CISA launches critical infrastructure security partnership

The US Cybersecurity and Infrastructure Security Agency has launched a new advisory framework to strengthen public-private cooperation on critical infrastructure security and resilience.

The initiative, called the Alliance of National Councils for Homeland Operational Resilience, or ANCHOR-CI, is designed to improve information sharing between government and industry and broaden participation across critical infrastructure sectors.

CISA said the framework builds on lessons from the Critical Infrastructure Partnership Advisory Council while expanding engagement to a wider range of public and private stakeholders.

ANCHOR-CI will provide forums for federal, state, local, tribal and territorial officials to engage with critical infrastructure owners, operators and other organisations with responsibilities for cybersecurity, physical security and resilience.

The framework will allow participants to discuss the threat environment, identify vulnerabilities and develop recommendations for securing more resilient critical infrastructure and cyberspace.

CISA will manage the governance of councils established under ANCHOR-CI, including sector, cross-sector, industry and regional councils.

The launch comes as critical infrastructure operators and public authorities face growing pressure from ransomware, cyberespionage and other threats affecting essential services.

Why does it matter?

Critical infrastructure security depends on cooperation between government agencies and the private-sector operators that own or manage many essential services. ANCHOR-CI is important because it creates a new structure for sharing sensitive information, coordinating resilience planning and giving sector stakeholders a formal way to advise the government. The framework could be especially relevant for cyber threats that cross sectors, such as ransomware, supply-chain compromise and attacks on water, energy, transport or communications systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Bank of England warns agentic AI threatens financial stability

Bank of England Deputy Governor Sarah Breeden has warned that rapidly advancing AI capabilities, particularly agentic AI systems capable of autonomously carrying out complex sequences of actions, pose growing risks to financial stability.

Breeden noted that open-source AI models may trail the most advanced proprietary models by only four to eight months. She warned that delays in applying security patches can allow attackers to reverse engineer newly disclosed vulnerabilities, echoing the Five Eyes cybersecurity agencies’ assessment that the relevant timeline for AI-enabled cyber threats is measured in months rather than years.

Turning to financial markets, Breeden warned that AI trading agents responding to similar prompts or market signals could reinforce one another during periods of stress, amplifying volatility. She also cautioned that autonomous systems could drift from their original objectives or from broader public policy goals.

She said the Bank of England is working with the Bank for International Settlements Innovation Hub and Germany’s Bundesbank to simulate how different agent designs could contribute to herd behaviour. The work also explores safeguards comparable to market circuit breakers or kill switches that could halt AI-driven trading if faulty models threatened financial stability.

Breeden also highlighted the implications of agentic AI for payments, where autonomous systems could increasingly initiate transactions on behalf of users. She said this raises questions about consent, authorisation, liability for erroneous payments and interoperability as different organisations develop competing technical standards. The Bank is leading a public-private initiative to design the next generation of UK retail payments infrastructure with these emerging use cases in mind.

Breeden concluded by calling for stronger international cooperation, arguing that AI presents cross-border systemic risks comparable to those exposed during the global financial crisis. She suggested that the shared technology dependencies underpinning advanced AI warrant closer international coordination among financial authorities.

Why does it matter?

The speech reflects a growing shift in financial regulation from focusing on AI adoption to preparing for systemic AI risks. By highlighting autonomous decision-making, cyber threats and market dynamics, the Bank of England is signalling that agentic AI presents challenges that extend beyond individual firms to the stability of the financial system as a whole.

It also illustrates how central banks are beginning to rethink financial infrastructure for an AI-enabled economy. Questions around autonomous payments, liability, market safeguards and international coordination suggest that existing regulatory frameworks may need to evolve as AI agents become more capable of acting independently across financial markets and payment systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Anthropic redeploys Claude Fable 5

Anthropic will restore global access to Claude Fable 5 after the US government lifts export controls on the model.

The company said the controls were applied on 12 June to Claude Fable 5 and Claude Mythos 5, requiring access restrictions for foreign nationals inside and outside the United States. Anthropic suspended access to both models for all users because it said it had no reliable way to verify nationality in real time.

Anthropic said the controls were lifted on 30 June. Fable 5 will become available globally from 1 July on the Claude Platform, Claude.ai, Claude Code and Claude Cowork, with access on AWS, Google Cloud and Microsoft Foundry to be restored as quickly as possible.

Access to Mythos 5 has been restored only for a set of US organisations following government approval. Anthropic said Fable 5 and Mythos 5 share the same underlying model, but Fable 5 has stronger safeguards for general use, while Mythos 5 has fewer safeguards and is limited to trusted partners working on defensive cybersecurity.

The export control directive followed a report by Amazon researchers describing a method for bypassing Fable 5 safeguards. Anthropic said the reported behaviour involved identifying software vulnerabilities and, in one case, producing code showing how a vulnerability could be exploited.

The company said its review found that the technique did not expose unique Mythos-level cyber capabilities. It has trained an improved safety classifier to block the behaviour described in the report, and said blocked requests will be redirected to Claude Opus 4.8.

Anthropic also called for a shared industry framework to assess the severity of AI jailbreaks. It said it is working with Amazon, Microsoft, Google and other Glasswing partners on criteria including capability gain, breadth of capability gain, ease of weaponisation and discoverability.

The company said it is expanding cooperation with the US government on frontier AI security, including pre-release evaluation, faster information sharing and joint research on safeguards.

Why does it matter?

The case shows how frontier AI releases are becoming part of national security and export-control policy, especially when models have advanced cybersecurity capabilities. Anthropic’s response also highlights a broader governance gap: governments and companies still lack a shared standard for judging when a jailbreak is minor, serious or urgent enough to justify intervention. The outcome could influence how advanced AI models are tested, released and restricted across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UNICEF urges child-focused AI governance

UNICEF has called for child rights to be placed at the centre of AI governance, warning that children are adopting AI technologies faster than adults while safeguards struggle to keep pace. Ahead of the first Global Dialogue on AI Governance, UNICEF said AI is already reshaping childhood worldwide, creating significant opportunities alongside new risks.

Based on data from 10 countries, UNICEF estimates that at least 20 million children have used AI, with adoption rates in many cases more than three times higher than among adults.

More than 2 million children, or one in 10, said they use AI for advice on things that worry them. An estimated 13 million children reported using AI to support learning and homework.

UNICEF warned that governance frameworks, including safeguards for children, are failing to keep pace with rapid AI adoption. The organisation said children are more exposed to AI systems, business models and data practices, while having less power to avoid or challenge them.

UNICEF said most AI governance frameworks do not adequately prioritise children’s interests, despite young people being among those most likely to experience the long-term consequences of today’s policy decisions. While AI can support learning, creativity and play, evidence on its effects on cognitive development, emotional well-being and exposure to harm is still emerging.

The organisation also highlighted children’s own concerns. Across the 10 countries surveyed, one-third worried about AI being used for scams or misinformation, while one-quarter feared their images or videos could be manipulated into sexually explicit deepfakes. UNICEF warned that too many AI systems are reaching children without adequate safeguards.

UNICEF called on governments, the private sector and partners to embed child rights in global AI governance, with a particular focus on safety and protection.

The organisation urged investment in research on AI’s impact on children’s development and wellbeing, stronger laws and corporate accountability to stop AI-enabled sexual exploitation and abuse, and AI systems designed with maximum safety and transparency.

UNICEF called on governments and technology companies to embed children’s rights into AI governance through stronger legal protections, corporate accountability and safety-by-design. It also urged greater investment in research, AI literacy for children and caregivers, and digital infrastructure to reduce inequalities in access. According to UNICEF, decisions made today will shape children’s safety, privacy, wellbeing and opportunities for decades to come.

Why does it matter?

Children are becoming some of the earliest and most frequent users of AI, yet governance frameworks, research and safety measures remain underdeveloped. As AI increasingly influences how children learn, communicate and seek information, gaps in protection could expose them to misinformation, exploitation, privacy risks and harmful content during critical stages of development.

The report also reinforces a broader shift in AI governance towards rights-based policymaking. By arguing that children’s interests should be considered from the design stage through deployment and regulation, UNICEF is framing child protection not as a niche issue but as a core principle for trustworthy AI.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK ATOC says social media ban is not enough

The UK Alliance Tackling Online Child Sexual Exploitation and Abuse has welcomed the UK government’s plan to ban social media use by children under 16, while warning that the measure alone will not stop online child sexual abuse.

The alliance said age restrictions on mainstream social media platforms could reduce some risks. Still, children may move to less regulated digital spaces, including encrypted messaging services, gaming platforms and other online environments where grooming, sexual extortion and abuse can continue.

