European Commission launches AI cyber defence strategy

The European Commission has presented an Action Plan on Cybersecurity and Artificial Intelligence to strengthen Europe’s response to AI-related cyber risks.

The plan aims to help member states, businesses and public authorities use AI safely while addressing the cybersecurity risks created by advanced AI models.

The Commission said AI can help detect vulnerabilities, prevent cyberattacks and protect critical infrastructure. However, it warned that malicious actors can also use AI to automate attacks, identify weaknesses and carry out cyber operations at greater speed and scale.

The Action Plan focuses on three objectives: promoting the safe and responsible use of advanced AI, reinforcing EU cybersecurity and resilience, and scaling up Europe’s AI capabilities for cybersecurity.

The Commission said it will strengthen Europe’s capacity to evaluate AI models before they are placed on the EU market, in line with the AI Act.

It will also work with ENISA to develop a European Blueprint for secure access to advanced AI systems for cybersecurity purposes.

A secure testing platform will support organisations in critical sectors, including energy, transport, health, finance and public administration, in testing and deploying AI solutions safely.

The plan also encourages the use of AI, including open-source models where appropriate, to detect vulnerabilities faster and improve prevention and response to cyberattacks.

The Commission said it will launch an EU Grand Challenge on AI for cybersecurity to support the development of new AI-powered security solutions.

Why does it matter?

AI is becoming central to both cyber defence and cybercrime. The EU Action Plan recognises that advanced models can help defenders detect vulnerabilities and respond faster, but can also help attackers automate operations and scale incidents. By linking AI model evaluation, critical-sector testing, ENISA cooperation, existing cybersecurity laws and investment in sovereign AI capabilities, the Commission is trying to turn AI cybersecurity into a coordinated EU policy area rather than leaving it to fragmented national or private-sector responses.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

ENISA warns frontier AI is compressing cyberattack timelines

The European Union Agency for Cybersecurity has warned that frontier AI models are compressing cyberattack timelines and challenging traditional defence practices.

In a July 2026 paper, ENISA said advanced AI models are reducing the time between vulnerability discovery and exploitation, creating new pressure on vulnerability management, patching and incident response.

The agency said open-weight models may reach similar capabilities within 9 to 12 months, while existing models combined with skilled security experts can already produce comparable results.

ENISA warned that attackers may gain access to exploits before fixes are available, while legacy systems and end-of-life products could become more exposed to AI-assisted vulnerability discovery.

The agency also said more frequent patch releases may increase the risk of service disruption, while open-source maintainers could be overwhelmed by AI-generated vulnerability reports.

Security fundamentals still matter, but ENISA said defenders must apply them faster. It recommended shifting resources from vulnerability discovery towards risk-based prioritisation, rapid triage, remediation and risk reduction.

The paper also calls for defensive AI tools to be integrated into software development, incident response and threat modelling, with human-gated workflows and stronger workforce skills.

At the EU level, ENISA said existing frameworks, including NIS2, the Cyber Resilience Act, and the EU AI Act, should be used to assess and mitigate systemic risks linked to advanced AI models.

For defenders, the agency recommended near-real-time security operations, AI-assisted threat modelling, dynamic incident response pipelines and single-digit-minute detection and response targets.

Why does it matter?

ENISA’s paper frames frontier AI as a structural cybersecurity challenge, not just another tool for attackers or defenders. If vulnerability discovery, exploit development, and lateral movement happen at machine speed, organisations will need faster triage, stronger automation and clearer human oversight. The report also connects AI cybersecurity to the EU’s wider regulatory framework, showing that NIS2, the Cyber Resilience Act and the AI Act will all matter in managing systemic cyber risks from advanced models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol denies bypassing EU data protection rules

Europol has rejected allegations that it operated a ‘secret’ or ‘shadow’ database outside the EU data protection rules.

In a new fact-check, the agency said recent reports misrepresented two long-established operational environments used to support digital investigations and online information analysis.

Europol said its Computer Forensic Network is used to analyse complex digital evidence securely in support of criminal investigations.

It also said the Internet-Facing Operational Environment is used to collect and triage publicly available online information before relevant material is transferred to Europol’s operational systems in accordance with applicable legal requirements.

The agency said neither environment was created to bypass oversight or data protection obligations.

Europol also published a timeline showing that both systems have existed for many years and have evolved alongside changes to its legal framework, governance and supervisory arrangements.

The agency said it has worked with the European Data Protection Supervisor on governance improvements, technical modernisation and safeguards, including after regulatory changes introduced in 2022.

Europol said public debate on law enforcement and privacy should be based on accurate descriptions of operational systems and their oversight.

Why does it matter?

