Cybersecurity

Tech firms and law enforcement disrupt Southeast Asia scam networks

A major international operation involving Meta, Microsoft, Coinbase, Starlink, and law enforcement agencies from several countries has disrupted large-scale criminal scam networks operating across Southeast Asia.

The coordinated effort combined digital intelligence, financial investigations, platform enforcement, and real-world law enforcement action to target organised groups responsible for online fraud, investment scams, and other cyber-enabled crimes.

According to Meta, the operation removed more than 1.4 million fraudulent accounts, pages, and groups across Facebook and Instagram. Microsoft suspended around 20,000 malicious accounts linked to scam activity, while Coinbase froze more than $3 million in cryptocurrency assets associated with criminal operations.

Starlink also shut down thousands of internet terminals allegedly used by fraud operations, while law enforcement authorities arrested 63 individuals linked to scam centres.

The initiative brought together the US Department of Justice, the FBI, the US Secret Service, the Royal Thai Police, and law enforcement agencies from the UK, Australia, Canada and New Zealand.

Meta said intelligence sharing between technology companies and law enforcement helped identify additional scam locations and uncover previously unknown criminal networks operating across multiple jurisdictions.

Why does it matter?

The operation shows how online scam networks now rely on a full digital stack: social media accounts, messaging, cryptocurrency payments, connectivity infrastructure, and cross-border money movement. Disrupting these networks increasingly requires coordination between platforms, financial services, internet providers, and law enforcement. The case also highlights the link between digital fraud and physical scam compounds in Southeast Asia, where cybercrime operations often operate across multiple jurisdictions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New Washington initiative targets legal frameworks for collective cyber defence

A new policy coalition has been launched in Washington to develop frameworks governing collaboration between government agencies and private companies on cyber operations, amid growing concerns that unresolved legal questions are limiting deeper cooperation.

Venable’s Center for Cybersecurity Policy and Law established the Cyber Operations Policy Coalition this week. The coalition aims to bring together industry representatives, government officials, legal experts, academics and civil society organisations to develop policy frameworks for collective cyber defence.

Corporate members include Microsoft, Lumen, Halcyon, Autonomous Cyber, and Voreas Labs. Non-corporate members span think tanks and academic institutions, including the Foundation for Defense of Democracies, the Cyber Threat Alliance, the Institute for Security and Technology, McCrary Institute for Cyber and Critical Infrastructure Security, and American University’s Tech, Law, and Security Program. The International Committee of the Red Cross and the Stimson Center participate as observers.

The coalition is coordinated by Stacy O’Mara and advised by a panel that includes former NSA Cybersecurity Director Rob Joyce, former CISA official Bryan Ware, and former Representative Jim Langevin.

During the launch event, current and former officials identified legal authorities, liability arrangements and operational rules as key areas requiring clarification before public-private cyber collaboration can expand at scale. Katie Sutton, assistant secretary of defence for cyber policy, noted that legal expertise would be central to closer integration, pointing to existing authority frameworks on both the government and industry sides.

Tonya Ugoretz, head of PwC’s Cyber & Risk Innovation Institute, highlighted the need for clearer liability frameworks to enable cyber operations without requiring case-by-case authorisation.

The initiative reflects the structure of the cyber domain, where much of the internet and critical infrastructure is privately owned, making companies both potential targets of cyberattacks and key partners in cyber defence efforts.

Several parallel developments add context to the coalition’s launch. The Joint Cyber Defense Collaborative, the CISA-led body for public-private cyber coordination, is mapping both defensive and potential offensive options for use in geopolitical crisis scenarios involving major infrastructure providers, according to JCDC deputy assistant director Matt Springer.

The US military has also more openly discussed offensive cyber operations in recent months, while Congress is considering a proposal for a dedicated cyber service branch.

The emergence of increasingly capable AI systems with cybersecurity applications has further expanded the range of technical, operational and legal questions facing policymakers.

Why does it matter?

Cybersecurity increasingly depends on cooperation between governments and private companies because much of the infrastructure targeted by cyberattacks is privately owned and operated. However, legal questions surrounding authority, liability and operational responsibilities remain unresolved in many jurisdictions.

The coalition reflects growing recognition that existing frameworks may not be fully suited to large-scale cyber defence efforts, particularly as geopolitical tensions, critical infrastructure threats and AI-enabled cyber capabilities increase. Its work could help shape future approaches to collective cyber defence and public-private cybersecurity cooperation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australia issues guidance for government use of agentic AI

Australia’s Digital Transformation Agency (DTA) has issued an agentic AI addendum to its AI Technical Standard, providing guidance for government agencies exploring, developing or deploying agentic AI systems. The document provides best-practice guidance for agencies exploring, developing, or using agentic AI and states that existing requirements in the AI technical standard remain applicable.

The addendum says agentic AI systems may autonomously plan tasks, coordinate work, and trigger actions in real-world contexts. The addendum notes that agentic AI could improve the responsiveness, efficiency and consistency of public services, particularly in high-volume administrative environments, while also introducing new risks related to oversight, control and system behaviour.

The guidance defines agentic AI as systems capable of perceiving and interpreting their environment, maintaining an internal state, reasoning about objectives and autonomously executing actions within defined permissions and constraints. Agencies are advised to implement human oversight, operational safeguards, continuous evaluation processes and mechanisms that allow systems to be rolled back when necessary.

The addendum sets out guidance across the AI lifecycle, including governance and safeguards, memory management, workflow design, secure data exchange, technology selection, evaluation, tool integration, monitoring, and decommissioning. It also calls for clear human accountability, human-in-the-loop or human-on-the-loop oversight, auditable decision records, and orchestration layers.

The guidance recommends ongoing monitoring of agent behaviour, tool usage, memory functions, operational costs, latency, authorisations and changes in the operating environment. The addendum also recommends centralised oversight mechanisms, referred to as ‘control towers’, and calls for the secure decommissioning of agentic AI resources, including agents, associated data, memory stores, tools and system logs.

Why does it matter?

Agentic AI represents a shift from AI systems that generate outputs in response to prompts to systems capable of planning, coordinating tasks and taking actions with limited human intervention. While these capabilities could improve efficiency and service delivery, they also create new governance, accountability and security challenges.

Australia’s guidance reflects growing international efforts to establish safeguards for increasingly autonomous AI systems. The emphasis on human oversight, auditability and lifecycle governance highlights concerns that public-sector AI deployments must remain transparent, controllable and accountable as the technology evolves.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Zealand’s NCSC warns frontier AI could amplify cybersecurity risks

New Zealand’s National Cyber Security Centre (NCSC) has issued guidance to help government agencies prepare for the cybersecurity implications of frontier AI systems. The advisory notes that frontier AI models may enable more advanced automation, reasoning and decision-making capabilities than previous generations of AI systems.

The guidance describes frontier AI as a dual-use technology, noting that the same capabilities that enhance cyber defence could also enable malicious actors to conduct cyber operations more quickly, at lower cost and on a larger scale. The NCSC warns that frontier AI could amplify risks associated with known vulnerabilities, legacy systems and poor cyber hygiene, creating what it describes as a ‘vulnerability storm’ for organisations.

According to the NCSC, organisations do not need access to the most advanced frontier AI models to strengthen their cyber resilience. Instead, it says effective readiness depends on existing cybersecurity mitigations and practices, including the New Zealand Information Security Manual, the NCSC Cyber Security Framework, Minimum Cyber Security Standards, and Protective Security Requirements.

The advisory urges government entities to treat several actions as immediate priorities, including reviewing compliance with existing standards, confirming executive accountability for frontier AI cyber risk, reviewing NCSC guidance, and identifying material gaps that AI-enabled threat actors could exploit.

The guidance also restates the NCSC Cyber Security Framework’s five functions: guide and govern, identify and understand, prevent and protect, detect and contain, and respond and recover. The advisory highlights a range of baseline cybersecurity measures, including risk management, security awareness, secure configuration, patch management, multi-factor authentication, least-privilege access controls, anomaly detection, data recovery and incident response planning.

Why does it matter?

Frontier AI is expected to increase the speed, scale and sophistication of cyber operations, potentially allowing attackers to identify vulnerabilities, automate exploitation and conduct campaigns more efficiently than before.

Rather than relying solely on new AI-specific defences, New Zealand’s guidance emphasises that strong cybersecurity fundamentals, including patching, access controls, monitoring and incident response, remain the most effective way to reduce risk. The advisory reflects a growing international view that AI is amplifying existing cyber challenges rather than replacing them with entirely new ones.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI and systemic risk analytics focus of Helsinki conference

The Bank of Finland and the European Systemic Risk Board are holding their 11th joint conference on AI and systemic risk analytics in Helsinki on 3 and 4 June.

The event focuses on how AI methods and new data sources can support financial stability analysis, while also creating new challenges for economies and financial markets.

The conference aims to present research on financial stability and systemic risk analysis using AI methods, novel techniques, and new data sources. Topics include the use of large language models and trustworthy AI, changing interdependencies in financial markets, cybersecurity and operational risks, and AI combined with quantum computing as a possible source of new systemic risks.

The programme also covers more traditional systemic risk analytics and macroprudential policy tools, including early-warning indicators, network and contagion analysis, macro stress-testing, big data analytics, market-based finance, and geopolitical risk modelling.

Speakers include Bank of Finland Governor and ESRB First Vice-Chair Olli Rehn, who will address systemic risk, resilience, and competitiveness in a changing technological landscape. Other sessions will examine systemic cyber risk in financial networks, AI and risk-taking in banking, generative AI in economics and finance research, and AI-related financial system interdependencies.

The hybrid conference will include keynotes, panel discussions, presentations, and poster sessions, with online participation available.

Why does it matter?

The conference shows that AI is becoming a financial stability issue, not only a tool for efficiency or market analysis. Central banks and systemic risk authorities are examining how AI can improve risk detection, stress testing, and data analysis, while also creating new vulnerabilities through cyber risk, operational dependencies, market interconnections, and potential herding behaviour.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU proposes Chips Act 2.0 to strengthen semiconductor ecosystem

The European Commission has proposed Chips Act 2.0, a new framework intended to strengthen Europe’s semiconductor ecosystem and build on the original European Chips Act.

The proposal aims to boost the EU’s competitiveness, technological sovereignty, and resilience while improving crisis preparedness in semiconductor supply chains. It forms part of the Commission’s wider European Technological Sovereignty Package, alongside the Cloud and AI Development Act, an Open Source Strategy, and a roadmap for digitalisation and AI in the energy sector.

The Commission says the EU remains structurally dependent on third countries for semiconductor design and manufacturing, including advanced and leading-edge chips needed for AI. It also points to gaps in crisis preparedness, noting that existing mechanisms rely heavily on voluntary information sharing outside crises and do not provide sufficient, timely supply-chain intelligence.

Chips Act 2.0 would support both mainstream and advanced semiconductors, including AI chips. Measures are expected to include stronger research and innovation support, faster permitting, supply-chain information tools, Semiconductor Regions of Excellence, skills investment, strategic projects, and innovation procurement.

The proposal also places greater emphasis on demand-side measures, including support for public procurement and industrial uptake of European semiconductor technologies. The Commission argues that stronger local demand can reinforce local supply, shorten supply chains, and better align European production capacity with the needs of strategic sectors.

The initiative complements the EU’s broader technological sovereignty agenda. The Commission says Chips Act 2.0 should help reduce strategic dependencies, improve security of supply, support industrial scale-up, and strengthen Europe’s role in semiconductor technologies needed for AI, cloud, defence, automotive, energy, and other critical sectors.

Why does it matter?

The Chips Act 2.0 shows how the EU is shifting from an emergency response to the global chip shortage to a broader semiconductor industrial strategy. The proposal links chip policy directly to AI competitiveness, cloud infrastructure, defence, energy, automotive supply chains, and technological sovereignty. Its emphasis on demand-side measures also matters: Europe is not only trying to attract semiconductor production, but also to create stronger domestic markets for European chip technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU court annuls Meta Marketplace designation

The General Court of the European Union has annulled the European Commission’s decision designating Meta as a gatekeeper for Marketplace under the Digital Markets Act, while upholding the company’s designation for Messenger.

The case concerned the Commission’s 5 September 2023 decision designating Meta as a gatekeeper for several core platform services, including Facebook, Messenger, and Marketplace. Meta challenged the decision in part, contesting the classification of Messenger and Marketplace as important gateways under the DMA.

The General Court upheld the Commission’s assessment of Messenger, finding that the service is a number-independent interpersonal communications service distinct from Facebook. The court said Messenger is available through standalone applications, can be used independently of Facebook, and includes tools that allow businesses to engage with users.

The court also found that the Commission did not have to count only Messenger users who were not also Facebook users when assessing whether the quantitative threshold under the DMA was met. It also said the Commission was not required to open a market investigation in the absence of sufficiently substantiated arguments from Meta calling the DMA presumptions into question.

For Marketplace, the court found that the Commission erred in law by relying only on data from the three years preceding designation without taking account of changes made at the end of July 2023. Those changes limited the number of listings that could be published per user and led to the disappearance of the criterion used by the Commission to identify business users.

The court also found that the Commission had not provided sufficient reasoning for classifying Marketplace as an online intermediation service. It said the Commission failed to provide a concrete analysis of the July 2023 changes or to explain their effect on whether Marketplace-enabled business users could offer goods and services to consumers.

As a result, the decision was annulled only to the extent that it designated Meta as a gatekeeper for Marketplace. Meta’s Messenger designation remains in place.

Why does it matter?

The judgement is an important test of how the EU courts will review Digital Markets Act gatekeeper designations. It confirms that the Commission can rely on DMA presumptions where companies do not provide sufficiently substantiated counterarguments, as seen with Messenger. But it also shows that the Commission must properly assess relevant changes and provide sufficient reasoning when classifying a service as a core platform service, as the Marketplace annulment demonstrates.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Union unveils tech sovereignty plan to boost digital independence

The European Commission has presented a European Technological Sovereignty Package aimed at strengthening Europe’s capacity in semiconductors, AI, cloud infrastructure, and open source technologies.

The package includes two legislative proposals, the Chips Act 2.0 and the Cloud and AI Development Act, alongside an Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy.

The Commission said the measures are designed to support Europe’s ambition to become an AI continent, strengthen digital autonomy, build a more sustainable digital future, and widen choice in core technologies for businesses, citizens, and public administrations.

Rising global demand for computing capacity, driven by the spread of AI, has intensified concerns over Europe’s dependence on non-EU suppliers for core digital technologies. The Commission said the package is intended to reduce structural dependencies and ensure Europe can develop, deploy, and secure the technologies it relies on.

The proposed Chips Act 2.0 aims to strengthen Europe’s semiconductor capabilities, while the Cloud and AI Development Act focuses on expanding cloud and AI infrastructure. The Open Source Strategy is intended to support Europe’s software ecosystem, and the energy roadmap links digitalisation and AI to a more sustainable energy system.

Commission President Ursula von der Leyen said Europe cannot afford to depend on others for technologies that keep hospitals running, energy grids stable, and services secure. She said the package is about protecting citizens, defending European interests, and making independent technological choices.

Why does it matter?

The package brings several major EU technology priorities under one sovereignty agenda. By linking chips, cloud, AI infrastructure, open source, and energy digitalisation, the Commission is trying to reduce structural dependencies while strengthening Europe’s capacity to build, deploy, and secure critical technologies. The key test will be whether legislative proposals and strategies translate into investment, infrastructure, and industrial scale.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Anthropic offers ENISA access to advanced AI security model

Anthropic has invited the European Commission to facilitate access for ENISA, the EU agency for cybersecurity, to its cybersecurity-focused AI model Mythos, according to Bloomberg. The invitation followed a meeting between Anthropic and the Commission in San Francisco on 29 May. The EU must now establish a mechanism with appropriate security safeguards before access can be implemented; an ENISA official confirmed the agency does not currently have active access.

Anthropic unveiled Mythos in April, describing it as a model capable of identifying and exploiting cybersecurity vulnerabilities at a level that surpasses most human experts. Bloomberg reported on 2 June that ENISA was set to receive access to the model.

European Commission spokesperson Thomas Regnier welcomed the development, saying that access could help authorities build a clearer understanding of potential risks as increasingly capable AI models enter the market. The invitation follows calls from European policymakers and cybersecurity officials for greater access to advanced AI systems and for the development of comparable European capabilities.

Why does it matter?

The emergence of AI models capable of identifying software vulnerabilities at scale is reshaping cybersecurity risk assessments for governments, regulators and critical infrastructure operators. Access to such systems can help authorities better understand their capabilities, evaluate potential threats and develop appropriate safeguards.

For the EU, granting ENISA access to Mythos could support evidence-based policymaking and strengthen preparedness as increasingly powerful cybersecurity-focused AI models become available. The move also highlights a broader challenge: ensuring that public institutions can keep pace with rapidly advancing AI capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Supply chain attack compromises Red Hat software packages on npm

Security researchers at Aikido and JFrog identified malicious code in more than 30 software packages published through a verified Red Hat Cloud Services account on npm, the widely used software package repository for developers. The packages are used across cloud application development and are installed by developers and automated systems worldwide.

According to the researchers, the attackers did not initially target individual developers. Instead, evidence suggests they gained access to the automated pipeline used to publish Red Hat Cloud Services packages to npm. Evidence indicates they gained access to the automated pipeline that publishes Red Hat Cloud Services software to npm, allowing them to distribute modified packages through an officially trusted channel. Developers and organisations following standard security practice, only installing software from verified, trusted sources, would have had no reason to suspect these packages.

Systems that installed the affected packages from 1 June onward may have executed hidden malicious code capable of harvesting credentials and transmitting them to the attackers. That code collected a wide range of credentials from the affected machine: access keys for Amazon, Google, and Microsoft cloud services; tokens used in automated software pipelines; passwords stored in cloud-based vaults; and credentials for a range of developer tools. The collected data was then transmitted to the attackers.

Researchers said the malware attempted to disguise its outbound communications by mimicking requests to an Anthropic-related service address, potentially making malicious traffic less conspicuous in network logs. The specific path used does not correspond to any real Anthropic end point, but its appearance in network logs would be inconspicuous at organisations using Anthropic products. Network defenders should treat any automated process contacting that address as a potential indicator of compromise.

The malware also installs persistent background processes that survive system restarts, and embeds hooks into several widely used AI coding assistants and developer tools. Researchers also warned that the malware may delete files if compromised credentials are revoked before the malicious software is fully removed from the affected system. Organisations investigating this incident should remove all traces of the malware before revoking any compromised credentials.

Aikido and JFrog have published a list of affected package versions and recommend treating any system that installed them on or after 1 June 2026 as potentially compromised until investigated.

Why does it matter?

Software supply chain attacks are particularly difficult to defend against because they exploit trusted distribution channels rather than relying on phishing, malware downloads or other forms of user error. In this case, developers and organisations installing software from a verified source could have unknowingly introduced malicious code into their environments.

The incident also highlights growing concerns around the security of software publishing infrastructure. As organisations increasingly depend on open-source components and automated development pipelines, compromises affecting trusted repositories can have far-reaching consequences across cloud environments, development systems and critical digital services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.