UK ATOC called for a broader, system-wide response focused on prevention, stronger platform accountability and safer-by-design digital services. It said governments, regulators, technology companies and online service providers share responsibility for reducing opportunities for abuse before harm occurs.

The alliance proposed a package of technical, legislative and regulatory measures. These include stronger safeguards in end-to-end encrypted environments, robust age-assurance systems, mandatory safer-by-design principles, stronger enforcement under the Online Safety Act and clearer regulation of AI chatbots and companion services.

It also called for device-level nudity detection, upload prevention for known child sexual abuse material and measures to address livestreamed abuse, grooming and sexual extortion.

UK ATOC welcomed the government’s plan to introduce nudity-detection tools on children’s devices, describing it as an important additional safeguard.

The statement reflects a wider concern that age bans may reduce children’s exposure to some mainstream platforms, but cannot replace a comprehensive child-safety framework across the broader digital ecosystem.

Why does it matter?

The UK debate shows the limits of age-based social media bans as a child-safety tool. Online child sexual exploitation and abuse can move across platforms, devices, encrypted services, gaming environments and AI-enabled systems. UK ATOC’s response therefore shifts the focus from access restrictions alone towards prevention, safer design, platform duties and technical safeguards that address how abuse actually happens across digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Singapore strengthens cyber resilience against AI threats

Singapore’s Cyber Security Agency (CSA) has outlined new and ongoing initiatives to strengthen national cyber resilience as AI reshapes the cyber threat landscape.

The measures are detailed in the Singapore Cyber Landscape 2025/2026 report, which reviews cybersecurity trends and the country’s response to evolving digital threats.

CSA said AI is reshaping the global cyber threat environment by enabling attackers to operate with greater speed, scale and sophistication. The agency said agentic AI is a particular concern because autonomous systems could automate parts of the cyber kill chain, compressing attacks that once unfolded over days into hours.

The agency cited Anthropic’s Mythos and the misuse of OpenClaw, an open-source agentic AI framework, as examples of how AI can accelerate vulnerability research, exploit development and cyberattack preparation.

At the same time, CSA said AI can strengthen cyber defence by improving threat detection, accelerating incident response and helping organisations identify vulnerabilities more quickly. As AI systems become more widely deployed across enterprise networks and critical infrastructure, however, they are also becoming attractive targets, making secure AI deployment an increasing priority.

To support secure AI adoption, CSA has published Guidelines on Securing AI Systems and a Companion Guide for system owners. It also released a discussion paper on securing agentic AI systems in October 2025 and said it will continue working with international partners on AI security standards.

The report also highlights how AI is changing the tactics of phishing and scam operations. CSA said attackers can use AI to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and create tools that can bypass multi-factor authentication.

CSA also warned that AI is making phishing and scam campaigns more convincing through voice cloning, video deepfakes and large-scale generation of personalised phishing messages. Despite these growing capabilities, reported phishing cases fell by 21% in 2025 to around 4,800 incidents.

Singapore has also launched the pilot National Simulated Scams Exercise, supported by the Ministry of Home Affairs. The exercise simulated AI-enabled government official impersonation scam calls to help the public recognise and respond to emerging scam tactics.

CSA said the number of infected infrastructure units detected in Singapore rose sharply to 284,300 in 2025, a 142% increase from 2024. The increase was driven mainly by persistent malicious infrastructure activity and improved detection of infected botnet devices.

The agency said weakly secured consumer Internet-of-Things devices and unpatched firmware continue to create opportunities for botnet operators. To address this, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by the end of 2027.

Ransomware also remained a significant threat, with reported cases rising slightly from 159 in 2024 to 165 in 2025. CSA said small- and medium-sized enterprises remained disproportionately affected due to lower cybersecurity maturity and limited resources.

To support SMEs, CSA backed the Cyber Resilience Centre, which provides cybersecurity health checks and recovery assistance after incidents. Eligible SMEs can also receive co-funding for cybersecurity advisory services through the CISO-as-a-Service programme.

One of the year’s most significant incidents involved an attempted intrusion by the APT group UNC3886 targeting Singapore’s four largest telecommunications operators. CSA said the attack was contained through Operation CYBER GUARDIAN without disruption to services or evidence of customer data being compromised.

CSA is also requiring critical information infrastructure owners to attain Cyber Trust mark certification by the end of 2027. The requirement is intended to extend good cybersecurity practices across broader enterprise environments that support critical infrastructure operations.

