Cybersecurity

UNIDIR launches platform for AI peace and security policy

UNIDIR, Switzerland, and Pakistan will host a pre-launch briefing for the Institute’s Centre of Excellence on AI, Peace and Security in Geneva on 17 June 2026.

The briefing will take place at the Palais des Nations ahead of the centre’s formal launch later the same day. It will bring together stakeholders involved in the governance of AI and international security.

UNIDIR said the Centre of Excellence on AI, Peace and Security is being established at a critical moment for global AI governance, as AI increasingly reshapes international peace and security dynamics. The centre is intended to serve as a permanent platform for consolidating knowledge, connecting stakeholders and maintaining continuity between multilateral processes and global discussions on AI and international security.

The platform aims to promote greater continuity and coherence across international AI governance initiatives. It will also promote inclusive global engagement and provide practical, evidence-based policy guidance, resources, and capacity-building support.

According to UNIDIR, the goal is to strengthen international cooperation on the governance of AI in peace and security contexts, amid growing urgency and complexity.

The pre-launch briefing will introduce the centre as a platform for multistakeholder engagement and actionable knowledge generation. Participants will also be invited to express interest in supporting the centre, joining its Forum and contributing to future activities.

Speakers will include Dr Giacomo Persi Paoli, Head of UNIDIR’s Security and Technology Programme; Reto Wollenmann, Senior Advisor on AI and International Security at Switzerland’s Federal Department of Foreign Affairs; and Husham Ahmed, Counsellor at the Permanent Mission of Pakistan to the UN in Geneva.

The briefing will also include an overview of the centre’s governance structure and ways for states and other stakeholders to engage through its Forum. The event will be moderated by Dr Yasmin Afina, Researcher in UNIDIR’s Security and Technology Programme.

Why does it matter?

AI is becoming an increasingly important factor in international peace and security, influencing areas ranging from military applications and cyber operations to information integrity, crisis management and strategic stability. As discussions on AI governance expand across multiple international forums, there is growing demand for mechanisms that can provide continuity, expertise and coordination between policy processes.

The new UNIDIR centre seeks to fill that gap by creating a permanent platform for research, dialogue and capacity-building. By bringing together governments, international organisations, industry, academia and civil society, it could help promote more inclusive and evidence-based approaches to governing AI in security contexts, particularly for countries with limited resources or technical expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Western Balkans schools explore AI in education with UNESCO and UNICEF support

Educators from across the Western Balkans gathered in Sarajevo to discuss the rapid rise of AI in education and its implications for teaching and learning. The regional conference brought together more than 80 teachers and practitioners from Bosnia and Herzegovina, Croatia, Serbia and Slovenia.

Supported by UNESCO, UNICEF, the French Institute and the Croatian Cultural Society ‘Napredak’, the event focused on both the opportunities and risks associated with AI adoption in education. Discussions covered ethical use of AI, data protection, safeguarding learner well-being and maintaining educational integrity in digital environments.

Workshops provided hands-on training in AI tools, allowing participants to explore how the technology can be used responsibly and effectively in classroom settings. UNESCO also introduced multilingual resources on AI in education, aimed at improving access to practical guidance and best practices across the region.

The initiative highlighted a shared priority among educators: ensuring that AI supports human-centred learning while teachers remain central to delivering effective, inclusive and equitable education.

Why does it matter?

The integration of AI into education systems marks a structural shift in how learning is designed, delivered and evaluated, with implications that extend beyond classrooms into labour markets and civic participation. As governments and institutions experiment with AI tools, the key challenge is ensuring that efficiency gains do not come at the expense of equity, privacy and critical thinking.

Regional cooperation and shared ethical frameworks, such as those promoted by UNESCO, are therefore essential for preventing fragmented adoption and widening digital divides, while helping education systems remain adaptable, inclusive and centred on human development in an increasingly automated environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Canada enacts cybersecurity legislation to protect critical infrastructure

Canada has strengthened its national cybersecurity framework after Bill C-8, the Act Respecting Cyber Security (ARCS), received Royal Assent.

The legislation is designed to strengthen the security of critical infrastructure and telecommunications networks that support essential services across Canada.

The new law amends the Telecommunications Act by making security an explicit policy objective and granting the government additional powers to require action against threats targeting telecommunications systems.

The legislation also establishes the Critical Cyber Systems Protection Act, creating a regulatory framework for designated operators in the finance, telecommunications, energy and transportation sectors.

Under the new framework, organisations responsible for critical systems will be required to implement enhanced cybersecurity measures, report significant cyber incidents and comply with new security obligations. The government of Canada argues that the measures are necessary as cyber threats continue to increase in both frequency and sophistication.

While amendments to the Telecommunications Act take effect immediately, implementation of the Critical Cyber Systems Protection Act will occur gradually through a phased approach. Canadian officials said the legislation will help strengthen national resilience, protect sensitive information and support the uninterrupted operation of essential services.

Why does it matter?

The legislation reflects a growing international shift towards mandatory cybersecurity requirements for operators of critical infrastructure. Governments increasingly view cyber resilience as a matter of national security, particularly as cybercriminal groups and state-linked actors target sectors whose disruption could have significant economic and societal consequences.

The new framework also signals a move from voluntary cybersecurity practices towards enforceable obligations. By requiring organisations to strengthen security measures, report incidents and comply with regulatory requirements, Canada is seeking to improve visibility into cyber threats and reduce risks to essential services and national infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EDPS warns Shadow AI creates hidden data protection risks

The European Data Protection Supervisor (EDPS) has warned that Shadow AI can create hidden data protection and breach risks when employees use unauthorised AI tools without organisational approval. The warning was published in a blog post by EDPS Wojciech Wiewiórowski on 15 June 2026.

The EDPS said Shadow AI can include tools such as generative AI chatbots, coding assistants and automated note-taking applications. While employees may use them as shortcuts to improve productivity, unauthorised AI tools can bypass data protection and security safeguards.

According to the EDPS, data entered into unapproved AI tools can fall into a regulatory and compliance blind spot. Unauthorised tools may lack formal agreements governing the legal basis for processing, data retention periods and safeguards for international data transfers.

The EDPS also warned that Shadow AI can create a transparency gap, making it difficult for organisations to determine where information is stored, how it is processed or whether it is used to train AI models. Such tools can also introduce security vulnerabilities, including automated meeting recorders joining meetings without oversight from IT security teams.

The blog post argues that organisations should address these risks proactively rather than attempting to ignore or prohibit them outright. Instead, they should adopt proactive AI governance policies that define authorised AI use, establish data classification rules and set approval processes for new technologies.

The EDPS said policies should be backed by technical controls and monitoring, including blocking unapproved AI domains, enforcing data loss prevention rules and restricting the installation of unauthorised AI software. The EDPS also recommended that organisations provide approved AI platforms that are secure, compliant and capable of meeting employees’ operational needs.

The EDPS said reducing Shadow AI risks requires cooperation between data protection officers, IT departments, security teams and business functions. The aim, it said, is to protect data subject rights and institutional information while enabling responsible AI adoption.

Why does it matter?

Shadow AI turns everyday workplace AI use into a data protection and cybersecurity issue. Employees may use unauthorised tools to save time, but organisations can lose visibility over personal data, legal compliance, retention, international transfers and model training.

The warning also shows that responsible AI adoption depends on more than staff guidance. Organisations need approved AI tools, technical controls, monitoring and cooperation between data protection, IT, security and business teams to reduce breach risks without blocking useful innovation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

OAIC finds American Express breached privacy rules

Australia’s privacy regulator has found that American Express Australia interfered with a complainant’s privacy by failing to take reasonable steps to protect personal information from unauthorised access.

The Office of the Australian Information Commissioner published a summary report of the determination in the matter of ‘BAM’ and American Express Australia Limited, rather than the full determination, after considering confidentiality claims and potential harms linked to disclosure of sensitive information.

Australian Privacy Commissioner Carly Kind found that American Express Australia breached Australian Privacy Principle 11.1 under the Privacy Act 1988. The case followed a lengthy investigation into insider security risk within a financial institution.

The OAIC said insider security risk remains a significant but frequently overlooked threat to organisations and to individuals whose personal information they hold. It said the risk is particularly important in sectors such as financial services, where organisations store large volumes of personal information.

