Cybersecurity

AI breaches push data leak costs to new heights despite global decline

IBM’s 2025 Cost of a Data Breach Report revealed a sharp gap between rapid AI adoption and the oversight needed to secure it.

Although the global average data breach cost fell slightly to $4.44 million, security incidents involving AI systems remain more severe and disruptive.

Around 13% of organisations reported breaches involving AI models or applications, while 8% were unsure whether they had been compromised.

Alarmingly, nearly all AI-related breaches occurred without access controls, leading to data leaks in 60% of cases and operational disruption in almost one-third. Shadow AI (unsanctioned or unmanaged systems) played a central role, with one in five breaches traced back to it.

Organisations without AI governance policies or detection systems faced significantly higher costs, especially when personally identifiable information or intellectual property was exposed.

Attackers increasingly used AI tools such as deepfakes and phishing, with 16% of studied breaches involving AI-assisted threats.

Healthcare remained the costliest sector, with an average breach price of $7.42 million and the most extended recovery timeline of 279 days.

Despite the risks, fewer organisations plan to invest in post-breach security. Only 49% intend to strengthen defences, down from 63% last year.

Even fewer will prioritise AI-driven security tools. With many organisations also passing costs on to consumers, recovery now often includes long-term financial and reputational fallout, not just restoring systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

VPN use surges in UK as age checks go live

The way UK internet users access adult content has undergone a significant change, with new age-verification rules now in force. Under Ofcom’s directive, anyone attempting to visit adult websites must now prove they are over 18, typically by providing credit card or personal ID details.

The move aims to prevent children from encountering harmful content online, but it has raised serious privacy and cybersecurity concerns.

Experts have warned that entering personal and financial information could expose users to cyber threats. Jake Moore from cybersecurity firm ESET pointed out that the lack of clear implementation standards leaves users vulnerable to data misuse and fraud.

There’s growing unease that ID verification systems might inadvertently offer a goldmine to scammers.
In response, many have started using VPNs to bypass the restrictions, with providers reporting a surge in UK downloads.

VPNs mask user locations, allowing access to blocked content, but free versions often lack the security features of paid services. As demand rises, cybersecurity specialists are urging users to be cautious.

Free VPNs can compromise user data through weak encryption or selling browsing histories to advertisers. Mozilla and EC-Council have stressed the importance of avoiding no-cost VPNs unless users know the risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia refutes chip backdoor allegations as China launches probe

Nvidia has firmly denied claims that its AI chips contain backdoors allowing remote control or tracking, following questioning by China’s top cybersecurity agency.

The investigation, which focuses on the H20 chip explicitly designed for the Chinese market, comes as Beijing intensifies scrutiny over foreign tech used in sensitive systems.

The H20 was initially blocked from export in April under US restrictions, but is now expected to return to Chinese shelves.

China’s Cyberspace Administration (CAC) summoned Nvidia officials to explain whether the chip enables unauthorised access or surveillance. The agency cited demands from US lawmakers for mandatory tracking features in advanced AI hardware as grounds for its concern.

In a statement, Nvidia insisted it does not include remote access capabilities in its products, reaffirming its commitment to cybersecurity.

Meanwhile, China’s state-backed People’s Daily questioned the company’s trustworthiness, stating that ‘network security is as vital as national territory’ and warning against reliance on what it described as ‘sick chips’.

The situation highlights Nvidia’s delicate position as it attempts to maintain dominance in China’s AI chip market while complying with mounting US export rules.

Tensions have escalated since similar actions were taken against other US firms, including a 2022 ban on Micron’s chips and recent antitrust scrutiny over Nvidia’s Mellanox acquisition.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns public to avoid scanning QR codes on unsolicited packages

The FBI has issued a public warning about a rising scam involving QR codes placed on packages delivered to people who never ordered them.

According to the agency, these codes can lead recipients to malicious websites or prompt them to install harmful software, potentially exposing sensitive personal and financial data.

The scheme is a variation of the so-called brushing scam, in which online sellers send unordered items and use recipients’ names to post fake product reviews. In the new version, QR codes are added to the packaging, increasing the risk of fraud by directing users to deceptive websites.

While not as widespread as other fraud attempts, the FBI urges caution. The agency recommends avoiding QR codes from unknown sources, especially those attached to unrequested deliveries.

It also advised consumers to pay close attention to the web address that appears before tapping on any QR code link.

Authorities have noted broader misuse of QR codes, including cases where criminals place fake codes over legitimate ones in public spaces.

In one recent incident, scammers used QR stickers on parking meters in New York to redirect people to third-party payment pages requesting card details.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Prisons trial AI to forecast conflict and self‑harm risk

UK Justice Secretary Shabana Mahmood has rolled out an AI-driven violence prediction tool across prisons and probation services. One system evaluates inmates’ profiles, factoring in age, past behaviour, and gang ties, to flag those likely to become violent. Matching prisoners to tighter supervision or relocation aims to reduce attacks on staff and fellow inmates.

Another feature actively scans content from seized mobile phones. AI algorithms sift through over 33,000 devices and 8.6 million messages, detecting coded language tied to contraband, violence, or escape plans. When suspicious content is flagged, staff receive alerts for preventive action.

Rising prison violence and self-harm underscore the urgency of such interventions. Assaults on staff recently reached over 10,500 a year, the highest on record, while self-harm incidents reached nearly 78,000. Overcrowding and drug infiltration have intensified operational challenges.

Analysts compare the approach to ‘pre‑crime’ models, drawing parallels with sci-fi narratives, raising concerns around civil liberties. Without robust governance, predictive tools may replicate biases or punish potential rather than actual behaviour. Transparency, independent audit, and appeals processes are essential to uphold inmate rights.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US court mandates Android app competition, loosens billing rules

Long-standing dominance over Android app distribution has been declared illegal by the Ninth Circuit Court of Appeals, reinforcing a prior jury verdict in favour of Epic Games. Google now faces an injunction that compels it to allow rival app stores and alternative billing systems inside the Google Play Store ecosystem for a three-year period ending November 2027.

A technical committee jointly selected by Epic and Google will oversee sensitive implementation tasks, including granting competitors approved access to Google’s expansive app catalogue while ensuring minimal security risk. The order also requires that developers not be tied to Google’s billing system for in-app purchases.

Market analysts warn that reduced dependency on Play Store exclusivity and the option to use alternative payment processors could cut Google’s app revenue by as much as $1 to $1.5 billion annually. Despite brand recognition, developers and consumers may shift toward lower-cost alternatives competing on platform flexibility.

While the ruling aims to restore competition, Google maintains it is appealing and has requested additional delays to avoid rapid structural changes. Proponents, including Microsoft, regulators, and Epic Games, hail the decision as a landmark step toward fairer mobile market access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Telegram-powered TON on track for mass adoption

TON, the blockchain natively embedded in Telegram’s app, is emerging as the most practical path to mainstream crypto adoption. With over 900 million users on Telegram and more than 150 million TON accounts created, the platform is delivering Web3 features through a familiar, app-like experience.

Unlike Ethereum or Solana, which require external wallets and technical knowledge, TON integrates features like tipping, staking, and gaming directly into Telegram. Mini apps like Notcoin and Catizen let users access blockchain without dealing with wallets or gas fees.

TON currently processes around 2 million daily transactions and may reach over 10 million daily users by 2027. Growing user fatigue with complex blockchain makes TON’s simple, mobile-first design ready to lead the next adoption wave.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cybersecurity sector sees busy July for mergers

July witnessed a significant surge in cybersecurity mergers and acquisitions (M&A), spearheaded by Palo Alto Networks’ announcement of its definitive agreement to acquire identity security firm CyberArk for an estimated $25 billion.

The transaction, set to be the second-largest cybersecurity acquisition on record, signals Palo Alto’s strategic entry into identity security.

Beyond this significant deal, Palo Alto Networks also completed its purchase of AI security specialist Protect AI. The month saw widespread activity across the sector, including LevelBlue’s acquisition of Trustwave to create the industry’s largest pureplay managed security services provider.

Zurich Insurance Group, Signicat, Limerston Capital, Darktrace, Orange Cyberdefense, SecurityBridge, Commvault, and Axonius all announced or finalised strategic cybersecurity acquisitions.

The deals highlight a strong market focus on AI security, identity management, and expanding service capabilities across various regions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI pulls searchable chats from ChatGPT

OpenAI has removed a feature that allowed users to make their ChatGPT conversations publicly searchable, following backlash over accidental exposure of sensitive content.

Dane Stuckey, OpenAI’s CISO, confirmed the rollback on Thursday, describing it as a short-lived experiment meant to help users find helpful conversations. However, he acknowledged that the feature posed privacy risks.

‘Ultimately, we think this feature introduced too many opportunities for folks to accidentally share things they didn’t intend to,’ Stuckey wrote in a post on X. He added that OpenAI is working to remove any indexed content from search engines.

The move came swiftly after Fast Company and privacy advocate Luiza Jarovsky reported that some shared conversations were appearing in Google search results.

Jarovsky posted examples on X, noting that even though the chats were anonymised, users were unknowingly revealing personal experiences, including harassment and mental health struggles.

To activate the feature, users had to tick a box allowing their chat to be discoverable. While the process required active steps, critics warned that some users might opt in without fully understanding the consequences. Stuckey said the rollback will be complete by Friday morning.

The incident adds to growing concerns around AI and user privacy, particularly as conversational platforms like ChatGPT become more embedded in everyday life.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

As Meta AI grows smarter on its own, critics warn of regulatory gaps

While OpenAI’s ChatGPT and Google’s Gemini dominate headlines, Meta’s AI is making quieter, but arguably more unsettling, progress. According to CEO Mark Zuckerberg, Meta’s AI is advancing rapidly and, crucially, learning to improve without external input.

In a blog post titled ‘Personal Superintelligence’, Zuckerberg claimed that Meta AI is becoming increasingly powerful through self-directed development. While he described current gains as modest, he emphasised that the trend is both real and significant.

Zuckerberg framed this as part of a broader mission to build AI that acts as a ‘personal superintelligence’, a tool that empowers individuals and becomes widely accessible. However, critics argue this narrative masks a deeper concern: AI systems that can evolve autonomously, outside human guidance or scrutiny.

The concept of self-improving AI is not new. Researchers have previously built systems capable of learning from other models or user interactions. What’s different now is the speed, scale and opacity of these developments, particularly within big tech companies operating with minimal public oversight.

The progress comes amid weak regulation. While governments like the Biden administration have issued AI action plans, experts say they lack the strength to keep up. Meanwhile, AI is rapidly spreading across everyday services, from healthcare and education to biometric verification.

Recent examples include Google’s behavioural age-estimation tools for teens, illustrating how AI is already making high-stakes decisions. As AI systems become more capable, questions arise: How much data will they access? Who controls them? And can the public meaningfully influence their design?

Zuckerberg struck an optimistic tone, framing Meta’s AI as democratic and empowering. However, that may obscure the risks of AI outpacing oversight, as some tech leaders warn of existential threats while others focus on commercial gains.

The lack of transparency worsens the problem. If Meta’s AI is already showing signs of self-improvement, are similar developments happening in other frontier models, such as GPT or Gemini? Without independent oversight, the public has no clear way to know—and even less ability to intervene.

Until enforceable global regulations are in place, society is left to trust that private firms will self-regulate, even as they compete in a high-stakes race for dominance. That’s a risky gamble when the technology itself is changing faster than we can respond.

As Meta AI evolves with little fanfare, the silence may be more ominous than reassuring. AI’s future may arrive before we are prepared to manage its consequences, and by then, it might be too late to shape it on our terms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!