In 2025, Singapore also conducted its largest Exercise Cyber Star, involving close to 500 participants from CSA, the Singapore Armed Forces’ Digital and Intelligence Service and critical infrastructure owners across 11 sectors.

CSA said it has expanded Cyber Essentials and Cyber Trust mark certifications to include mandatory cloud and AI security requirements. More than 800 organisations had attained at least one Cyber Essentials certification as of early 2026.

The agency is also advancing Singapore’s National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate adoption of quantum-safe technologies.

CSA said Singapore will continue investing in cybersecurity capabilities, strengthening partnerships and supporting secure adoption of emerging technologies in an AI-driven threat landscape.

Commissioner of Cybersecurity and CSA Chief Executive David Koh said Singapore must ‘lock down, find first, and fix fast’ as AI and quantum technologies reshape cyber risks. He said the response must be continuous, with government, industry and citizens working together to ensure digital innovation develops alongside trust and security.

The report illustrates how Singapore is treating cybersecurity as a continuous national resilience effort encompassing AI, critical infrastructure, ransomware, online scams and future quantum threats.

Why does it matter?

Singapore’s strategy reflects a growing shift from reactive cybersecurity towards continuous cyber resilience. Rather than addressing individual threats in isolation, the government is integrating AI security, critical infrastructure protection, scam prevention, cybersecurity certification and quantum readiness into a coordinated national strategy.

The report also illustrates how AI is changing cybersecurity on both sides of the equation. While attackers are using AI to accelerate phishing, malware development and vulnerability exploitation, governments are increasingly deploying AI to strengthen cyber defence, making secure AI deployment and governance central components of national cybersecurity policy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Korea and Japan expand AI and defence cooperation

South Korea and Japan have agreed to expand defence cooperation, including collaboration on AI and other advanced technologies, following talks between South Korean Defence Minister Ahn Gyu-Back and Japanese Defence Minister Shinjiro Koizumi in Seoul. The agreement was reached during a bilateral summit held in Seoul that day.

The ministers agreed to establish regular high-level visits and meetings, resume bilateral naval search and rescue exercises for the first time in nine years, and continue trilateral security cooperation with the United States to support regional peace and stability.

They also agreed to expand exchanges between South Korea’s Black Eagles and Japan’s Blue Impulse aerobatic teams to support search and rescue training. The agreement also included a commitment to strengthen ties in state-of-the-art science and technology, including AI, with the summit taking place at the Ministry of National Defence’s parade ground in Seoul.

Why does it matter?

The agreement marks a further improvement in defence relations between South Korea and Japan, whose security cooperation has often been constrained by historical and political tensions. The resumption of joint search and rescue exercises after nine years reflects growing alignment on shared regional security priorities.

The inclusion of AI and advanced technology cooperation also illustrates how emerging technologies are becoming integral to defence partnerships. As countries increasingly integrate AI into military planning, logistics and operational capabilities, technological collaboration is becoming a strategic component of broader security relationships, particularly within the Indo-Pacific.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK CMA consults on Apple and Google app store payment rules

The UK Competition and Markets Authority has opened consultations on new requirements for Apple and Google under the country’s digital markets competition regime.

Proposed steering requirements would allow app developers to direct UK users to payment options outside Apple’s App Store and Google’s Play Store. The CMA said Apple currently bans steering in the UK, while Google restricts it.

According to the regulator, allowing developers to communicate with customers about off-platform options could increase competition, reduce payment costs and support innovation across mobile services.

Consultation proposals also cover principles to ensure that any steering fees charged by Apple and Google are fair and reasonable. The CMA said such fees should be based on evidence and should be lower than current app store charges.

Alongside the steering proposals, officials are seeking views on a potential requirement for Apple to provide developers with access to near-field communication functionality on iOS.

Broader NFC access could allow UK fintechs and developers to support contactless payments from within their own apps. It could also support future payment methods, including account-to-account payments, digital currencies and stablecoins, as well as non-financial uses such as digital ID and car keys.

Responses to the steering conduct requirement are due by 28 July 2026, while views on the potential NFC requirement are due by 21 July 2026. The CMA will decide later this year whether to impose new obligations.

Why does it matter?