The dispute highlights the tension between law enforcement’s need to process large volumes of digital evidence and the privacy safeguards required under the EU law. Europol’s response is important because operational data systems used in cybercrime, terrorism and serious organised crime investigations can affect fundamental rights if oversight, retention and access rules are unclear. The case also shows why transparency about investigative infrastructure matters for public trust, especially as law enforcement agencies modernise their data-processing capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australia records highest data breach notifications since 2018

Australia recorded its highest annual number of data breach notifications in 2025 since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner.

The regulator received 1,205 notifications under the Notifiable Data Breaches scheme in 2025, an 8% increase from 1,112 in 2024.

Organisations covered by the Privacy Act must notify the OAIC of data breaches that are likely to result in serious harm to affected individuals.

Malicious or criminal activity remained the leading cause of reported breaches, accounting for 716 notifications. Cyber hacking continued to be the main cause of reported incidents.

Health service providers were the most affected sector, reporting 225 breaches, or 19% of the annual total. Financial services, Australian government agencies, business and professional associations, education providers and legal, accounting and management services were also among the most affected sectors.

The OAIC has released a new quick reference guide to help organisations assess potential breaches, decide whether notification is required and understand how to report incidents.

Privacy Commissioner of Australia, Carly Kind, said the threat posed by data breaches to Australian businesses and organisations is substantial and rising year on year.

The regulator’s latest privacy attitudes survey also found that data breaches remain the top privacy concern for Australians, with 82% expressing concern, up from 74% in 2023.

Why does it matter?

Rising breach notifications show that data protection is becoming a persistent operational and regulatory challenge for Australian organisations. The dominance of malicious activity and cyber hacking links privacy compliance directly to cybersecurity preparedness, especially in sensitive sectors such as health. OAIC’s new guide also signals a push towards faster, clearer breach assessment and notification, which matters for affected individuals as well as regulated entities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Sysdig reports first documented agentic ransomware case

Cloud security firm Sysdig says it has documented the first known case of agentic ransomware, after observing an AI-driven extortion operation it tracks as JADEPUFFER.

According to Sysdig, the operation began with exploiting CVE-2025-3248 on an internet-facing Langflow instance. Langflow is an open-source framework for building LLM-driven applications and agent workflows.

The attacker then pivoted towards a production database server running MySQL and Alibaba Nacos.

Sysdig said the operation was driven by a large language model rather than a traditional human-led toolkit. The agent carried out reconnaissance, credential harvesting, lateral discovery, persistence and destructive database activity.

The company said JADEPUFFER executed more than 600 distinct payloads and adapted to failures in real time. In one case, the agent moved from a failed login attempt to a corrected working approach in 31 seconds.

CyberScoop later reported Sysdig’s clarification that the attack was not fully human-free. A person still set up and directed the operation, provisioned command-and-control and staging infrastructure, chose the victim, and supplied credentials likely obtained through a prior compromise.

Sysdig also said API keys for OpenAI, Anthropic, DeepSeek and Gemini were among the material the agent collected from the compromised environment. That does not confirm which model powered the attack.

The case is notable less for novel techniques than for automation. Sysdig said the attack relied on known vulnerabilities and exposed infrastructure, but an AI agent chained the steps together quickly and carried out a ransomware-style database extortion workflow.

Why does it matter?

JADEPUFFER shows how agentic AI could change cybercrime by automating work that previously required skilled operators. Even if humans still choose targets and set up infrastructure, agents can speed up reconnaissance, credential theft, lateral movement and destructive activity once access is available. The defensive lesson is immediate: exposed AI tools, unpatched systems, leaked credentials, and internet-facing databases become more dangerous when attackers can automate exploitation and adaptation at machine speed.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol Roblox game wins EU award for online child safety

Europol’s Cyber Defenders initiative has won the 2026 European Ombudsman Award for Good Administration.

The free educational game, built on Roblox, is designed to help children recognise online risks and develop safer behaviour in digital environments.

Cyber Defenders received the overall award, selected from 48 nominations submitted by the EU institutions, bodies and agencies. It also won the Excellence in Technological Innovation and the Use of AI category award.

The game teaches children about risks such as fraud, identity theft and online grooming through interactive missions rather than traditional awareness campaigns.

Europol says the project was developed to reach children in online gaming environments they already use, while making them more comfortable asking for help when they encounter risks.

The agency has also published supporting resources for teachers, parents and schools, including a game guide, lesson assessment, poster and letter to parents.

The award follows earlier recognition of Europol digital initiatives, including Trace An Object, which uses public participation to help identify victims of child sexual abuse.

Why does it matter?

Cyber Defenders shows how law enforcement agencies are experimenting with interactive tools to improve children’s digital safety skills. Game-based learning can make online safety more relevant for younger users, especially in gaming environments where risks such as grooming, scams and identity theft may appear. The award also reflects broader recognition that digital literacy and prevention are part of child online safety, alongside regulation, enforcement and platform accountability.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Russian draft law includes 48-hour crypto cooling-off rule

Russian lawmakers are considering a 48-hour cooling-off period for certain cryptocurrency transfers as part of a draft law on digital currencies and digital rights.

