Critical infrastructure

US Cyber Command proposes $5M AI Initiative for 2026 budget

US Cyber Command is seeking $5 million in its fiscal year 2026 budget to launch a new AI project to advance data integration and operational capabilities.

While the amount represents a small fraction of the command’s $1.3 billion research and development (R&D) portfolio, the effort reflects growing emphasis on incorporating AI into cyber operations.

The initiative follows congressional direction set in the fiscal year (FY) 2023 National Defense Authorization Act, which tasked Cyber Command and the Department of Defense’s Chief Information Officer—working with the Chief Digital and Artificial Intelligence Officer, DARPA, the NSA, and the Undersecretary of Defense for Research and Engineering—to produce a five-year guide and implementation plan for rapid AI adoption.

However, this roadmap, developed shortly after, identified priorities for deploying AI systems, applications, and supporting data processes across cyber forces.

Cyber Command formed an AI task force within its Cyber National Mission Force (CNMF) to operationalise these priorities. The newly proposed funding would support the task force’s efforts to establish core data standards, curate and tag operational data, and accelerate the integration of AI and machine learning solutions.

Known as Artificial Intelligence for Cyberspace Operations, the project will focus on piloting AI technologies using an agile 90-day cycle. This approach is designed to rapidly assess potential solutions against real-world use cases, enabling quick iteration in response to evolving cyber threats.

Budget documents indicate the CNMF plans to explore how AI can enhance threat detection, automate data analysis, and support decision-making processes. The command’s Cyber Immersion Laboratory will be essential in testing and evaluating these cyber capabilities, with external organisations conducting independent operational assessments.

The AI roadmap identifies five categories for applying AI across Cyber Command’s enterprise: vulnerabilities and exploits; network security, monitoring, and visualisation; modelling and predictive analytics; persona and identity management; and infrastructure and transport systems.

To fund this effort, Cyber Command plans to shift resources from its operations and maintenance account into its R&D budget as part of the transition from FY2025 to FY2026.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

How agentic AI is transforming cybersecurity

Cybersecurity is gaining a new teammate—one that never sleeps and acts independently. Agentic AI doesn’t wait for instructions. It detects threats, investigates, and responds in real-time. This new class of AI is beginning to change the way we approach cyber defence.

Unlike traditional AI systems, Agentic AI operates with autonomy. It sets objectives, adapts to environments, and self-corrects without waiting for human input. In cybersecurity, this means instant detection and response, beyond simple automation.

With networks more complex than ever, security teams are stretched thin. Agentic AI offers relief by executing actions like isolating compromised systems or rewriting firewall rules. This technology promises to ease alert fatigue and keep up with evasive threats.

A 2025 Deloitte report says 25% of GenAI-using firms will pilot Agentic AI this year. SailPoint found that 98% of organisations will expand AI agent use in the next 12 months. But rapid adoption also raises concern—96% of tech workers see AI agents as security risks.

The integration of AI agents is expanding to cloud, endpoints, and even physical security. Yet with new power comes new vulnerabilities—from adversaries mimicking AI behaviour to the risk of excessive automation without human checks.

Key challenges include ethical bias, unpredictable errors, and uncertain regulation. In sectors like healthcare and finance, oversight and governance must keep pace. The solution lies in balanced control and continuous human-AI collaboration.

Cybersecurity careers are shifting in response. Hybrid roles such as AI Security Analysts and Threat Intelligence Automation Architects are emerging. To stay relevant, professionals must bridge AI knowledge with security architecture.

Agentic AI is redefining cybersecurity. It boosts speed and intelligence but demands new skills and strong leadership. Adaptation is essential for those who wish to thrive in tomorrow’s AI-driven security landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US targets Southeast Asia to stop AI chip leaks to China

The US is preparing stricter export controls on high-end Nvidia AI chips destined for Malaysia and Thailand, in a move to block China’s indirect access to advanced GPU hardware.

According to sources cited by Bloomberg, the new restrictions would require exporters to obtain licences before sending AI processors to either country.

The change follows reports that Chinese engineers have hand-carried data to Malaysia for AI training after Singapore began restricting chip re-exports.

Washington suspects Chinese firms are using Southeast Asian intermediaries, including shell companies, to bypass existing export bans on AI chips like Nvidia’s H100.