The consultations show the UK’s digital markets regime moving into targeted conduct rules for major mobile platforms. If adopted, the measures could weaken Apple and Google’s control over in-app payments and give developers more freedom to offer alternative purchasing channels. The NFC proposal also widens the debate beyond app store commissions, addressing Apple’s control over device functionality that can shape competition in mobile payments, digital identity and other services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

AUSTRAC warns AI is reshaping financial crime

AUSTRAC has released a new suite of intelligence and risk assessments examining evolving threats, related to money laundering, terrorism financing and proliferation financing.

The Australian financial intelligence agency said advances in AI and other emerging technologies are enabling criminals to exploit vulnerabilities and evade detection. The reports are intended to help organisations strengthen risk-based anti-money laundering and counter-terrorism financing controls.

The package includes the Money laundering update 2026, Terrorism Financing Update 2026, Proliferation Financing Update 2026 and a report on terrorism financing risks in Australia’s non-profit sector. AUSTRAC said the publications show growing reliance on everyday financial services and corporate structures to conceal illicit funds.

While traditional risk channels remain relevant, AUSTRAC said financial crime is becoming more complex and interconnected as technology, globalisation and increasingly sophisticated criminal methods reshape how illicit activity is concealed.

AUSTRAC identified AI and virtual assets, including cryptocurrency, as key technologies reshaping the threat landscape by increasing both the scale and sophistication of financial crime.

The agency said legitimate financial services, trade flows, corporate structures and routine transactions can all be exploited to disguise illicit activity. It also highlighted persistent vulnerabilities in Australia’s non-profit sector, noting that although the overall terrorism financing risk remains stable, charities and not-for-profit organisations continue to face exposure to money laundering and terrorism financing.

Charities and not-for-profit organisations play an important role in supporting communities in Australia and overseas. However, AUSTRAC said they remain vulnerable to money laundering and terrorism financing.

AUSTRAC said the intelligence products are designed to help regulated organisations better understand emerging financial crime threats and strengthen their anti-money laundering and counter-terrorism financing controls.

Why does it matter?

Financial crime is becoming increasingly difficult to detect as criminal networks exploit legitimate financial systems alongside AI, cryptocurrencies and other emerging technologies. AUSTRAC’s latest assessments highlight the need for regulated organisations to strengthen risk-based anti-money laundering and counter-terrorism financing controls in response to a more complex threat environment.

The reports also underscore a broader shift in financial crime prevention. Rather than focusing only on traditionally high-risk transactions, organisations are being encouraged to monitor how ordinary financial services, corporate structures and cross-border activities can be misused, reflecting the growing sophistication of modern illicit finance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada’s CSE expands cyber defence amid growing threats

The Communications Security Establishment Canada (CSE) has published its 2025-2026 Annual Report, detailing the activities of the agency and the Canadian Centre for Cyber Security between April 2025 and March 2026 as cyber threats continued to grow in scale and complexity.

During the reporting period, the Canadian Centre for Cyber Security responded to more than 3,200 cybersecurity incidents affecting federal institutions and critical infrastructure. It also issued 25 alerts, 995 advisories and more than 97,000 notifications through the National Cyber Threat Notification System to 1,363 subscribed organisations.

CSE also took direct action against ten of the ransomware groups causing the greatest harm to Canada and its allies, while completing 1,772 supply chain risk assessments to strengthen cyber resilience across government. During the year, the agency received 13 ministerial authorisations, including four supporting foreign cyber operations.

The report highlights how recent defence investments are supporting work on secure digital infrastructure, stronger cyber defence capabilities, AI, post-quantum cryptography and deeper collaboration with trusted international partners.

Minister of National Defence David J. McGuinty said the report demonstrates the importance of CSE’s work to Canada’s security and economic well-being. Chief of CSE Caroline Xavier noted that the agency will mark its 80th anniversary in 2026 and said recent investments are providing the tools needed to address an increasingly complex threat environment.

Why does it matter?

The report illustrates how national cybersecurity agencies are shifting from responding to isolated incidents to maintaining continuous operations against increasingly sophisticated digital threats. Activities ranging from ransomware disruption to supply chain assessments demonstrate the expanding role of cyber defence in protecting governments and critical infrastructure.

The emphasis on AI, post-quantum cryptography and secure digital infrastructure also signals Canada’s long-term approach to cybersecurity. By investing in emerging technologies while strengthening cooperation with allies, CSE is preparing for a threat environment in which cyber resilience is closely tied to national security, economic stability and technological competitiveness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot