Cybersecurity

UK evaluates frontier AI for operational cybersecurity applications

The UK Government Cyber Coordination Centre (GC3), in partnership with the National Cyber Security Centre (NCSC) and the AI Security Institute, has completed a pilot programme exploring how frontier AI models could strengthen cyber defence across government systems.

The initiative forms part of the UK’s Government Cyber Action Plan, which seeks to improve public-sector cyber resilience through the use of emerging technologies.

Teams participated in a series of hackathons that used advanced AI systems to analyse public government code repositories for potential security weaknesses.

Different approaches were tested, including multi-agent workflows, AI-assisted vulnerability investigation and specialised AI skills designed to automate parts of the security auditing process. Rather than relying on a single methodology, participants tested different architectures and workflows to determine which approaches produced the most effective results.

The exercise identified 407 security findings, including vulnerabilities that could have enabled authentication bypass, data exposure and remote code execution. AI models demonstrated an ability to identify relationships between technical weaknesses across multiple services and uncover attack paths that conventional scanners often struggle to detect.

Government departments validated the findings through existing security processes and remediated all critical vulnerabilities.

UK officials concluded that successful deployment depends less on the choice of AI model and more on how AI is integrated into structured security workflows. Human experts remained responsible for validating findings, prioritising risks and managing remediation efforts.

Following the results, GC3 plans to launch a second phase involving additional government departments, more AI systems and assessments of closed-source environments.

Why does it matter?

The pilot provides a practical example of how frontier AI systems can be used in operational cybersecurity rather than solely for research or experimentation. As governments and organisations face increasingly complex cyber threats, AI tools could help security teams identify vulnerabilities more quickly and uncover attack paths that traditional automated tools may miss.

The findings also reinforce the importance of human oversight in AI-enabled security operations. While AI can assist with vulnerability discovery and analysis at scale, expert validation and risk management remain essential. The project highlights a growing trend towards combining AI capabilities with human expertise to improve cyber resilience across critical systems and public-sector infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Developments in Africa cyber diplomacy: Continental, regional, and national initiatives

Objectives

  1. Providing an overview of cyber diplomacy in Africa: Understanding the current key players, stakeholders, and frameworks shaping cyber diplomacy on the continent.
  2. Highlighting successful continental and regional initiatives: Examining collaborative efforts such as the African Union’s (AU) initiatives and the African Digital Compact (ADC) that aim to enhance digital sovereignty and cybersecurity across member states.
  3. Discussing national strategies and policies: Analysing how individual African countries are addressing cyberthreats and promoting digital cooperation through their national cyber diplomacy efforts.
  4. Fostering dialogue and collaboration: Encouraging networking and partnerships among participants; sharing best practices and lessons learned in cyber diplomacy.

Target audience

  • Policymakers and government officials from African nations
  • Cybersecurity experts and practitioners
  • Academics and researchers in international relations and technology
  • Representatives from civil society organisations
  • Private sector stakeholders involved in technology and cybersecurity

Expected outcomes

  • Increased awareness and understanding of cyber diplomacy in Africa
  • Enhanced collaboration between stakeholders across the continent
  • Identification of best practices and strategies for effective cyber diplomacy
  • Recommendations for policymakers to strengthen national and regional cyber initiatives

This online event will serve as a vital platform for discussing the evolving landscape of cyber diplomacy in Africa. By addressing both the challenges and opportunities, we aim to foster a collaborative environment that promotes secure and inclusive digital transformation across the continent.

South Korea and EU sign landmark Digital Trade Agreement

South Korea and the European Union have signed a Digital Trade Agreement (DTA) aimed at strengthening cooperation in digital trade, advanced technologies and cybersecurity.

Signed during President Lee Jae Myung’s visit to Brussels, the agreement establishes a new framework for digital commerce between two major technology-driven economies.

The agreement removes several barriers that can increase the cost and complexity of cross-border digital business. Most notably, it limits data localisation requirements and restrictions on computing facilities, enabling companies to process data across borders without the need to establish additional local infrastructure.

The DTA also strengthens protection for source code and trade secrets while promoting the use of electronic signatures, electronic payments and digital customs procedures.

Cybersecurity cooperation forms a key part of the agreement. South Korea and the EU committed to improving cooperation between national authorities, strengthening cyber resilience and developing coordinated responses to cybersecurity incidents.

The goal is to create a more secure environment for digital trade and for businesses and consumers operating across both markets.

Alongside the agreement, the two sides launched a new South Korea–EU Competitiveness Partnership covering trade, investment, AI, digital technologies, supply chains and critical minerals.

The partnership is expected to deepen economic and technical coordination as both sides seek to strengthen competitiveness in an increasingly complex global environment.

Why does it matter?

The agreement reflects the growing importance of digital trade as a pillar of international economic relations. As data flows, cloud services, digital payments and online platforms become increasingly central to global commerce, governments are seeking new rules that facilitate cross-border business while protecting security, intellectual property and consumer trust.

Beyond trade, the agreement highlights the convergence of digital policy, cybersecurity and technological competitiveness. By combining commitments on data flows, digital commerce and cyber resilience, the EU and South Korea are positioning themselves to play a larger role in shaping global digital governance and future digital trade standards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU and Brazil strengthen cooperation on protecting children online

The European Commission and Brazil’s National Data Protection Authority (ANPD) have signed a new administrative arrangement aimed at strengthening cooperation on the protection of children online.

Announced under the newly established EU-Brazil Digital Partnership, the agreement focuses on sharing expertise, regulatory practices and technical knowledge related to online safety.

According to the European Commission, cooperation will cover several areas related to digital platform regulation, including transparency obligations, risk assessment and mitigation measures, algorithmic systems and AI.

The arrangement also establishes mechanisms for information sharing, expert dialogue, joint studies and collaborative research.

The agreement forms part of the European Commission’s broader international cooperation strategy under the Digital Services Act (DSA).

Similar arrangements have already been established with the UK’s Ofcom, Australia’s eSafety Commissioner and Japan’s Ministry of Internal Affairs and Communications. The Commission stated that it intends to continue expanding collaboration with international regulators on digital safety issues.

The initiative reflects growing international efforts to address online risks facing children while strengthening cooperation between regulators responsible for platform governance, data protection and digital services oversight.

Why does it matter?

Protecting children online has become a major policy priority as governments grapple with the impact of social media platforms, recommender systems, AI technologies and other digital services on young users. Increasingly, regulators are recognising that many of these challenges are cross-border in nature and require international cooperation.

The agreement strengthens ties between the EU and Brazil on issues ranging from platform transparency and risk mitigation to AI and algorithmic governance. It also reflects a broader trend towards greater coordination among regulators seeking to improve online safety, enhance platform accountability and develop common approaches to digital governance.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Anthropic forced to disable Fable 5 after US directive

Anthropic has disabled access to Claude Fable 5 and Claude Mythos 5 after receiving a US government export control directive citing national security authorities.

The company said the directive requires it to suspend access to the models by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. Anthropic said the practical effect is that it must remove access to Fable 5 and Mythos 5 for all customers to ensure compliance. Access to its other models is not affected.

According to Anthropic, it received the directive on 12 June at 5:21 p.m. ET. The company said the order did not provide specific details of the national security concern, but that it understands the government believes it has become aware of a method for bypassing, or jailbreaking, Fable 5.

Anthropic said it reviewed a demonstration of the technique being used to identify a small number of previously known minor vulnerabilities. The company argued that those vulnerabilities appeared relatively simple and could also be identified by other publicly available models without requiring a bypass.

Anthropic said Fable 5 had been red-teamed before launch by its internal teams, the US government, the UK AI Safety Institute and third-party organisations. The company said no tester had found a universal jailbreak capable of broadly bypassing the model’s safeguards.

The company said it is complying with the directive but disagrees that a narrow potential jailbreak should justify recalling a commercial model. It also argued that applying such a standard across the industry could effectively halt new frontier model deployments.

Anthropic said governments should be able to block unsafe AI deployments through a transparent and technically grounded statutory process, but said the current action does not meet those principles. The company said it is working to restore access as soon as possible.

Why does it matter?

The case shows how national security and export-control powers can directly affect access to frontier AI systems after deployment. It raises a major governance question: when should governments be able to suspend access to advanced models, and what evidence, transparency and due-process safeguards should apply? The dispute also highlights the growing tension between frontier AI safety, commercial deployment, cross-border access and government intervention in dual-use technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol warns of rising online exploitation of minors

Europol has warned that criminal networks are increasingly using digital platforms to target, manipulate and recruit minors into criminal activity.

The agency said offenders exploit online environments, including dark web portals, social media networks, games and e-commerce platforms, which can offer anonymity, reach and operational efficiency. Europol and the EU member states have observed growing use of these digital tools to target and recruit minors.

According to Europol, young people are being drawn into offences including cyberattacks, drug distribution, online fraud and money laundering. In some cases, minors are also exposed to extremist ideologies, manipulation and pressure from online communities.

Europol said digital tools have made recruitment easier to scale and harder to detect. Minors may initially be approached as victims, but can later be pressured into carrying out further offences, increasing both the harm to the child and the reach of criminal networks.

The agency said it is working with the EU member states and international partners to strengthen intelligence sharing, operational support and the disruption of criminal groups. Prevention efforts also include awareness-raising and guidance for parents, educators and communities to help identify risks and support vulnerable minors.

Why does it matter?

The warning shows how child safety and organised crime are increasingly overlapping in online spaces. Social media, gaming environments, e-commerce platforms and dark web channels can be used not only to exploit minors, but also to recruit them into cybercrime, fraud, drug distribution or extremist networks. That creates a governance challenge for law enforcement, schools, parents and platforms, especially where manipulation, anonymity and cross-border digital services make early detection difficult.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EPRS reveals critical Cybersecurity Act impact assessment gaps

The European Parliamentary Research Service has published an initial appraisal of the European Commission’s impact assessment for the proposed revision of the Cybersecurity Act, finding that the Commission makes a strong case for reform while leaving several analytical gaps.

The Commission proposed the revision on 20 January 2026, alongside a directive on simplification measures under the NIS2 Directive. The proposals were referred to the European Parliament’s Committee on Industry, Research and Energy.

The package covers ENISA’s mandate, the European Cybersecurity Certification Framework, NIS2 compliance simplification and a proposed EU-level framework for ICT supply chain security. EPRS said the impact assessment responds to a more complex cybersecurity landscape, stalled implementation of certification rules, fragmented compliance requirements and growing supply chain risks.

The briefing found that the Commission’s assessment effectively substantiates the need to revise the Cybersecurity Act. It praised the problem definition, intervention logic, use of qualitative and quantitative analysis, SME test, competitiveness check and transparency around evidence and methodology.

However, EPRS also identified weaknesses. It said the assessment lacks operational objectives, does not include a subsidiarity grid despite the initiative’s political significance, and has no distinct proportionality section. The briefing also questioned whether some policy options are sufficiently distinct, noting that they appear partly cumulative.

EPRS said stakeholder consultation feedback could have been reflected more clearly, especially in the analysis of policy options, impacts and the preferred approach. It also noted that the Regulatory Scrutiny Board first issued a negative opinion on the draft impact assessment, then later issued a positive opinion with reservations.

The briefing concluded that the Commission’s legislative proposals are mostly aligned with the preferred options in the impact assessment, although some issues remain.

Why does it matter?

The Cybersecurity Act revision could reshape several pillars of the EU cyber policy at once, including ENISA’s role, cybersecurity certification, NIS2 compliance and ICT supply chain security. EPRS’s appraisal matters because it provides lawmakers with an early quality check of the evidence underpinning the Commission’s proposal. The briefing suggests the policy case for reform is strong, but also highlights gaps that may become important during parliamentary scrutiny, especially around proportionality, subsidiarity and the design of policy options.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK plans major social media ban for under-16s

The UK government plans to introduce a social media ban for children under 16 as part of a wider package of online safety measures aimed at reducing children’s exposure to harmful content and risky online interactions.

Prime Minister Keir Starmer said the planned restrictions are intended to protect children from harmful material, excessive screen time and contact with unknown adults online. The measure is expected to apply to major social media platforms, while gaming and livestreaming services could face restrictions on features that allow children to interact with strangers.

The move follows a national consultation on children’s online safety, which examined possible age restrictions on social media and other online services, as well as limits on addictive design features and risky functionalities.

Further details are expected on implementation and enforcement, including how platforms would be required to verify users’ ages. The government has previously said that restrictions on children’s access to social media should be considered alongside broader protections for gaming platforms, AI chatbots and other online services used by young people.

The proposal would place the UK among a growing number of countries moving towards age-based restrictions on children’s access to social media. Australia has already adopted an under-16 social media ban, while other governments are considering similar approaches.

Supporters argue that age restrictions could reduce online harms and give parents clearer backing in setting boundaries for children’s technology use. Critics warn that enforcement may raise privacy concerns, increase reliance on age-verification systems and push children towards less regulated online spaces.

Why does it matter?

The proposal would move the UK closer to an age-based model of online safety regulation, where platforms may be expected to prevent under-16s from accessing certain services rather than only reduce harmful content after children join. That raises major governance questions around age assurance, privacy, platform design, parental responsibility and enforcement. The measure could also increase pressure on social media, gaming, livestreaming and AI chatbot services to redesign features that expose children to unknown adults, addictive interaction patterns or harmful content.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

IMF chief calls for stronger cooperation on AI-related cybersecurity risks

International Monetary Fund (IMF) Managing Director Kristalina Georgieva has called for greater international cooperation to address cybersecurity risks associated with advanced AI systems, warning that rapidly evolving AI capabilities could pose challenges for the global financial system if misused.