Although some easing has occurred between the US and China in areas such as ethane and engine components, Washington remains committed to its broader decoupling strategy. The proposed measures will reportedly include safeguards to prevent regional supply chain disruption.

Malaysia’s Trade Minister confirmed earlier this year that the US had requested detailed monitoring of all Nvidia chip shipments into the country.

As the global race for AI dominance intensifies, Washington appears determined to tighten enforcement and limit Beijing’s access to advanced computing power.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Pakistan launches AI customs system to tackle tax evasion

Pakistan has launched its first AI-powered Customs Clearance and Risk Management System (RMS) to cut tax evasion, reduce corruption, and modernise port operations by automating inspections and declarations.

The initiative, part of broader digital reforms, is led by the Federal Board of Revenue (FBR) with support from the Intelligence Bureau.

By minimising human involvement in customs procedures, the system enables faster, fairer, and more transparent processing. It uses AI and automated bots to assess goods’ value and classification, improve risk profiling, and streamline green channel clearances.

Early trials showed a 92% boost in system performance and more than double the efficiency in identifying compliant cargo.

Prime Minister Shehbaz Sharif praised the collaboration between the FBR and IB, calling the initiative a key pillar of national economic reform. He urged full integration of the system into the country’s digital infrastructure and reaffirmed tax reform as a government priority.

The AI system is also expected to close loopholes in under-invoicing and misdeclaration, which have long been used to avoid duties.

Meanwhile, video analytics technology is trialled to detect factory tax fraud, with early tests showing 98% accuracy. In recent enforcement efforts, authorities recovered Rs178 billion, highlighting the potential of data-driven approaches in tackling fiscal losses.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Survey reveals sharp rise in cyberattacks on Japan’s small businesses

A May 2025 survey by Teikoku Databank reveals that nearly one in three Japanese companies have experienced a cyberattack. The survey targeted over 26,000 businesses and received 10,645 valid responses.

Among respondents, 32% reported having been targeted by cyberattacks. Large firms in Japan were more likely to be affected at 41.9%, compared to 30.3% for small and medium-sized businesses and just 28.1% for small firms.

Interestingly, while larger firms showed a higher lifetime rate, cyber incidents over the past month were more common among smaller enterprises. Around 6.9% of SMEs and 7.9% of small firms were affected, compared to the overall rate of 6.7%.

Teikoku Databank warned of a sharp increase in risk for small businesses, which often lack the robust cybersecurity infrastructure of larger corporations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Regions seek role in EU hospital cyber strategy

The European Commission’s latest plan to strengthen hospital cybersecurity has drawn attention from regional authorities across the EU, who say they were excluded from key decisions.

Their absence, they argue, could weaken the strategy’s overall effectiveness.

With cyberattacks on healthcare systems growing, regional representatives insist they should have a seat at the table.

As those directly managing hospitals and public health, they warn that top-down decisions may overlook urgent local challenges and lead to poorly matched policies.

The Commission’s plan includes creating a dedicated health cybersecurity centre under the EU Agency for Cybersecurity (ENISA) and setting up an EU-wide threat alert system.

Yet doubts remain over how these goals will be met without extra funding or clear guidance on regional involvement.

The concerns point to the need for a more collaborative approach that values regional knowledge.

Without it, the EU risks designing cybersecurity protections that fail to reflect the realities inside Europe’s hospitals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI issues warning as airline cyberattacks rise, posing national security threat

Less than a year after the cyberattack that shut down Sea-Tac Airport, the FBI has issued a stark new warning: America’s airlines are now targets. The agency confirmed that the cybercrime gang Scattered Spider is actively attacking aviation systems.

This group, known for crippling MGM Resorts, uses social engineering to bypass security. By posing as airline staff, they access systems, steal data and deploy ransomware within hours of a breach.

WestJet, Hawaiian Airlines and Qantas have all been hit in the last two months alone. Qantas reported a data breach affecting more than six million passengers.

Today’s airlines depend on interconnected digital infrastructure. Disruption to crew scheduling, flight planning or maintenance can trigger chaos across entire networks.

The FBI says these attacks are shifting from isolated incidents to coordinated campaigns. Experts fear that state and non-state actors are watching closely, ready to exploit aviation vulnerabilities.

Aircraft are now flying data centres. Their connectivity brings both efficiency and risk. Flight safety could be at stake if attackers compromise weather feeds or ground systems.

Sea-Tac was a warning. What happens when multiple airports are targeted at once? Fictional scenarios are edging closer to reality.

Previous attacks — from Warsaw to London — exposed system weaknesses. The threat has only grown. It is no longer a question of if, but when.

The industry must act decisively. Stronger identity checks, hardened systems, and real-time intelligence sharing are no longer optional. Cybersecurity must become as essential as flight safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom unveils $700B cybersecurity upgrade

SK Telecom has announced a major cybersecurity initiative worth KRW 700 billion, designed to restore trust and enhance information security after a recent incident.

The company’s new programme, called the Accountability and Commitment Program, includes four elements to protect customers and reinforce transparency.

A central part of the initiative is the Information Protection Innovation Plan, which involves a five-year investment to build a world-class cybersecurity system.

The project will follow the US National Institute of Standards and Technology’s Cybersecurity Framework and aims to position SK Telecom as Korea’s leader in information security by 2028.

To further support affected customers, the company is upgrading its Customer Assurance Package and introducing a Customer Appreciation Package to thank users for their patience and loyalty.

A subscription cancellation fee waiver has also been included to reduce friction for those reconsidering their service.

SK Telecom says it will maintain its commitment to customer safety and service reliability, pledging to fully address all concerns and enhance security and service quality across the board.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK plans new laws to tackle undersea cable sabotage

The UK government’s evolving defence and security policies aim to close legal gaps exposed by modern threats such as cyberattacks and sabotage of undersea cables. As set out in the recent Strategic Defence Review, ministers plan to introduce a new defence readiness bill to protect critical subsea infrastructure better and prepare for hostile acts that fall outside traditional definitions of war.

The government is also considering revising the outdated Submarine Telegraph Act of 1885, whose penalties, last raised in 1982 to £1,000, are now recognised as inadequate. Instead of merely increasing fines, officials from the Ministry of Defence and the Department for Science, Innovation and Technology intend to draft comprehensive legislation that balances civil and military needs, clarifies how to prosecute sabotage, and updates the UK’s approach to national defence in the digital age.

These policy initiatives reflect growing concern about ‘grey zone’ threats—deliberate acts of sabotage or cyber aggression that stop short of open conflict yet pose serious national security risks. Recent suspected sabotage incidents, including damage to subsea cables connecting Sweden, Latvia, Finland, and Estonia, have highlighted how vulnerable undersea infrastructure remains.

Investigations have linked several of these operations to Russian and Chinese interests, emphasising the urgency of modernising UK law. By updating its legislative framework, the UK government aims to ensure it can respond effectively to attacks that blur the line between peace and conflict, safeguarding both national interests and critical international data flows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese-linked hackers target French state in Ivanti exploit campaign

A sophisticated cyber campaign linked to Chinese threat actors has targeted French government, defence and media organisations by exploiting zero-day vulnerabilities in Ivanti’s server software, France’s national cyber agency has revealed.

The French National Agency for Information Systems Security (ANSSI) reported that attackers exploited flaws in an end-of-life version of Ivanti’s Cloud Services Appliance. Victims include public agencies, telecoms, finance firms and media outlets. ANSSI dubbed the threat ‘Houken.’

Hackers used tools developed by Chinese-speaking actors, operated during Chinese working hours and pursued both espionage and financial gain. In one case, they deployed a cryptominer—an unusual move for state-linked actors.

The campaign that targeted France relied on chaining Ivanti zero-days (CVE-2024-8190, CVE-2024-9380 and CVE-2024-8963) to deploy a novel rootkit. Attackers then used webshells, fileless backdoors, and anonymising services like NordVPN.

ANSSI noted similarities to activity by UNC5174, a Chinese initial access broker tracked by Mandiant. This actor, also known as ‘Uteus,’ reportedly works with the Ministry of State Security in China.

Evidence suggests that Houken not only sells access to compromised networks but also carries out direct data exfiltration. One victim included the foreign ministry of a South American country.

The Paris Prosecutor’s Office is investigating a possible botnet linked to Chinese state hackers, though it’s unclear if it’s connected to Houken.

ANSSI warns that both Houken and UNC5174 are still active and likely to continue exploiting exposed infrastructure worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!