Cybersecurity

AI in the workplace raises critical governance and shadow use challenges

AI adoption in the workplace is accelerating faster than corporate governance frameworks are evolving. Experts warn that many organisations are unprepared for the risks associated with widespread AI use, creating gaps in oversight and accountability.

A study by the University of Melbourne and KPMG found that nearly half of surveyed professionals admitted to misusing AI at work. Many employees also reported witnessing colleagues misuse AI tools, often without formal authorisation.

Standard practices include uploading sensitive company data to public AI platforms, using AI during internal assessments, and presenting AI-generated work as original output. A significant number of employees also reported reducing their effort because they rely on AI assistance.

Experts caution that this trend creates an illusion of productivity and competence. Managers may receive polished reports generated by AI, while employees may not fully understand or verify the content, exposing organisations to poor decision-making, security vulnerabilities, and compliance risks.

Data protection concerns are particularly significant. Feeding confidential or proprietary information into public AI systems can lead to data leakage and legal exposure, especially when misuse results in financial harm or regulatory breaches.

To address these risks, experts recommend clear internal rules, approved AI tools, monitoring of sensitive data flows, and mandatory human oversight in critical processes. Training programmes should focus on practical guidance and reinforce that employees remain responsible for the accuracy and legality of AI-assisted work.

Analysts note that similar patterns emerged during the early stages of internet adoption. As AI use expands, governance frameworks, enforcement mechanisms, and organisational cultures will need to evolve to manage long-term risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI data centre planned for East Manchester

Latos Data Centres is preparing plans for a 28,000 sq ft data centre in Monsall, East Manchester, aimed at serving rising demand for AI computing. The scheme would occupy a three acre brownfield site at Bower Street and Ten Acres Lane in Manchester.

The East Manchester project is designed as a neural edge data centre, bringing AI processing closer to end users than traditional cloud facilities. Latos said the Manchester development would form part of a broader plan to deliver 30 UK sites by 2030.

A live consultation in Manchester will run until 16 March, with Create Architecture leading the design. Advisers on the Manchester scheme include Euan Kellie Property Solutions on planning and SK Transport Planning on transport matters.

Latos said the Manchester facility would regenerate a vacant industrial plot and operate to high environmental and safety standards. The developer is also delivering a separate data centre in Tees Valley as it expands its AI-focused portfolio across the UK.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Action-capable AI highlights new security challenges

AI agents are evolving from demos into autonomous tools, with OpenClaw emerging as a leading example. Unlike chatbots, these agents execute tasks directly, interacting with software and systems without constant human input.

The rise of action-capable AI introduces new security challenges. Agents can be manipulated through untrusted input or prompt injection. Persistent memory can also prolong mistakes or unintended behaviour.

The combination of access to sensitive data, external actions, and unverified content, sometimes called the ‘lethal trifecta’, amplifies risks, making careful configuration and oversight essential.

Self-hosted agents offer more control, while cloud-based versions simplify setup but shift security responsibility. Experts recommend running agents in isolated environments, limiting permissions, and requiring approval for sensitive actions.

These precautions reduce the chance of accidental or malicious harm while allowing users to experiment safely.

OpenClaw illustrates the potential of AI agents to automate workflows, handle repetitive tasks, and act proactively rather than passively advising. These tools show the future of consumer AI, but broader adoption requires stronger safety measures and awareness of risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI expands London research hub

OpenAI is turning its London office into its largest research hub outside the US, marking a strategic shift towards deeper engagement with the UK’s rapidly developing AI landscape. The move places the company in direct competition with Google DeepMind for scientific talent.

An expansion that strengthens OpenAI’s long-term presence in Europe by building a substantial research base rather than relying on satellite operations. The firm aims to attract researchers seeking strong academic links, regulatory clarity and access to the UK’s growing AI ecosystem.

The enlarged London team is expected to support frontier model development and experimental work that aligns with OpenAI’s international ambitions. Senior leadership framed the decision as a vote of confidence in the UK’s capacity to become one of the most influential centres for advanced AI research.

