditor, debater and prover agents designed to analyse vulnerabilities across multiple files and code paths.

Microsoft said MDASH uses plugins and domain-specific knowledge to support validation and proof-of-concept generation, allowing security experts to add context that foundation models may not capture on their own.

The company also reported benchmark results from internal and public tests. It said MDASH identified all 21 deliberately inserted vulnerabilities in a private test driver with zero false positives in that run, achieved 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% in tcpip.sys, and scored 88.45% on the public CyberGym benchmark.

Microsoft said the system is already being used by its security engineering teams and is being tested with a small group of customers through a limited private preview.

Why does it matter?

MDASH shows how agentic AI is moving into high-value cybersecurity tasks such as vulnerability discovery, validation and proof generation. If systems like this can reliably reduce false positives and help researchers find exploitable flaws earlier, they could improve defensive security at scale. The same development also raises governance questions around access, oversight and dual-use risk, since tools capable of finding and proving vulnerabilities may be valuable to both defenders and attackers.

The company also discussed broader implications for AI-assisted cybersecurity operations, including the use of agentic AI systems for vulnerability discovery, validation, and remediation workflows. Microsoft stated that the system is currently being tested internally and through a limited private preview involving selected customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

G7 working group advances cybersecurity approach for AI systems

The German Federal Office for Information Security published guidance developed by the G7 Cybersecurity Working Group outlining elements for a Software Bill of Materials for AI. The document aims to support both public and private sector stakeholders in improving transparency in AI systems.

The guidance builds on a shared G7 vision introduced in 2025 and focuses on strengthening cybersecurity throughout the AI supply chain. It sets out baseline components that should be included in an AI SBOM to better track and understand system dependencies.

The document outlines seven baseline building blocks that should form part of an AI Software Bill of Materials (SBOM for AI), designed to improve visibility into how AI systems are built and how their components interact across the supply chain.

At the foundation is a Metadata cluster, which records information about the SBOM itself, including who created it, which tools and formats were used, when it was generated, and how software dependencies relate to one another.

The framework then moves to System Level Properties, covering the AI system as a whole. This includes the system’s components, producers, data flows, intended application areas, and the processing of information between internal and external services.

A dedicated Models cluster focuses on the AI models embedded within the system, documenting details such as model identifiers, versions, architectures, training methods, limitations, licenses, and dependencies. The goal is to make the origins and characteristics of models easier to trace and assess.

The document also introduces a Dataset Properties cluster to improve transparency into the data used throughout the AI lifecycle. It captures dataset provenance, content, statistical properties, sensitivity levels, licensing, and the tools used to create or modify datasets.

Beyond software and data, the framework includes an Infrastructure cluster that maps the software and hardware dependencies required to run AI systems, including links to hardware bills of materials where relevant.

Cybersecurity considerations are grouped under Security Properties, which document implemented safeguards such as encryption, access controls, adversarial robustness measures, compliance frameworks, and vulnerability references.

Finally, the framework proposes a Key Performance Indicators cluster that includes metrics related to both security and operational performance, including robustness, uptime, latency, and incident response indicators.

According to the paper, the objective is to provide practical direction that organisations can adopt to enhance visibility and manage risks linked to AI technologies. The framework is intended to support more secure development and deployment practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

World Economic Forum highlights AI role in infrastructure security

The World Economic Forum has highlighted AI-driven network defence as a possible tool for protecting critical infrastructure, as cyberattacks on hospitals, power grids, schools and transport systems become faster and harder to detect.

Lumu Technologies founder and CEO Ricardo Villadiego says nation state actors and ransomware groups are increasingly targeting critical infrastructure such as hospitals, power grids, schools, utilities and transport networks. It argues that local authorities and community-level service providers often face these threats with limited resources and small teams.

The author points to the convergence of operational technology and internet-connected IT systems as a major source of vulnerability. As sensors, smart meters and programmable logic controllers become more connected, the attack surface expands across both digital and physical infrastructure.