Speaking to journalists in Brussels, Georgieva said new AI models are increasing the ability to identify cybersecurity vulnerabilities at a scale previously unavailable. She noted that these capabilities can support efforts to strengthen cyber defences by helping organisations detect and address weaknesses more quickly.

At the same time, Georgieva said the same capabilities could be misused by malicious actors. Referring to recent developments in advanced AI systems, she said that frontier models can be used positively to identify cybersecurity vulnerabilities but that, ‘in the wrong hands,’ those capabilities could be directed against financial infrastructure.

Her comments come amid growing discussion among policymakers, regulators, and financial institutions about the implications of increasingly capable AI systems for cybersecurity and financial stability. Earlier this year, Georgieva warned that the international monetary system was not adequately prepared to address rapidly evolving AI-related cyber risks and called for greater attention to safeguards needed to protect financial stability.

According to Georgieva, stronger cooperation will be necessary across countries and sectors to address these risks. She highlighted the importance of collaboration between advanced and developing economies, as well as between public institutions and private-sector actors responsible for critical digital infrastructure.

She also pointed to the interconnected nature of the global financial system, arguing that vulnerabilities in one jurisdiction can have wider implications. Because financial systems are closely linked across borders, weaknesses in cybersecurity protections may create risks beyond the countries where they originate.

In addition to cooperation, Georgieva stressed the importance of investing in cyber resilience. She said governments should consider cybersecurity requirements when planning public spending and ensure that sufficient resources are available to strengthen defences against evolving threats.

Her remarks align with broader concerns raised by financial authorities regarding the growing role of AI in cybersecurity. While advanced models may help identify vulnerabilities and improve defensive capabilities, they may also lower barriers for conducting sophisticated cyber operations. Financial institutions and regulators have increasingly examined how to strengthen preparedness and resilience in response to these developments.

Georgieva also referred to broader risks associated with rapid AI adoption, including the potential for market volatility driven to changing expectations for AI technologies. She described such risks as low-probability but potentially high-impact events.

The IMF has previously highlighted the economic implications of AI, including its potential effects on labour markets and productivity. Georgieva has argued that governments should prepare for significant technological change while ensuring that the benefits of AI are broadly shared.

Why does it matter?

The comments in Brussels place cybersecurity and financial resilience at the centre of ongoing discussions about AI governance. As governments, regulators, and financial institutions continue to assess the implications of increasingly capable AI systems, questions around international cooperation, preparedness, and cyber resilience are expected to remain a key focus of policy discussions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyber Europe 2026 tests EU response to large-scale cyber crises

The EU Agency for Cybersecurity has led Cyber Europe 2026, a two-day exercise testing Europe’s response to large-scale cyberattacks on rail and maritime transport networks.

The exercise, held on 10 and 11 June, brought together more than 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sector organisations, the EU entities and industry. It was designed to strengthen cyber preparedness and test the continuity of essential services during a major crisis affecting interconnected transport systems.

The scenario simulated coordinated attacks on critical maritime and railway infrastructure across Europe. Port logistics and navigation systems were compromised, cargo movements were halted, and safety risks emerged. Railway networks were also disrupted, with cross-border trains frozen and passengers and supplies delayed.

Participants also had to respond to ransomware attacks affecting transport authorities and ticketing services, as well as exposure of sensitive passenger and emergency information. ENISA said the scenario required information-sharing and coordination at technical, operational and political levels.

Cyber Europe 2026 also tested the EU Cybersecurity Blueprint, revised in 2025 to strengthen crisis management for large-scale incidents. For the first time, the EU Cybersecurity Reserve was tested under Cyber Europe, using a scenario that required participants to follow ENISA procedures for activating incident response support under the mechanism.

ENISA said findings from the exercise will be analysed in after-action reports to identify weaknesses and improve Europe’s preparedness and response processes.

Why does it matter?

The exercise shows how cyber incidents affecting transport infrastructure can quickly move beyond technical disruption into broader economic, safety and crisis-management risks. Ports, railways, logistics systems, ticketing platforms and navigation tools are increasingly interconnected, often combining legacy operational technology with modern digital systems. Testing EU-level coordination matters because attacks on transport networks can affect trade, military mobility, emergency response and public trust across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.