Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Korea and Japan expand AI and defence cooperation

South Korea and Japan have agreed to expand defence cooperation, including collaboration on AI and other advanced technologies, following talks between South Korean Defence Minister Ahn Gyu-Back and Japanese Defence Minister Shinjiro Koizumi in Seoul. The agreement was reached during a bilateral summit held in Seoul that day.

The ministers agreed to establish regular high-level visits and meetings, resume bilateral naval search and rescue exercises for the first time in nine years, and continue trilateral security cooperation with the United States to support regional peace and stability.

They also agreed to expand exchanges between South Korea’s Black Eagles and Japan’s Blue Impulse aerobatic teams to support search and rescue training. The agreement also included a commitment to strengthen ties in state-of-the-art science and technology, including AI, with the summit taking place at the Ministry of National Defence’s parade ground in Seoul.

Why does it matter?

The agreement marks a further improvement in defence relations between South Korea and Japan, whose security cooperation has often been constrained by historical and political tensions. The resumption of joint search and rescue exercises after nine years reflects growing alignment on shared regional security priorities.

The inclusion of AI and advanced technology cooperation also illustrates how emerging technologies are becoming integral to defence partnerships. As countries increasingly integrate AI into military planning, logistics and operational capabilities, technological collaboration is becoming a strategic component of broader security relationships, particularly within the Indo-Pacific.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK CMA consults on Apple and Google app store payment rules

The UK Competition and Markets Authority has opened consultations on new requirements for Apple and Google under the country’s digital markets competition regime.

Proposed steering requirements would allow app developers to direct UK users to payment options outside Apple’s App Store and Google’s Play Store. The CMA said Apple currently bans steering in the UK, while Google restricts it.

According to the regulator, allowing developers to communicate with customers about off-platform options could increase competition, reduce payment costs and support innovation across mobile services.

Consultation proposals also cover principles to ensure that any steering fees charged by Apple and Google are fair and reasonable. The CMA said such fees should be based on evidence and should be lower than current app store charges.

Alongside the steering proposals, officials are seeking views on a potential requirement for Apple to provide developers with access to near-field communication functionality on iOS.

Broader NFC access could allow UK fintechs and developers to support contactless payments from within their own apps. It could also support future payment methods, including account-to-account payments, digital currencies and stablecoins, as well as non-financial uses such as digital ID and car keys.

Responses to the steering conduct requirement are due by 28 July 2026, while views on the potential NFC requirement are due by 21 July 2026. The CMA will decide later this year whether to impose new obligations.

Why does it matter?

The consultations show the UK’s digital markets regime moving into targeted conduct rules for major mobile platforms. If adopted, the measures could weaken Apple and Google’s control over in-app payments and give developers more freedom to offer alternative purchasing channels. The NFC proposal also widens the debate beyond app store commissions, addressing Apple’s control over device functionality that can shape competition in mobile payments, digital identity and other services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

AUSTRAC warns AI is reshaping financial crime

AUSTRAC has released a new suite of intelligence and risk assessments examining evolving threats, related to money laundering, terrorism financing and proliferation financing.

The Australian financial intelligence agency said advances in AI and other emerging technologies are enabling criminals to exploit vulnerabilities and evade detection. The reports are intended to help organisations strengthen risk-based anti-money laundering and counter-terrorism financing controls.

The package includes the Money laundering update 2026, Terrorism Financing Update 2026, Proliferation Financing Update 2026 and a report on terrorism financing risks in Australia’s non-profit sector. AUSTRAC said the publications show growing reliance on everyday financial services and corporate structures to conceal illicit funds.

While traditional risk channels remain relevant, AUSTRAC said financial crime is becoming more complex and interconnected as technology, globalisation and increasingly sophisticated criminal methods reshape how illicit activity is concealed.

AUSTRAC identified AI and virtual assets, including cryptocurrency, as key technologies reshaping the threat landscape by increasing both the scale and sophistication of financial crime.

The agency said legitimate financial services, trade flows, corporate structures and routine transactions can all be exploited to disguise illicit activity. It also highlighted persistent vulnerabilities in Australia’s non-profit sector, noting that although the overall terrorism financing risk remains stable, charities and not-for-profit organisations continue to face exposure to money laundering and terrorism financing.

Charities and not-for-profit organisations play an important role in supporting communities in Australia and overseas. However, AUSTRAC said they remain vulnerable to money laundering and terrorism financing.

AUSTRAC said the intelligence products are designed to help regulated organisations better understand emerging financial crime threats and strengthen their anti-money laundering and counter-terrorism financing controls.

Why does it matter?

Financial crime is becoming increasingly difficult to detect as criminal networks exploit legitimate financial systems alongside AI, cryptocurrencies and other emerging technologies. AUSTRAC’s latest assessments highlight the need for regulated organisations to strengthen risk-based anti-money laundering and counter-terrorism financing controls in response to a more complex threat environment.

The reports also underscore a broader shift in financial crime prevention. Rather than focusing only on traditionally high-risk transactions, organisations are being encouraged to monitor how ordinary financial services, corporate structures and cross-border activities can be misused, reflecting the growing sophistication of modern illicit finance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada’s CSE expands cyber defence amid growing threats

The Communications Security Establishment Canada (CSE) has published its 2025-2026 Annual Report, detailing the activities of the agency and the Canadian Centre for Cyber Security between April 2025 and March 2026 as cyber threats continued to grow in scale and complexity.

During the reporting period, the Canadian Centre for Cyber Security responded to more than 3,200 cybersecurity incidents affecting federal institutions and critical infrastructure. It also issued 25 alerts, 995 advisories and more than 97,000 notifications through the National Cyber Threat Notification System to 1,363 subscribed organisations.

CSE also took direct action against ten of the ransomware groups causing the greatest harm to Canada and its allies, while completing 1,772 supply chain risk assessments to strengthen cyber resilience across government. During the year, the agency received 13 ministerial authorisations, including four supporting foreign cyber operations.

The report highlights how recent defence investments are supporting work on secure digital infrastructure, stronger cyber defence capabilities, AI, post-quantum cryptography and deeper collaboration with trusted international partners.

Minister of National Defence David J. McGuinty said the report demonstrates the importance of CSE’s work to Canada’s security and economic well-being. Chief of CSE Caroline Xavier noted that the agency will mark its 80th anniversary in 2026 and said recent investments are providing the tools needed to address an increasingly complex threat environment.

Why does it matter?

The report illustrates how national cybersecurity agencies are shifting from responding to isolated incidents to maintaining continuous operations against increasingly sophisticated digital threats. Activities ranging from ransomware disruption to supply chain assessments demonstrate the expanding role of cyber defence in protecting governments and critical infrastructure.

The emphasis on AI, post-quantum cryptography and secure digital infrastructure also signals Canada’s long-term approach to cybersecurity. By investing in emerging technologies while strengthening cooperation with allies, CSE is preparing for a threat environment in which cyber resilience is closely tied to national security, economic stability and technological competitiveness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU approves simplified AI rules under Omnibus VII

The Council of the European Union has given its final approval to a regulation that simplifies parts of the EU’s AI framework as part of the broader ‘Omnibus VII’ package to reduce regulatory complexity.

The updated rules revise the implementation timeline for high-risk AI systems, postponing full application until December 2027 for standalone systems and August 2028 for AI systems integrated into regulated products. The regulation also strengthens safeguards by explicitly prohibiting AI-generated non-consensual sexual content, including manipulated intimate imagery and AI-generated child sexual abuse material.

Additional changes aim to reduce administrative burdens and improve legal clarity. Deadlines for establishing AI regulatory sandboxes have been extended to August 2027, transparency obligations for AI-generated content have been streamlined, and the regulation clarifies the division of responsibilities between EU and national authorities while reducing overlap with sector-specific legislation.

The framework also clarifies the division of responsibilities between EU and national authorities and introduces mechanisms to avoid overlap with sector-specific legislation.

EU officials said the reforms will improve legal certainty, support innovation and promote more consistent implementation across member states while preserving safeguards for fundamental rights in the development and deployment of AI systems.

Why does it matter? 

The reforms illustrate the EU’s effort to move from adopting AI legislation to making it easier to implement in practice. By extending compliance deadlines, reducing administrative complexity and clarifying supervisory responsibilities, the Union aims to encourage AI innovation without weakening protections for fundamental rights.

The package also reflects a more pragmatic phase of EU AI governance. Rather than rewriting the AI Act, policymakers are refining its implementation to improve legal certainty for developers and users while maintaining strict rules for high-risk and harmful AI applications.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

NVIDIA and Palantir expand sovereign AI for US government

Palantir has announced a new sovereign AI capability built on NVIDIA’s open-source Nemotron models, enabling US government agencies and critical infrastructure operators to deploy, customise and continuously improve AI models within highly secure environments.

The platform combines NVIDIA Nemotron open models with Palantir’s Sovereign AI Operating System, allowing organisations to retain full control over their data, model weights and deployment infrastructure.

The system is designed for air-gapped and highly regulated environments where sensitive information cannot be connected to external networks.

