ENISA warns frontier AI is compressing cyberattack timelines

The European Union Agency for Cybersecurity has warned that frontier AI models are compressing cyberattack timelines and challenging traditional defence practices.

In a July 2026 paper, ENISA said advanced AI models are reducing the time between vulnerability discovery and exploitation, creating new pressure on vulnerability management, patching and incident response.

The agency said open-weight models may reach similar capabilities within 9 to 12 months, while existing models combined with skilled security experts can already produce comparable results.

ENISA warned that attackers may gain access to exploits before fixes are available, while legacy systems and end-of-life products could become more exposed to AI-assisted vulnerability discovery.

The agency also said more frequent patch releases may increase the risk of service disruption, while open-source maintainers could be overwhelmed by AI-generated vulnerability reports.

Security fundamentals still matter, but ENISA said defenders must apply them faster. It recommended shifting resources from vulnerability discovery towards risk-based prioritisation, rapid triage, remediation and risk reduction.

The paper also calls for defensive AI tools to be integrated into software development, incident response and threat modelling, with human-gated workflows and stronger workforce skills.

At the EU level, ENISA said existing frameworks, including NIS2, the Cyber Resilience Act, and the EU AI Act, should be used to assess and mitigate systemic risks linked to advanced AI models.

For defenders, the agency recommended near-real-time security operations, AI-assisted threat modelling, dynamic incident response pipelines and single-digit-minute detection and response targets.

Why does it matter?

ENISA’s paper frames frontier AI as a structural cybersecurity challenge, not just another tool for attackers or defenders. If vulnerability discovery, exploit development, and lateral movement happen at machine speed, organisations will need faster triage, stronger automation and clearer human oversight. The report also connects AI cybersecurity to the EU’s wider regulatory framework, showing that NIS2, the Cyber Resilience Act and the AI Act will all matter in managing systemic cyber risks from advanced models.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol denies bypassing EU data protection rules

Europol has rejected allegations that it operated a ‘secret’ or ‘shadow’ database outside the EU data protection rules.

In a new fact-check, the agency said recent reports misrepresented two long-established operational environments used to support digital investigations and online information analysis.

Europol said its Computer Forensic Network is used to analyse complex digital evidence securely in support of criminal investigations.

It also said the Internet-Facing Operational Environment is used to collect and triage publicly available online information before relevant material is transferred to Europol’s operational systems in accordance with applicable legal requirements.

The agency said neither environment was created to bypass oversight or data protection obligations.

Europol also published a timeline showing that both systems have existed for many years and have evolved alongside changes to its legal framework, governance and supervisory arrangements.

The agency said it has worked with the European Data Protection Supervisor on governance improvements, technical modernisation and safeguards, including after regulatory changes introduced in 2022.

Europol said public debate on law enforcement and privacy should be based on accurate descriptions of operational systems and their oversight.

Why does it matter?

The dispute highlights the tension between law enforcement’s need to process large volumes of digital evidence and the privacy safeguards required under the EU law. Europol’s response is important because operational data systems used in cybercrime, terrorism and serious organised crime investigations can affect fundamental rights if oversight, retention and access rules are unclear. The case also shows why transparency about investigative infrastructure matters for public trust, especially as law enforcement agencies modernise their data-processing capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Reddit expands AI moderation to combat spam and harmful content

Reddit has expanded its automated moderation systems to reduce spam, inauthentic activity and harmful content across the platform.

The company said it is using AI to detect manipulated and spam-like behaviour through new signals and faster enforcement.

Reddit said suspicious accounts can now be identified from the moment they are created, while large language models help detect coordinated fake behaviour and artificial hype that older systems may miss.

According to the company, updated automated systems are blocking 23 million spam views each day before they reach users.

They are also identifying around 25,000 new spam posts and comments daily and revoking nearly two million inauthentic votes per day.

Reddit said user exposure to spam fell by about 20% from January to March 2026 compared with the previous three months, followed by a further 10% to 15% decline in overall spam account exposure.

