Critical infrastructure

US agencies to adopt ChatGPT to modernise government operations

The US government has finalised a deal with OpenAI to integrate ChatGPT Enterprise across all federal agencies. Each agency will access ChatGPT for $1 to support AI adoption and modernise operations.

According to the General Services Administration, the move aligns with the White House’s AI Action Plan, which aims to make the US a global leader in AI development. The plan promotes AI integration, innovation, and regulation across public institutions.

However, privacy advocates and cybersecurity experts have raised concerns over the risks of centralised AI in government. Critics cite the potential for mass surveillance, narrative control, and sensitive data exposure.

Sam Altman, CEO of OpenAI, has cautioned users that AI conversations are not protected under privacy laws and could be used in legal proceedings. Storing data on centralised servers via large language models raises concerns over civil liberties and government overreach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Security flaw in Dell models affects millions

Millions of Dell laptops faced a serious security risk due to a flaw in a Broadcom chip used for storing sensitive data. Cisco Talos researchers uncovered the vulnerability, which could have allowed attackers to steal passwords and monitor activity.

Dell confirmed over 100 laptop models were impacted, especially those with its ‘ControlVault’ security software used in sensitive industries. A fix has been issued through security patches since March.

No evidence suggests the flaw was exploited, but experts warn users to install updates promptly to avoid exposure. The issue highlights the risks of storing biometrics and credentials directly on devices.

Users are advised to keep security patches current and use reliable antivirus software to help reduce threats from similar vulnerabilities in future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese nationals accused of bypassing US export controls on AI chips

Two Chinese nationals have been charged in the US with illegally exporting millions of dollars’ worth of advanced Nvidia AI chips to China, violating the export controls.

The Department of Justice (DOJ) said Chuan Geng and Shiwei Yang operated California-based ALX Solutions, which allegedly shipped restricted hardware without the required licences over the past three years.

The DOJ claims that the company exported Nvidia’s H100 and GeForce RTX 4090 graphics processing units to China via transit hubs in Singapore and Malaysia, concealing their ultimate destination.

Payments for the shipments allegedly came from firms in Hong Kong and mainland China, including a $1 million transfer in January 2024.

Court documents state that ALX falsely declared shipments to Singapore-based customers, but US export control officers could not confirm the deliveries.

One 2023 invoice for over $28 million reportedly misrepresented the buyer’s identity. Neither Geng nor Yang had sought export licences from the US Commerce Department.

Yang was arrested on Saturday, and Geng surrendered soon after. Both appeared in a Los Angeles federal court on Monday and could face up to 20 years in prison if convicted.

Nvidia and Super Micro, a supplier, said they comply with all export regulations and will cooperate with authorities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Korea’s LG CNS wins first overseas AI data centre deal in Indonesia

LG CNS has secured a 100 billion won ($72 million) contract to build an AI data centre in Jakarta, a first for a Korean firm in a project of this kind overseas. The centre is expected to be completed by 2026 and will house over 100,000 servers.

The deal was signed through LG Sinar Mas Technology Solutions, a joint venture between Sinar Mas Group of Indonesia and LG of South Korea. Local partner KMG, backed by Korea Investment Real Asset Management, is leading the project to create Indonesia’s largest hyperscale AI data centre.

The 11-storey facility will launch with a power capacity of 30 megawatts, with plans to expand to 220 megawatts in future phases. LG CNS will manage key infrastructure, including electricity, cooling, and telecoms systems, using technologies across the LG Group.

Safety has been a key selling point. The centre will utilise seismic isolation systems to safeguard equipment in earthquake-prone Southeast Asia. Redundant power systems will also ensure continuous operation even during outages.

Southeast Asia is emerging as a cost-effective hub for AI among global technology giants. LG CNS plans to leverage the Jakarta project as a launchpad for expanding into Singapore, Malaysia, and other international markets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK GP surgery praised for using AI to boost efficiency and patient care

UK Health Minister Karin Smyth praised St George’s Surgery in Weston-super-Mare for utilising AI to enhance efficiency. Serving nearly 14,000 patients, the surgery uses AI to automate note-taking and letter drafting, reducing administrative burdens on staff.

It has been reported that, in June of 2025, St George’s Surgery handled over 9,000 appointments, with more than half booked and held on the same day. As part of the UK’s 10-Year Health Plan, the government stated it aims to expand AI adoption in healthcare, potentially freeing up the capacity of over 2,000 full-time GPs.

Andy Carpenter, Digital Director at Mendip Vale Medical Group, highlighted that AI is helping to manage growing patient demand, increase face-to-face time with GPs, and maintain strong data protection standards. Health Minister Karin Smyth also stressed the need for safe, well-regulated AI in healthcare, noting its practical uses, such as remote monitoring of vaccine fridge temperatures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia tackles online scams with AI and new cyber guidelines

Cybercrime involving financial scams continues to rise in Malaysia, with 35,368 cases reported in 2024, a 2.53 per cent increase from the previous year, resulting in losses of RM1.58 billion.