The article also argues that AI is increasing the speed and stealth of cyberattacks, making it harder for human-led security teams to detect and respond to threats quickly. In response, it presents AI-driven network monitoring as one way to identify anomalies across connected systems and block malicious activity before it reaches physical control systems.

A key concern is the reliance on endpoint-only security. The article notes that many critical infrastructure environments contain unmanaged or outdated devices, such as industrial systems, medical equipment and physical control assets, where conventional security agents may not be practical.

Why does it matter?

Critical infrastructure cybersecurity is increasingly about the connection between digital systems and physical services. As hospitals, utilities, schools and transport networks become more connected, cyberattacks can cause real-world disruption. AI-driven defence tools may help overstretched teams monitor complex environments more effectively, but their use also raises questions about reliability, oversight and dependence on automated security decisions in essential services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

WEF report highlights supply chain risks in quantum-safe cybersecurity transition

A new World Economic Forum (WEF) analysis argues that coordination failures across global technology supply chains could slow the transition towards quantum-safe cybersecurity, despite growing pressure from governments, regulators, and major technology companies to accelerate adoption of post-quantum cryptography (PQC).

The article highlights how the migration towards quantum-safe security has shifted from long-term planning into active deployment after the National Institute of Standards and Technology finalised its first PQC standards in 2024. The UK’s National Cyber Security Centre has already set phased migration targets extending to 2035, while Google has set 2029 as the target timeline for parts of its own transition roadmap.

Furthermore, WEF argues that post-quantum migration cannot be treated as a routine software update because quantum-safe security depends on every layer of the digital ecosystem. Semiconductors, firmware, operating systems, applications, cloud services, telecoms infrastructure, and critical national infrastructure all need coordinated upgrades. Delays at one stage of the supply chain could affect every downstream deployment.

Critical infrastructure operators face particular pressure because many systems rely on long operational cycles, globally sourced equipment, and tightly regulated procurement frameworks. Energy networks, telecoms systems, transport infrastructure, and financial institutions are already making procurement decisions that may shape cybersecurity resilience for decades.

According to the report, deploying infrastructure without a clear PQC migration pathway could create substantial future remediation costs and operational risks.

The piece also links the post-quantum transition to broader cyber resilience concerns tied to AI. Frontier AI systems are increasingly being used to identify vulnerabilities at scale, accelerating both defensive security testing and potential offensive cyber capabilities.

The article references Anthropic and its Claude Mythos model, along with examples of Mozilla Firefox vulnerability discovery, as evidence that AI is rapidly changing software assurance and implementation testing.

Organisations treating PQC migration as a coordinated resilience programme instead of a narrow compliance exercise will be better positioned to protect critical services, economic stability, and trust in digital systems over the coming decade.

Why does it matter?

Quantum computing is steadily moving from theoretical risk to practical cybersecurity challenge, forcing governments and industries to rethink the foundations of digital security. The WEF analysis shows that the greatest obstacle may not be the cryptographic technology itself, but the coordination required across suppliers, infrastructure operators, regulators, cloud providers, and hardware manufacturers.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Council of the EU extends cyber sanctions framework until 2027

The Council of the European Union has extended restrictive measures against individuals and entities involved in cyber-attacks threatening the EU and its member states until 18 May 2027. The legal framework behind the sanctions regime had already been extended until 18 May 2028.

The framework allows the EU to impose targeted sanctions on persons or entities involved in significant cyber-attacks that constitute an external threat to the Union or its member states. Measures can also be imposed in response to cyber-attacks against third countries or international organisations, where they support Common Foreign and Security Policy objectives.

Current listings under the regime apply to 19 individuals and seven entities. Sanctioned actors face asset freezes, while the EU citizens and companies are prohibited from making funds or economic resources available to them. Listed individuals are also subject to travel bans preventing them from entering or transiting through the EU territory.

The Council said the individual listings will continue to be reviewed every 12 months. It also said the measures are intended to deter malicious cyber activity and uphold the international rules-based order by ensuring accountability for those responsible.

The sanctions mechanism forms part of the EU’s broader cyber diplomacy toolbox, established in 2017 to strengthen coordinated diplomatic responses to malicious cyber activity. The Council said the EU and its member states would continue working with international partners to promote an open, free, stable and secure cyberspace.

Why does it matter?

The decision shows how cybersecurity has become part of the EU’s foreign policy and sanctions toolkit, not only a matter of technical defence. By extending cyber sanctions listings, the EU is reinforcing its use of diplomatic and economic measures to deter malicious cyber activity, attribute responsibility and signal that significant cyber-attacks can carry geopolitical consequences.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Cybercrime Atlas launches open-source map of criminal networks

Cybercrime Atlas has launched Cosmos, an open-source platform designed to map global cybercrime networks and strengthen cooperation among defenders, investigators, prosecutors and policymakers.

Hosted by the World Economic Forum’s Centre for Cybersecurity, Cybercrime Atlas aims to build a shared understanding of cybercriminal ecosystems at a time when ransomware, fraud and illicit digital services are becoming increasingly organised and industrialised.

The initiative responds to a long-standing problem in cybercrime disruption: fragmented terminology, isolated investigations and inconsistent reporting structures. Cosmos aims to standardise definitions, organise threat intelligence into a shared structure and help different actors coordinate more effectively across borders.

The first version of the platform contains nine core categories, 229 identified cybercrime-related elements and 849 mapped connections showing how criminal networks, tools and services interact. The dataset is designed to expand as the wider community contributes new intelligence.

Why does it matter?

Cybercrime increasingly functions as an interconnected ecosystem, with specialised groups, tools, infrastructure providers and illicit services supporting one another across borders. A shared map of those relationships could help shift cyber defence from isolated incident response towards more coordinated disruption of criminal networks, while giving investigators and policymakers a clearer view of how digital crime is organised.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Canada advances sovereign AI data centre strategy with TELUS

The Canadian government and TELUS are advancing plans to develop large-scale sovereign AI infrastructure as part of Ottawa’s broader strategy to strengthen domestic compute capacity and support the country’s AI ecosystem.

The initiative was announced by Evan Solomon (Minister of Artificial Intelligence and Digital Innovation and Minister responsible for the Federal Economic Development Agency for Southern Ontario) and focuses on a proposed AI data centre project in British Columbia designed to support researchers, businesses, and academic institutions.

A project that forms part of Canada’s ‘Enabling large-scale sovereign AI data centres’ initiative, which was introduced under Budget 2025. Ottawa stated that sovereign compute infrastructure is increasingly important for maintaining national competitiveness in AI while ensuring Canadian data, intellectual property, and economic value remain within the country.

The government also confirmed that no formal funding commitments have yet been distributed, with discussions currently progressing through non-binding memoranda of understanding with selected industry participants.

Local officials argued that large-scale compute infrastructure has become a strategic economic requirement as governments worldwide race to expand AI processing capabilities. Canada believes it holds competitive advantages due to its colder climate, sustainable energy resources, and network infrastructure, all of which could help attract future AI investment and hyperscale data centre development.

Why does it matter?

The race for sovereign AI infrastructure is rapidly becoming one of the most important geopolitical and economic competitions of the digital era. The Canada-TELUS partnership illustrates how countries are moving beyond AI model development alone and shifting focus towards the physical infrastructure required to sustain future AI ecosystems, including data centres, energy capacity, semiconductors, and domestic compute networks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Joint cybersecurity agencies publish guidance on secure adoption of agentic AI

Cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom and the United States have published joint guidance on the careful adoption of agentic AI services in organisational IT environments.

The guidance is intended to help organisations design, develop, deploy and operate agentic AI systems, and to make informed risk assessments and mitigations. It primarily focuses on large-language-model-based agentic AI systems.

The publication examines threats to and vulnerabilities within agentic AI systems, including risks introduced through system components, integrations and downstream use. It also considers broader risks arising from agentic AI behaviour in IT environments.

The guidance covers wider agentic AI security considerations, specific security risks, best practices for securing agentic AI systems and steps organisations can take to prepare for emerging and future threats.

It was co-authored by the Australian Signals Directorate’s Australian Cyber Security Centre, the US Cybersecurity and Infrastructure Security Agency, the US National Security Agency, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the UK National Cyber Security Centre.

Why does it matter?

Agentic AI systems can act with greater autonomy than conventional software tools, including by interacting with other systems, using integrations and taking steps towards defined goals. That creates new cybersecurity risks when such tools are embedded in organisational IT environments. The joint guidance shows that major cyber agencies are treating agentic AI as an emerging operational security issue, not only as a question of AI policy or experimentation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI cyber capabilities raise risk of correlated financial system failures, IMF warns

AI is rapidly reshaping the global financial system’s cyber risk landscape, according to analysis associated with the International Monetary Fund. While AI improves defence, it also helps attackers find and exploit vulnerabilities more quickly, increasing the risk of systemic disruption.

Financial infrastructure is highly interconnected, relying on shared software, cloud services, and payment networks. IMF analysis suggests that AI-enabled cyberattacks could trigger correlated institutional failures, leading to funding stress, solvency risks, and disruptions to payments and market operations.

Recent developments in advanced AI models demonstrate how quickly offensive capabilities are evolving, with systems now able to identify weaknesses across widely used platforms.

At the same time, defensive AI tools are being deployed to detect threats and strengthen resilience, but their effectiveness depends on governance, oversight, and integration within financial institutions.

Authorities are now being urged to treat cyber risk as a core financial stability issue rather than a purely technical challenge. Stronger supervision, resilience standards, and international coordination are viewed as essential, particularly as cyber threats increasingly cross borders and exploit shared global infrastructure.

Why does it matter? 

Cyber risks related to AI are a macroeconomic threat that can affect liquidity, confidence, and core financial intermediation. At the same time, the same technology is essential for defence, meaning resilience now depends on how quickly supervision, governance, and international coordination can keep pace with rapidly scaling offensive capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our  chatbot!  

Australia’s ASIC urges cyber resilience as frontier AI raises risk

The Australian Securities and Investments Commission has urged regulated entities to strengthen cyber resilience, warning that frontier AI could intensify cyber risks by exposing vulnerabilities at greater speed, scale and sophistication.

In an open letter to industry, ASIC said licensees and market participants should act now to improve their cybersecurity fundamentals rather than wait as advanced AI tools reshape the threat environment. The regulator said cyber resilience should be treated as a core licensing obligation, not solely as an IT issue.

ASIC Commissioner Simone Constant said frontier AI creates opportunities but also materially increases cyber risk, including by exposing weaknesses faster than many organisations realise. She warned that vulnerabilities once seen as isolated could have system-wide effects and enable previously out-of-reach forms of exploitation for many malicious actors.

The letter follows ASIC’s recent court outcome against FIIG Securities Limited, which the regulator said reinforced the need for cyber risk management controls to be demonstrably effective and proportionate to a business’s size, nature and complexity.

ASIC is urging entities to reassess cyber plans, identify and protect critical systems, reduce exposure to untrusted networks, review user access, patch systems promptly, strengthen incident response planning and manage third-party risks. It also says organisations should use AI defensively where appropriate, including to identify vulnerabilities and secure software before release.

Constant said entities need robust incident response plans and that the underlying principles of cyber risk management remain the same: govern, protect, detect and respond. She also said boards and executives must ensure systems are tested, weaknesses are addressed early, and action is taken before threats can be exploited.

ASIC says entities must table the letter at their ultimate board and risk governance committees. It also encourages regulated entities to use guidance from trusted sources, including the Australian Signals Directorate and the Australian Government’s Cyber Health Check.

Why does it matter?

ASIC’s warning shows that financial regulators are beginning to treat frontier AI as a force multiplier of cyber risk, not just a technology issue. By framing cyber resilience as a licensing and board-level governance obligation, the regulator is signalling that firms may be judged not only on whether they suffer cyber incidents, but on whether their controls, escalation processes and resilience planning are proportionate to an AI-accelerated threat environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.