The announcement intensifies debate over global competition for expertise, as major labs seek locations that balance research freedom with responsible oversight.

OpenAI’s investment signals a belief that the UK can offer such conditions while positioning itself as a key player in shaping the next generation of AI capabilities.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Data sovereignty becomes an infrastructure strategy in the AI era

For most of the past decade, data governance was treated as a legal issue. IT built networks and bought tools, while regulators were someone else’s problem. That division no longer holds. Cloud adoption and AI have turned data sovereignty into a core infrastructure and strategy question.

Regulatory frameworks such as GDPR, NIS2, and DORA are expanding and being enforced more strictly. Governments are also scrutinising foreign cloud providers and cross-border access. Local data storage no longer ensures absolute data sovereignty if critical control layers remain outside national jurisdiction.

Traditional SASE and SSE models were not built for this environment. Many still separate outbound cloud traffic from inbound controls. That split creates blind spots in distributed architectures and complicates consistent policy enforcement.

AI workloads intensify the pressure. Retailers, banks, and manufacturers are deploying models locally, not just in hyperscale clouds. Securing east-west traffic across systems and APIs without undermining data sovereignty is becoming a central architectural challenge.

Managed sovereign infrastructure is one response. It reduces reliance on external cloud paths while preserving operational scale. Ultimately, organisations must align security, AI deployment, and governance with long-term resilience goals.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European businesses gain AI-powered contract tools with local data hosting

Workday has rolled out its Contract Lifecycle Management (CLM) platform with EU-hosted data in Frankfurt, allowing European organisations to use AI contract tools while keeping all data within the EU.

German, French, and Spanish language support is live, with more languages planned. The update is part of Workday’s EU Sovereign Cloud strategy, targeting the CLM market, which is set to grow to $1.9 billion by 2033.

The platform uses AI agents to automate contracts. The Contract Intelligence Agent extracts terms, obligations, and renewal dates to create a searchable repository, while the Contract Negotiation Agent flags deviations, drafts redlines, and speeds approvals.

Multilingual support ensures smooth workflows across Europe’s largest commercial languages, improving compliance and efficiency.

GDPR compliance remains critical, with fines up to €20 million or 4% of global turnover. EU-hosted CLM removes offshore data risks, which are crucial for the finance, healthcare, and defence sectors. Workday combines AI efficiency with full legal compliance.

Decision-makers should focus on three priorities: EU data residency, leveraging AI agents to accelerate contracts, and integrating CLM with HR and finance systems to maximise value. Workday aims to capture market share in Europe against competitors such as Icertis and DocuSign.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia begins a landmark study on social media minimum age

eSafety Commissioner has launched a major evaluation of Australia’s Social Media Minimum Age to understand how platforms are applying the requirement and what effects it is having on children, young people and families.

The study aims to deliver robust evidence about both intended and unintended impacts as the national debate on youth, wellbeing and digital environments intensifies.

Over more than two years, the research will follow more than four thousand children and families in Australia, combining surveys, interviews, group discussions and privacy-protected smartphone tracking.

Administrative data from national literacy assessments and health systems will be linked to deepen understanding of online behaviour, wellbeing and exposure to risk. All research materials are publicly available through the Open Science Framework to maintain transparency.

The project is led by eSafety’s Research and Evaluation team in partnership with the Stanford University Social Media Lab and an Academic Advisory Group of specialists in mental health, youth development and digital technologies.

Young people themselves are shaping the study through the eSafety Youth Council, ensuring that the interpretation reflects lived experience rather than external assumptions. Full ethics approval underpins the methodology, which meets strict standards of integrity and privacy.

Findings will be released from late 2026 onward, with early reports analysing the experiences of children under sixteen.

The results will inform a legislative review conducted by Australia’s Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts.

eSafety expects the evaluation to become a major evidence source for policymakers, researchers and communities as the global conversation on minors and social media regulation continues.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Pakistan’s digital transformation highlighted as UNESCO advances AI ethics

UNESCO used the Pakistan Governance Forum 2026 to highlight the need for a structured Ethical AI and Data Governance Framework as the country accelerates its digital transformation.