The situation remains severe in 2025, with over 12,000 online scam cases recorded in the first quarter alone, involving fake e-commerce offers, bogus loans, and non-existent investment platforms. Losses during this period reached RM573.7 million.

Instead of waiting for the situation to worsen, the Digital Ministry is rolling out proactive safeguards. These include new AI-related guidelines under development by the Department of Personal Data Protection, scheduled for release by March 2026.

The documents will cover data protection impact assessments, automated decision-making, and privacy-by-design principles.

The ministry has also introduced an official framework for responsible AI use in the public sector, called GPAISA, to ensure ethical compliance and support across government agencies.

Additionally, training initiatives such as AI Untuk Rakyat and MD Workforce aim to equip civil servants and enforcement teams with skills to handle AI and cyber threats.

In partnership with CyberSecurity Malaysia and Universiti Kebangsaan Malaysia, the ministry is also creating an AI-powered application to verify digital images and videos.

Instead of relying solely on manual analysis, the tool will help investigators detect online fraud, identity forgery, and synthetic media more effectively.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New malware steals 200,000 passwords and credit card details through fake software

Hackers are now using fake versions of familiar software and documents to spread a new info-stealing malware known as PXA Stealer.

First discovered by Cisco Talos, the malware campaign is believed to be operated by Vietnamese-speaking cybercriminals and has already compromised more than 4,000 unique IP addresses across 62 countries.

Instead of targeting businesses alone, the attackers are now focusing on ordinary users in countries including the US, South Korea, and the Netherlands.

PXA Stealer is written in Python and designed to collect passwords, credit card data, cookies, autofill information, and even crypto wallet details from infected systems.

It spreads by sideloading malware into files like Microsoft Word executables or ZIP archives that also contain legitimate-looking programs such as Haihaisoft PDF Reader.

The malware uses malicious DLL files to gain persistence through the Windows Registry and downloads additional harmful files via Dropbox. After infection, it uses Telegram to exfiltrate stolen data, which is then sold on the dark web.

Once activated, the malware even attempts to open a fake PDF in Microsoft Edge, though the file fails to launch and shows an error message — by that point, it has already done the damage.

To avoid infection, users should avoid clicking unknown email links and should not open attachments from unfamiliar senders. Instead of saving passwords and card details in browsers, a trusted password manager is a safer choice.

Although antivirus software remains helpful, hackers in the campaign have used sophisticated methods to bypass detection, making careful online behaviour more important than ever.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google signs groundbreaking deal to cut data centre energy use

Google has become the first major tech firm to sign formal agreements with US electric utilities to ease grid pressure. The deals come as data centres drive unprecedented energy demand, straining power infrastructure in several regions.

The company will work with Indiana Michigan Power and Tennessee Valley Authority to reduce electricity usage during peak demand. These arrangements will help divert power to general utilities when needed.

Under the agreements, Google will temporarily scale down its data centre operations, particularly those linked to energy-intensive AI and machine learning workloads.

Google described the initiative as a way to speed up data centre integration with local grids while avoiding costly infrastructure expansion. The move reflects growing concern over AI’s rising energy footprint.

Demand-response programmes, once used mainly in heavy manufacturing and crypto mining, are now being adopted by tech firms to stabilise grids in return for lower energy costs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

The US launches $100 million cybersecurity grant for states

The US government has unveiled more than $100 million in funding to help local and tribal communities strengthen their cybersecurity defences.

The announcement came jointly from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA), both part of the Department of Homeland Security.

Instead of a single pool, the funding is split into two distinct grants. The State and Local Cybersecurity Grant Program (SLCGP) will provide $91.7 million to 56 states and territories, while the Tribal Cybersecurity Grant Program (TCGP) allocates $12.1 million specifically for tribal governments.

These funds aim to support cybersecurity planning, exercises and service improvements.

CISA’s acting director, Madhu Gottumukkala, said the grants ensure communities have the tools needed to defend digital infrastructure and reduce cyber risks. The effort follows a significant cyberattack on St. Paul, Minnesota, which prompted a state of emergency and deployment of the National Guard.

Officials say the funding reflects a national commitment to proactive digital resilience instead of reactive crisis management. Homeland Security leaders describe the grant as both a strategic investment in critical infrastructure and a responsible use of taxpayer funds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Weak cyber hygiene in smart devices risks national infrastructure

The UK’s designation of data centres as Critical National Infrastructure highlights their growing strategic importance, yet a pressing concern remains over vulnerabilities in their OT and IoT systems. While IT security often receives significant investment, the same cannot be said for other technologies.

Attackers increasingly target these overlooked systems, gaining access through insecure devices such as IP cameras and biometric scanners. Many of these operate on outdated firmware and lack even basic protections, making them ideal footholds for malicious actors.

There have already been known breaches, with OT systems used in botnet activity and crypto mining, often without detection. These attacks not only compromise security in the UK but can destabilise infrastructure by overloading resources or bypassing safeguards.

Addressing these threats requires full visibility across all connected systems, with real-time monitoring, wireless traffic analysis, and network segmentation. Experts urge data centre operators to act now, not in response to a breach, but to prevent one entirely.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!