The company has also expanded automated enforcement against hate and violent content across all English-language text on Reddit.

The average enforcement time for such content has fallen to under 5 seconds, while enforcement actions have increased by more than 200%, according to Reddit.

The company said faster enforcement has reduced exposure to potentially harmful content by more than 40%, while false removals have also fallen by over 40%.

Reddit said AI-based tools remain part of a wider moderation model that includes site-wide safety teams, volunteer community moderators and user voting.

Why does it matter?

Reddit’s update shows how major platforms are using AI not only to generate or recommend content, but also to police authenticity, spam and harmful behaviour at scale. Faster automated enforcement can reduce user exposure before content spreads, but it also raises familiar governance questions around transparency, false positives, appeals and the balance between automation and human moderation. The company’s emphasis on layered moderation suggests that AI is becoming central to platform safety, while still depending on human teams, volunteer moderators and community signals.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK firms sign Cyber Resilience Pledge amid rising AI threats

The UK government has launched a voluntary Cyber Resilience Pledge, with more than 60 businesses and strategic government suppliers committing to strengthening their cyber defences.

Founding signatories include companies from retail, finance, media, technology and utilities, including M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK, Vodafone Group and VodafoneThree.

The pledge asks organisations to take three practical steps: make cybersecurity a board-level responsibility, register for the National Cyber Security Centre’s Early Warning service and take a risk-based approach to requiring Cyber Essentials certification across supply chains.

The government said the pledge is designed mainly for medium and large organisations, but is open to organisations of all sizes and sectors.

Signatories will be asked to publish a signed pledge letter and provide an annual update on progress.

The launch comes ahead of the government’s National Cyber Action Plan, which is expected to set out further cooperation with industry on cyber resilience in the AI era.

According to the government, cyberattacks cost UK organisations an estimated £14.7 billion a year, while the NCSC handled 204 nationally significant incidents in the year to September, up from 89 the previous year.

Officials also warned that AI is lowering barriers for attackers by helping them find software weaknesses, write exploit code and scale attacks more quickly.

Why does it matter?

The pledge elevates cyber resilience to board-level corporate governance, rather than treating it solely as an IT function. Its supply-chain focus is also important because major cyber incidents often spread through vendors, service providers and connected business partners. By linking the pledge to AI-enabled threats, the UK government is signalling that basic cyber hygiene, governance and supply-chain assurance remain essential even as attacks become faster and more automated.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Alberta uses Claude Code to review government systems

The Government of Alberta has used Anthropic’s Claude Code to review and secure provincial government systems, according to a case study published by the company. Anthropic said Alberta’s Ministry of Technology and Innovation used Claude Code with its Opus and Sonnet models to analyse code, identify vulnerabilities and support remediation.

According to Anthropic, the ministry scanned 466 million lines of code in about 20 hours, covering systems used across 27 provincial ministries. Around 50 AI agents worked in parallel to identify security vulnerabilities, infrastructure weaknesses and documentation gaps.

The ministry manages about 1,280 applications and 3,400 code repositories supporting services including social services, public safety and wildfire response. Anthropic said many had never undergone comprehensive security reviews, resulting in accumulated technical debt and incomplete documentation.

Alberta used a two-stage review process. A rules engine first identified known patterns, after which Claude Code analysed the results and cited the relevant files and lines for each finding. Anthropic said the approach uncovered issues that conventional automated scanning tools had missed.

Claude Code was also used to generate fixes, write tests where needed and assist with modernising legacy systems. Anthropic said ministry engineers reviewed and approved all proposed patches before deployment, maintaining human oversight throughout the remediation process.

Alberta also developed specialised Claude-based review agents for continuous security testing during software development. These include red-team agents that probe applications for vulnerabilities, blue-team agents that assess compliance with security standards, and additional agents that review code quality and public-facing content.

Why does it matter?

The case illustrates how governments are beginning to use AI coding agents to modernise and secure large portfolios of legacy software, an area that has traditionally required significant time and specialised expertise. If these tools prove reliable, they could help public administrations reduce technical debt, improve cybersecurity and accelerate software maintenance across critical public services.