Federal leaders, provincial authorities and civil society convened to examine governance reforms, with UNESCO urging Pakistan to align its expanding digital public infrastructure with coherent standards that protect rights while enabling innovation.

Speaking at the Forum, Fuad Pashayev underlined that Pakistan’s reform priority should centre on the Recommendation on the Ethics of Artificial Intelligence, adopted unanimously by all 193 Member States.

Anchoring national systems in transparency, accountability and meaningful human oversight was framed as essential for maintaining public trust as digital services reshape access to benefits and interactions between citizens and the state.

To support the shift, UNESCO promoted its AI Readiness Assessment Methodology (RAM), which is already deployed in more than 50 countries. The tool helps governments identify regulatory gaps, strengthen institutional coordination and design safeguards against discrimination and algorithmic bias.

UNESCO has already contributed to Pakistan’s draft National AI Policy, ensuring alignment with international ethical frameworks while accommodating national development needs.

Capacity building formed a major pillar of UNESCO’s engagement. In partnership with the University of Oxford, the organisation launched a global course on AI and Digital Transformation in Government in 2025, attracting over nineteen thousand enrolments worldwide.

Pakistan leads participation globally, reflecting both the country’s momentum and growing demand for structured training.

UNESCO’s ongoing work aims to reinforce data governance, improve AI readiness and embed ethical safeguards across Pakistan’s digital transformation strategy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Agentic AI network slicing launches in 5G Advanced with Nokia and AWS

Nokia and Amazon Web Services have introduced what they describe as the first agentic AI-powered network slicing solution operating in commercial 5G-Advanced networks. Early pilot projects with du and Orange are already underway, marking the transition from laboratory testing to commercial deployment.

For an extended period, network slicing has been presented as a way to tailor connectivity to the needs of enterprises and end users, yet static configurations have until now limited its commercial impact. A more autonomous approach is now being tested, designed to convert operational intent directly into concrete network actions.

The joint system combines Nokia’s network slicing portfolio with AI services delivered via the Amazon Web Services (AWS) Bedrock platform. Software agents analyse real-time data, including traffic levels, location information, and significant events, and automatically adjust radio access network policies. However, this enables capacity to be prioritised in response to congestion, emergencies, or large gatherings.

Enterprise use is central to the deployment. Campuses, factories, and urban areas can receive connectivity aligned with predefined service level targets (SLAs), while public safety teams can activate dedicated network slices during critical incidents. Premium consumer services, such as gaming and streaming, may also benefit from more stable performance during peak demand periods.

The solution spans the radio, transport, and core networks and will be showcased at the Mobile World Congress 2026. Commercial success will depend on whether intent-based slicing can transform what has long been a promised feature into a sustainable and scalable revenue source for operators.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google API keys exposed after Gemini privilege expansion

Security researchers warn that exposed Google API keys in public client-side code could be used to authenticate with the Gemini AI assistant and access private data. The issue arose after developers enabled the Generative Language API in existing projects without updating key permissions.

Truffle Security scanned the November 2025 Common Crawl dataset and identified more than 2,800 live Google API keys publicly exposed in website source code. Some belonged to financial institutions, security firms, recruitment companies, and Google infrastructure.

Before Gemini’s launch, Google Cloud API keys were widely treated as non-sensitive identifiers for services such as Maps, YouTube embeds, analytics, and Firebase. After Gemini was introduced, those duplicate Google API keys also acted as authentication credentials for the AI assistant, expanding their privileges.

Researchers demonstrated the risk by using one exposed key to query the Gemini API models endpoint and list available models. They warned that attackers could exploit such access to extract private data or generate substantial API charges on victim accounts.

Google was notified in November 2025 and later classified the issue as a single-service privilege escalation. The company said it has introduced controls to block leaked keys, limit new AI Studio keys to Gemini-only scope, and notify developers of detected exposure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.