Agencies will be able to train AI models using their own operational data, retain ownership of the resulting models and continuously improve performance through internal feedback loops.

The deployment is supported by NVIDIA AI Enterprise and Palantir’s Artificial Intelligence Platform (AIP), Foundry, Ontology and Apollo platforms.

NVIDIA said the initiative reflects the growing importance of open AI models for government and enterprise development, arguing that they offer greater transparency, customisation and lower deployment costs than proprietary alternatives.

The company also highlighted the role of open models in strengthening AI adoption across sectors including defence, healthcare, energy, transportation and public administration.

Why does it matter?

The announcement reflects the growing importance of sovereign AI, as governments and operators of critical infrastructure seek to deploy advanced AI systems without relying on externally hosted services or relinquishing control over sensitive data. Open models combined with secure, self-managed infrastructure offer an alternative approach for organisations with strict security and regulatory requirements.

The partnership also highlights the strategic role of open foundation models in the evolving AI ecosystem. As competition intensifies between proprietary and open AI approaches, governments are increasingly viewing customisable, locally deployable models as critical assets for national security, digital sovereignty and public-sector modernisation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Chief AI Officers to lead AI adoption across Australian government

Australian public service agencies are formalising the appointment of Chief AI Officers (CAIOs) to guide the safe, strategic and coordinated use of AI across government.

Under the APS AI Plan, all non-corporate Commonwealth entities must appoint a senior leader as Chief AI Officer by 30 June 2026. Corporate Commonwealth entities and Commonwealth companies are strongly encouraged to make similar appointments.

The role is intended to help agencies adopt and use AI, particularly generative AI, as the technology reshapes government operations, public service delivery and internal processes.

Chief AI Officers will complement, rather than replace, AI Accountable Officials. While Accountable Officials focus on governance, compliance and risk management, CAIOs will lead strategic adoption, organisational transformation and AI capability building.

The government said CAIOs should provide strategic leadership rather than focus primarily on technical implementation. Their responsibilities include identifying high-value AI use cases, building staff capability, championing responsible adoption and ensuring AI is deployed safely and effectively.

CAIOs will work across technology, data, policy, cybersecurity, privacy and human resources functions, while collaborating with counterparts across the Australian Public Service and the Department of Finance’s AI Delivery and Enablement team.

Chief AI Officers will also collaborate across the Australian Public Service, including with other CAIOs and the AI Delivery and Enablement function in the Department of Finance.

The government said AI should be viewed as a general-purpose capability rather than a conventional technology upgrade, reflecting its potential to transform multiple areas of public-sector work.

The CAIO role is intended to help agencies move from experimentation to more systematic and responsible adoption. It is also designed to support a whole-of-organisation view of AI risks and opportunities.

The AI Delivery and Enablement team has developed an information pack to support agencies in appointing CAIOs, along with a blog for newly appointed leaders.

A wide range of agencies have already appointed Chief AI Officers. The published list includes major departments, regulators, integrity bodies, health and research agencies, cultural institutions, security agencies and service delivery organisations.

A wide range of organisations have already appointed CAIOs, including major government departments, regulators, law enforcement bodies, research organisations and service delivery agencies such as the Department of Finance, Home Affairs, Treasury, the Australian Federal Police, Services Australia and the Australian Electoral Commission.

The appointments of Chief AI Officers reflect a broader effort to coordinate AI adoption across government while maintaining attention to safety, privacy, cybersecurity, governance and public value.

Why does it matter?

Australia’s initiative reflects a broader shift from experimental AI projects to coordinated, organisation-wide adoption across the public sector. By establishing dedicated AI leadership roles, the government is seeking to embed strategic oversight while ensuring that innovation is balanced with governance, privacy, cybersecurity and public accountability.

The creation of Chief AI Officers also highlights the growing recognition that AI adoption is an organisational transformation challenge rather than solely a technical one. As governments integrate AI into public services, dedicated leadership is becoming increasingly important to coordinate implementation, build capability and ensure AI delivers public value responsibly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Malaysia adopts AI-centred digital strategy to 2030

Malaysia has launched the Malaysia Digital Action Plan 2030 (MD2030), a national roadmap that places the Ministry of Digital at the centre of efforts to achieve the country’s ambition of becoming an AI-driven nation by 2030.

Unveiled by Prime Minister Anwar Ibrahim, the strategy aims to transform Malaysia from a consumer of technology into a producer of homegrown digital innovation through a coordinated, whole-of-government approach.

The five-year plan sets national priorities across economic growth, digital public services, infrastructure, talent development, cybersecurity and AI innovation. It is built around seven strategic pillars covering government, the economy, infrastructure, talent, society, trust and security, and innovation.

MD2030 also aligns existing national initiatives, including the Malaysia Digital Economy Blueprint and the National Fourth Industrial Revolution Policy, while supporting the country’s broader economic agenda.

Implementation will be coordinated by the Ministry of Digital in collaboration with agencies including the National AI Office, the Malaysia Digital Economy Corporation, CyberSecurity Malaysia, GovTech Malaysia and MyDIGITAL Corporation.

The government said the strategy will prioritise responsible AI governance, digital trust, AI readiness, smart public services, digital inclusion and the development of domestic AI capabilities across government, business and society.

Why does it matter?

MD2030 positions AI as a core driver of Malaysia’s economic development, public-sector modernisation and long-term competitiveness. By combining AI governance, cybersecurity, digital infrastructure, skills development and innovation within a single national framework, the government is pursuing a coordinated approach to digital transformation rather than isolated technology initiatives.

The strategy also reflects intensifying regional competition to build sovereign AI capabilities. As Southeast Asian countries expand investment in AI infrastructure, talent and governance, Malaysia is seeking to strengthen its domestic innovation ecosystem while promoting trusted and responsible AI adoption across the economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OECD maps AI and citizen participation

The OECD has published a report examining how AI could support citizen participation and democratic innovation while highlighting the safeguards needed for its responsible use.

The report, Artificial Intelligence and the Future of Citizen Participation, was approved and declassified by the OECD Public Governance Committee on 22 June 2026. It was produced as part of the OECD Public Governance Reviews series in collaboration with the Bertelsmann Stiftung.

The report says public participation can help governments design better policies and strengthen trust. It cites OECD trust findings showing that people who feel they have a say in government decisions are far more likely to report high trust in government.

The OECD notes that governments have long relied on digital technologies, including online platforms and civic tech tools, to expand public participation. AI represents the next stage of this evolution, with governments increasingly experimenting with tools for consultation, deliberation, communication and policy analysis.

The report is based on desk research and analysis of 50 AI use cases in participation processes from 22 OECD member and partner countries. It proposes a typology to help public officials and practitioners understand where AI tools may be useful and what challenges they may address.

Based on an analysis of 50 AI use cases from 22 OECD member and partner countries, the report proposes a typology covering nine categories of AI applications, including information development, sense-making, translation, transcription, virtual assistance, moderation, facilitation, simulation and participation architecture.

These tools can support both front-office activities, where citizens interact directly with government, and back-office activities, where public administrations design, analyse and manage processes internally.

According to the OECD, AI could make participation processes more accessible and efficient by helping governments analyse large volumes of public input, improve communication, reduce administrative costs and broaden participation.

Sense-making tools can help analyse large amounts of text submitted during consultations. Translation and transcription tools can make processes more accessible across languages and formats, while virtual assistants can help people navigate information about citizen participation opportunities.

AI can also support moderation and facilitation. The report says such tools may help prevent spam, hate speech or manipulation in online discussions, and could support live deliberation by identifying common ground or structuring debate.

However, the OECD cautions against treating AI as a simple fix for democratic challenges. It says technology alone cannot solve problems such as weak links between participation processes and actual policy decisions.

The report also highlights ethical, operational and societal risks, including algorithmic bias, opaque decision-making, hallucinations, cybersecurity threats, digital exclusion and declining public trust if AI systems are poorly designed or deployed.

The OECD also highlights the risks of inaction, noting that governments may miss valuable opportunities if they avoid AI tools even when they could be applied responsibly.

The report says governments should establish guardrails for AI use in citizen participation, including transparency, compliance with democratic values, protection of civic space, attention to data divides and low-tech alternatives for citizens with limited digital access.

It also calls for stronger enablers, including AI literacy, skills development, citizen engagement in the design and governance of AI systems, open standards where appropriate, and support for scaling successful pilots.

The OECD concludes that most public-sector use of AI in citizen participation remains experimental. It argues that lasting benefits will depend on transparent governance, human oversight and continued efforts to strengthen democratic participation beyond technology alone.

Why does it matter?

Governments are increasingly exploring AI as a way to make public participation more accessible, scalable and responsive. The OECD’s report shows that AI can support consultation, deliberation and policy analysis, but only when accompanied by safeguards that protect transparency, inclusion and democratic accountability.

The report also reinforces a broader shift in AI governance from technical capability to institutional design. By emphasising human oversight, civic participation, digital inclusion and democratic values, the OECD argues that AI should enhance, not replace, the processes that underpin public trust and democratic decision-making.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!