Under the determination, American Express Australia must compensate the complainant for economic loss, non-economic loss and complaint-related expenses. It must also issue a written apology acknowledging the interference with privacy.

The company must implement technical controls across relevant systems to restrict employee access to specific customer information, including for vulnerable or high-profile customers. It must also introduce account-level access logging and action logging across relevant systems that remain in operation.

The OAIC said the determination underscores the role of ICT access controls in protecting personal information from unauthorised access by employees.

Why does it matter?

The determination shows that privacy protection is not only about preventing external cyberattacks or data breaches. Organisations also need internal controls that restrict, monitor and log employee access to customer information. For financial institutions and other data-rich sectors, insider risk is now clearly a privacy compliance issue, not just an internal security or HR problem.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic AI restrictions reignite debate over AI sovereignty

US government restriction on foreign access to Anthropic’s Fable 5 and Mythos 5 models has triggered broader concerns about AI sovereignty among American allies. The move has raised questions about whether governments and companies outside the United States can reliably depend on frontier AI systems controlled by US firms and subject to national security restrictions.

The directive reportedly required Anthropic to prevent non-American users, including foreign nationals working inside the company, from accessing the models. Anthropic responded by suspending access more broadly, stating that this was the only practical way to comply with the directive.

The immediate dispute centres on concerns that Fable 5 could be jailbroken and used beyond its intended safeguards. However, the broader impact extends beyond one company or one model. Governments, security agencies and companies that had secured access to Anthropic’s most advanced systems reportedly saw those permissions withdrawn overnight.

The Anthropic cutoff has been particularly sensitive for US allies. Reports indicate that the restrictions extended even to partners in the Five Eyes intelligence alliance, including Australia, the UK, Canada and New Zealand. The UK’s AI Security Institute, which has played a leading role in testing and evaluating advanced models, was also reportedly affected.

The episode has strengthened arguments that countries may need greater sovereign AI capabilities rather than relying heavily on frontier models controlled by foreign providers. For allies, the question is not only whether they can access advanced AI systems today, but whether that access can be withdrawn suddenly because of US policy decisions, export controls or national security interventions.

The episode also highlights a difficult policy trade-off for the United States. The United States has a strategic lead in frontier AI and may seek to prevent the most capable systems from being misused or accessed by adversaries. Yet applying broad restrictions to allies and foreign employees could damage trust, disrupt research and push other countries to accelerate domestic AI development.

For middle powers, building AI sovereignty will not be straightforward. Training frontier models requires advanced chips, large-scale compute infrastructure, talent and capital, all of which remain concentrated in a small number of countries and firms. Restrictions on chip exports could also limit the ability of allies to build independent alternatives.

The dispute, therefore, points to a wider geopolitical shift in AI governance. As frontier AI models become more capable, access to them is increasingly being treated as a matter of national security. That could force governments to rethink procurement, cloud dependence, AI testing partnerships and long-term strategies for technological sovereignty.

Why does it matter?

The episode illustrates how access to advanced AI systems is becoming a strategic issue rather than simply a commercial service. As frontier models become increasingly important for research, cybersecurity, defence, innovation and economic competitiveness, governments are beginning to view access controls through the lens of national security and geopolitical influence.

The case also highlights a growing tension between AI leadership and international trust. While countries may seek to restrict access to powerful systems to prevent misuse, abrupt limitations affecting allies can encourage efforts to build domestic AI capabilities and reduce dependence on foreign providers. As a result, debates about AI sovereignty, technological autonomy and strategic resilience are likely to become increasingly central to digital policy worldwide.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU extends Cybersecurity Reserve support to Ukraine

Ukraine can now activate emergency EU cyber support during significant or large-scale cybersecurity incidents after the Council of the European Union approved its inclusion in the EU Cybersecurity Reserve.

The Reserve, managed by the European Union Agency for Cybersecurity, provides incident response services from trusted private-sector providers to help contain and mitigate major cyber incidents.

The European Commission said the decision reflects closer EU-Ukraine cooperation and forms part of wider efforts to strengthen preparedness, rapid response and shared expertise against evolving cyber threats.

The move also aligns with the EU’s strategic digital partnership agenda and follows Moldova’s inclusion in the Cybersecurity Reserve in 2024 under the Cyber Solidarity Act.

European Commission Executive Vice-President Henna Virkkunen said Ukraine’s inclusion strengthens collective cyber defences and reaffirms European solidarity at a time of persistent cyber threats.

Why does it matter?

Ukraine’s inclusion in the Cybersecurity Reserve extends EU cyber crisis support to a country facing sustained cyber pressure linked to geopolitical conflict. The decision shows how the EU is using the Cyber Solidarity Act and related mechanisms not only for internal resilience, but also for strategic partnerships. It also strengthens the role of ENISA-coordinated incident response services and trusted private providers in Europe’s wider cyber crisis management framework.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK evaluates frontier AI for operational cybersecurity applications

The UK Government Cyber Coordination Centre (GC3), in partnership with the National Cyber Security Centre (NCSC) and the AI Security Institute, has completed a pilot programme exploring how frontier AI models could strengthen cyber defence across government systems.

The initiative forms part of the UK’s Government Cyber Action Plan, which seeks to improve public-sector cyber resilience through the use of emerging technologies.

Teams participated in a series of hackathons that used advanced AI systems to analyse public government code repositories for potential security weaknesses.

Different approaches were tested, including multi-agent workflows, AI-assisted vulnerability investigation and specialised AI skills designed to automate parts of the security auditing process. Rather than relying on a single methodology, participants tested different architectures and workflows to determine which approaches produced the most effective results.

The exercise identified 407 security findings, including vulnerabilities that could have enabled authentication bypass, data exposure and remote code execution. AI models demonstrated an ability to identify relationships between technical weaknesses across multiple services and uncover attack paths that conventional scanners often struggle to detect.

Government departments validated the findings through existing security processes and remediated all critical vulnerabilities.

UK officials concluded that successful deployment depends less on the choice of AI model and more on how AI is integrated into structured security workflows. Human experts remained responsible for validating findings, prioritising risks and managing remediation efforts.

Following the results, GC3 plans to launch a second phase involving additional government departments, more AI systems and assessments of closed-source environments.

Why does it matter?

The pilot provides a practical example of how frontier AI systems can be used in operational cybersecurity rather than solely for research or experimentation. As governments and organisations face increasingly complex cyber threats, AI tools could help security teams identify vulnerabilities more quickly and uncover attack paths that traditional automated tools may miss.

The findings also reinforce the importance of human oversight in AI-enabled security operations. While AI can assist with vulnerability discovery and analysis at scale, expert validation and risk management remain essential. The project highlights a growing trend towards combining AI capabilities with human expertise to improve cyber resilience across critical systems and public-sector infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Developments in Africa cyber diplomacy: Continental, regional, and national initiatives

Objectives

  1. Providing an overview of cyber diplomacy in Africa: Understanding the current key players, stakeholders, and frameworks shaping cyber diplomacy on the continent.
  2. Highlighting successful continental and regional initiatives: Examining collaborative efforts such as the African Union’s (AU) initiatives and the African Digital Compact (ADC) that aim to enhance digital sovereignty and cybersecurity across member states.
  3. Discussing national strategies and policies: Analysing how individual African countries are addressing cyberthreats and promoting digital cooperation through their national cyber diplomacy efforts.
  4. Fostering dialogue and collaboration: Encouraging networking and partnerships among participants; sharing best practices and lessons learned in cyber diplomacy.

Target audience

  • Policymakers and government officials from African nations
  • Cybersecurity experts and practitioners
  • Academics and researchers in international relations and technology
  • Representatives from civil society organisations
  • Private sector stakeholders involved in technology and cybersecurity

Expected outcomes

  • Increased awareness and understanding of cyber diplomacy in Africa
  • Enhanced collaboration between stakeholders across the continent
  • Identification of best practices and strategies for effective cyber diplomacy
  • Recommendations for policymakers to strengthen national and regional cyber initiatives

This online event will serve as a vital platform for discussing the evolving landscape of cyber diplomacy in Africa. By addressing both the challenges and opportunities, we aim to foster a collaborative environment that promotes secure and inclusive digital transformation across the continent.

Diplo chatbot can make mistakes. Consider checking important information.