At the same time, the deployment highlights the importance of governance in public-sector AI adoption. Alberta’s reported use of human review before implementing AI-generated changes reflects a growing emphasis on combining AI-assisted development with oversight, accountability and established security practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia records highest data breach notifications since 2018

Australia recorded its highest annual number of data breach notifications in 2025 since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner.

The regulator received 1,205 notifications under the Notifiable Data Breaches scheme in 2025, an 8% increase from 1,112 in 2024.

Organisations covered by the Privacy Act must notify the OAIC of data breaches that are likely to result in serious harm to affected individuals.

Malicious or criminal activity remained the leading cause of reported breaches, accounting for 716 notifications. Cyber hacking continued to be the main cause of reported incidents.

Health service providers were the most affected sector, reporting 225 breaches, or 19% of the annual total. Financial services, Australian government agencies, business and professional associations, education providers and legal, accounting and management services were also among the most affected sectors.

The OAIC has released a new quick reference guide to help organisations assess potential breaches, decide whether notification is required and understand how to report incidents.

Privacy Commissioner of Australia, Carly Kind, said the threat posed by data breaches to Australian businesses and organisations is substantial and rising year on year.

The regulator’s latest privacy attitudes survey also found that data breaches remain the top privacy concern for Australians, with 82% expressing concern, up from 74% in 2023.

Why does it matter?

Rising breach notifications show that data protection is becoming a persistent operational and regulatory challenge for Australian organisations. The dominance of malicious activity and cyber hacking links privacy compliance directly to cybersecurity preparedness, especially in sensitive sectors such as health. OAIC’s new guide also signals a push towards faster, clearer breach assessment and notification, which matters for affected individuals as well as regulated entities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Sysdig reports first documented agentic ransomware case

Cloud security firm Sysdig says it has documented the first known case of agentic ransomware, after observing an AI-driven extortion operation it tracks as JADEPUFFER.

According to Sysdig, the operation began with exploiting CVE-2025-3248 on an internet-facing Langflow instance. Langflow is an open-source framework for building LLM-driven applications and agent workflows.

The attacker then pivoted towards a production database server running MySQL and Alibaba Nacos.

Sysdig said the operation was driven by a large language model rather than a traditional human-led toolkit. The agent carried out reconnaissance, credential harvesting, lateral discovery, persistence and destructive database activity.

The company said JADEPUFFER executed more than 600 distinct payloads and adapted to failures in real time. In one case, the agent moved from a failed login attempt to a corrected working approach in 31 seconds.

CyberScoop later reported Sysdig’s clarification that the attack was not fully human-free. A person still set up and directed the operation, provisioned command-and-control and staging infrastructure, chose the victim, and supplied credentials likely obtained through a prior compromise.

Sysdig also said API keys for OpenAI, Anthropic, DeepSeek and Gemini were among the material the agent collected from the compromised environment. That does not confirm which model powered the attack.

The case is notable less for novel techniques than for automation. Sysdig said the attack relied on known vulnerabilities and exposed infrastructure, but an AI agent chained the steps together quickly and carried out a ransomware-style database extortion workflow.

Why does it matter?

JADEPUFFER shows how agentic AI could change cybercrime by automating work that previously required skilled operators. Even if humans still choose targets and set up infrastructure, agents can speed up reconnaissance, credential theft, lateral movement and destructive activity once access is available. The defensive lesson is immediate: exposed AI tools, unpatched systems, leaked credentials, and internet-facing databases become more dangerous when attackers can automate exploitation and adaptation at machine speed.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

MEPs to debate EU AI cybersecurity strategy

Members of the European Parliament are set to question the European Commission on its latest AI and cybersecurity proposals, including a new AI cybersecurity strategy expected to be unveiled on 7 July.

According to the European Parliament’s plenary newsletter, the Commission’s action plan is expected to include measures to help EU member states and companies address AI-related cybersecurity risks.

The strategy is also expected to strengthen Europe’s AI cybersecurity capabilities as policymakers examine how AI is reshaping both cyber threats and cyber defence.

The debate follows the European Commission’s welcome of the G7 cybersecurity declaration on strengthening global cyber resilience. Parliament is also considering two legislative proposals collectively referred to as the ‘Cybersecurity Act 2‘.

The proposals are expected to address issues including the NIS2 framework, the role of the EU Agency for Cybersecurity (ENISA), the EU cybersecurity certification framework and ICT supply chain security.

The debate is scheduled for 7 July, as part of a European Commission statement followed by parliamentary scrutiny.

Why does it matter?

The debate shows that AI-related cybersecurity risks are becoming part of the EU’s broader cyber resilience agenda. By linking AI policy with NIS2, ENISA, certification and supply chain security, the EU is preparing to treat AI not only as an innovation priority but also as a cybersecurity concern.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong launches AI privacy sandbox for schools

Hong Kong’s Office of the Privacy Commissioner for Personal Data and the Digital Policy Office have launched an AI privacy sandbox to support responsible AI adoption in schools.

The Safeguarding Personal Data AI Sandbox will provide a collaborative platform for schools exploring AI solutions while managing the risks to personal data protection.

The first phase will run for six months and select 15 school applicants. It is open to publicly funded primary and secondary schools, with applications accepted until 30 October 2026.

Selected schools will receive guidance from the Privacy Commissioner’s office on compliance with the Personal Data (Privacy) Ordinance.

They will also receive support from the Digital Policy Office on Hong Kong’s Generative Artificial Intelligence Technical and Application Guideline.

Cyberport, Hong Kong, and the Hong Kong Productivity Council will provide technical advice.

A briefing session for interested schools is scheduled for 28 August 2026.

Why does it matter?

Schools are increasingly exploring AI tools, but their use of student data creates specific privacy, safety and governance risks. Hong Kong’s sandbox offers a practical way to test AI adoption in education while giving schools regulatory and technical support. The initiative also shows how governments can move beyond broad AI principles by creating sector-specific support mechanisms for institutions that may lack in-house expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

SDAIA, DCO and ICAIRE to discuss responsible AI implementation in Geneva

A side event at the first session of the Global Dialogue on AI Governance will focus on responsible AI implementation, exploring how ethical AI commitments can be translated into practical governance and delivery models.

The session, titled Responsible, Trusted, and Safe AI for Prosperity: From Principles to Practice will take place on 7 July at Palexpo in Geneva. It is being organised by the Saudi Data and Artificial Intelligence Authority (SDAIA), the Digital Cooperation Organization (DCO), and the International Center for Artificial Intelligence Research and Ethics (ICAIRE).

According to the concept note, the discussion will explore how governments and their partners can move from shared AI principles to institutional models that support the safe, trusted, and inclusive deployment of AI. Topics will include national AI readiness, public-sector adoption, governance frameworks, capacity-building and cross-border cooperation.

The organisers frame responsible AI implementation as a public value issue, linking it to stronger public services, national development priorities and sustainable digital prosperity. The session will also highlight SDAIA’s role in building national AI capabilities, ICAIRE’s work connecting AI ethics with research, and the DCO’s efforts to strengthen international digital cooperation.

The agenda includes keynote remarks from DCO Secretary-General Deemah AlYahya and a senior representative of SDAIA. A high-level panel featuring representatives from the DCO, ICAIRE and participating governments will be followed by a question-and-answer session with the audience.

Why does it matter?

The discussion reflects a broader shift in international AI governance from developing high-level principles to building the institutions, skills and regulatory frameworks needed to implement them effectively. As more countries publish AI strategies and governance commitments, the challenge is increasingly how to translate those ambitions into practical public-sector capabilities.

The session also highlights the growing importance of international cooperation in AI governance. By bringing together governments and international organisations to exchange implementation experiences, the event aims to support more consistent, trusted and inclusive approaches to AI adoption across different countries.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!