The measure would apply to non-qualified investors and is intended to protect users from fraud, according to comments from Vladimir Chistyukhin, First Deputy Governor of the Bank of Russia.

Chistyukhin said the cooling-off period would not apply to cryptocurrency trading itself. He clarified that the mechanism is intended for transfers to other accounts and similar operations, rather than brokerage activity.

The proposal forms part of a broader legislative effort to establish a legal framework for the circulation of cryptocurrencies in Russia. The State Duma adopted the government-backed draft law in its first reading in April.

Russian officials have framed the cooling-off mechanism as a targeted investor-protection tool rather than a broader restriction on market activity.

The proposal reflects a regulatory approach focused on reducing fraud risks while allowing parts of the crypto market to operate under a more formal legal framework.

Why does it matter?

The proposal shows how crypto regulation is moving beyond general warnings and enforcement actions towards safeguards built into transaction flows. A cooling-off period can slow down transfers linked to fraud, giving users and intermediaries more time to detect suspicious activity. The narrow scope is also important: by excluding trading and brokerage activities, Russian regulators aim to reduce consumer harm without directly limiting market liquidity or day-to-day trading.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK ATOC says social media ban is not enough

The UK Alliance Tackling Online Child Sexual Exploitation and Abuse has welcomed the UK government’s plan to ban social media use by children under 16, while warning that the measure alone will not stop online child sexual abuse.

The alliance said age restrictions on mainstream social media platforms could reduce some risks. Still, children may move to less regulated digital spaces, including encrypted messaging services, gaming platforms and other online environments where grooming, sexual extortion and abuse can continue.

UK ATOC called for a broader, system-wide response focused on prevention, stronger platform accountability and safer-by-design digital services. It said governments, regulators, technology companies and online service providers share responsibility for reducing opportunities for abuse before harm occurs.

The alliance proposed a package of technical, legislative and regulatory measures. These include stronger safeguards in end-to-end encrypted environments, robust age-assurance systems, mandatory safer-by-design principles, stronger enforcement under the Online Safety Act and clearer regulation of AI chatbots and companion services.

It also called for device-level nudity detection, upload prevention for known child sexual abuse material and measures to address livestreamed abuse, grooming and sexual extortion.

UK ATOC welcomed the government’s plan to introduce nudity-detection tools on children’s devices, describing it as an important additional safeguard.

The statement reflects a wider concern that age bans may reduce children’s exposure to some mainstream platforms, but cannot replace a comprehensive child-safety framework across the broader digital ecosystem.

Why does it matter?

The UK debate shows the limits of age-based social media bans as a child-safety tool. Online child sexual exploitation and abuse can move across platforms, devices, encrypted services, gaming environments and AI-enabled systems. UK ATOC’s response therefore shifts the focus from access restrictions alone towards prevention, safer design, platform duties and technical safeguards that address how abuse actually happens across digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore launches Online Safety Commission for online harms

Singapore’s Online Safety Commission has begun operations, giving victims of online harms a dedicated channel to seek faster support and redress.

The commission was established to support the office of the Commissioner of Online Safety under the Online Safety (Relief and Accountability) Act 2025. Specified provisions on statutory torts under the Act also came into effect on 29 June 2026.

In its first phase, the commission will support victims affected by five categories of online harm: online harassment, including online sexual harassment, doxxing, online stalking, intimate image abuse and image-based child abuse.

Victims of online harassment and online stalking are generally expected to report harmful content to the relevant platform first. If the platform fails to respond promptly or provides an inadequate response within 24 hours, the platform may be reported to the commission. More serious harms, including doxxing and image-based abuse, can be reported directly.

Where there is reason to suspect that online harm has occurred, the Commissioner may issue directions to the person who posted the content, the administrator of the online space or the platform hosting it. These directions may require access to harmful content to be disabled or an account to be restricted. Non-compliance is a criminal offence.

Singapore is also introducing court-based remedies through statutory torts. Victims may bring civil claims against communicators, administrators, or platforms that fail to meet the duties set out in the law. For intimate image abuse and image-based child abuse, courts must award at least $5,000 for each image or recording if the claim succeeds.

The commission will also work with community partners that can provide counselling and practical support to victims and families.

Why does it matter?

Singapore’s Online Safety Commission provides victims of online harms with a dedicated institutional route for faster relief, rather than leaving them to rely solely on platform complaint systems or lengthy court processes. The model combines administrative directions, platform duties, community support and civil remedies. It is especially relevant for image-based abuse, doxxing and child safety, where rapid content restriction and victim support can be critical.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot