Cybersecurity

FBI reports billions lost to crypto and AI scams

The Federal Bureau of Investigation reports that cyber-enabled crimes cost Americans nearly $21 billion in 2025, according to its latest Internet Crime Report. The Internet Crime Complaint Center recorded more than 1 million complaints, marking a rise from the previous year.

Investment fraud, phishing, extortion, and tech support scams remained the most common threats, with older adults reporting disproportionately high losses. Individuals over 60 accounted for approximately $7.7 billion in losses, reflecting a sharp year-on-year increase.

Cryptocurrency-related fraud was the most financially damaging category, with losses exceeding $11 billion across more than 180,000 complaints. The report also highlighted emerging risks linked to AI, including deepfake identities, voice cloning, and fabricated media used to manipulate victims.

The FBI has expanded initiatives such as Operation Level Up to identify ongoing scams and reduce losses, while emphasising early reporting and awareness measures. Officials say scammers increasingly use psychological pressure and realistic digital impersonation to deceive victims.

Rising losses highlight how rapidly evolving digital fraud techniques are outpacing public awareness, with crypto and AI tools making scams more scalable and convincing.

Strengthening detection, reporting, and education will be critical to reducing financial harm and improving resilience against increasingly sophisticated online crime networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Geneva Cyber Week to bring diplomacy, cyber policy, and AI security debates together

The United Nations Institute for Disarmament Research and the Swiss Federal Department of Foreign Affairs will co-host Geneva Cyber Week from 4 to 8 May 2026, bringing policymakers, diplomats, technical experts, industry leaders, academics, and civil society representatives to venues across Geneva and online for a week of discussions on cyber stability, resilience, governance, digitalisation, and the security implications of emerging technologies, including AI.

Returning after its inaugural edition, the event is being positioned as a response to a more fragile cyber and geopolitical environment. Held under the theme ‘Advancing Global Cooperation in Cyberspace’, Geneva Cyber Week 2026 comes at a moment of mounting cyber insecurity, intensifying geopolitical tension, and rapid technological change, with organisers framing the gathering as a space for more practical cooperation across diplomatic, technical, operational, and policy communities.

“Cybersecurity is no longer a niche technical issue; it is a strategic policy challenge with implications for international peace, economic stability and public trust. At a moment of growing fragmentation and accelerating technological change, Geneva Cyber Week brings together the communities that need to be in the room — diplomatic, technical, operational and policy — to move from shared concern to practical cooperation,” said Dr Giacomo Persi Paoli, Head of Security and Technology Programme at UNIDIR.

The programme will feature nearly 90 events and reinforce Geneva’s role as a centre for cyber diplomacy, international cooperation, and digital governance. Scheduled sessions include UNIDIR’s Cyber Stability Conference, Peak Incident Response organised by the Swiss CSIRT Forum, Digital International Geneva, the World Economic Forum Annual Meeting on Cybersecurity, and a Council of Europe session titled ‘Artificial Intelligence, Cybercrime and Electronic Evidence: Risks, Opportunities, and Global Cooperation’.

The week will also include partner-led panels, workshops, simulations, exhibitions, and networking events to connect specialist communities that do not always work in the same room. That broader structure reflects an effort to treat cyber issues not only as a technical or security matter but also as a governance, trust-building, and international-coordination challenge.

“At a time when digital threats know no borders, fostering inclusive discussions is essential to building trust, advancing common norms, and promoting a secure and open cyberspace for all. International Geneva provides an unparalleled multilateral environment to address these cybersecurity challenges collectively. Geneva Cyber Week’s diverse programme embodies this collaborative spirit,” said Marina Wyss Ross, Deputy Head of International Security Division and Chief of Section for Arms Control, Disarmament and Cybersecurity at the Swiss FDFA.

Across the city, Geneva will also mark the week visually, including flags on the Mont Blanc Bridge and special illumination of the Jet d’Eau on Monday evening. But beyond the symbolism, the event’s significance lies in how it seeks to bring cyber diplomacy, incident response, governance debates, and emerging technology risks into the same international conversation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

French data protection authority sets out 2026 GDPR and AI guidance agenda

The French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), has outlined the main guidance, consultations, and resources it plans to publish in 2026 to support compliance with the General Data Protection Regulation and certain provisions of the AI Act.

According to the CNIL, the programme is intended to help public and private sector actors prepare for upcoming consultations and anticipate regulatory developments. It says the programme is indicative and may evolve in response to current events.

The CNIL says it will begin work on ‘multi-property’ consent, covering the conditions for obtaining a single consent across several sites or media, particularly where they belong to the same group. It also says it will finalise work on the use of AI in the workplace and in health, including bias risks and safeguards to protect the rights of employees and patients.

The authority also plans to work on transcription and automated analysis tools used in call centres and videoconferencing software, operational content for data protection officers, and clarification of how the GDPR applies to non-anonymous AI models.

In the health sector, it says it will update research reference methodologies, publish its position on how people should be informed when data are reused for research, and issue a consolidated document on the electronic patient record.

On security, the CNIL says it will continue publishing recommendations to improve personal data security, publish the final updated version of its recommendation on remote electronic voting systems, and open public consultations on recommendations covering the security of personal data exchanges, remote identity verification, and end point detection and response services. It also says it will publish a recommendation on web filtering gateways.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK government reviews regulatory options for enterprise connected devices

The UK government has said it will update and streamline its proposed code of practice for enterprise connected device security and assess further policy options, including regulation, certification, and other assurance mechanisms, following its call for views on enterprise connected device security.

The response, published by the Department for Science, Innovation and Technology, says enterprise-connected devices are often critical to business operations but can lack adequate security measures. It also states that the UK government’s call for views showed strong support for intervention to improve the cybersecurity of such devices, with 95% of respondents agreeing that the government should do more.

According to the response, 76% of respondents agreed or strongly agreed that the risks posed by enterprise-connected devices are sufficiently distinct from those of other connected devices to warrant an independent code of practice.

The UK government also reports that 78% agreed or strongly agreed with creating new legislation imposing obligations on manufacturers, while 71% agreed or strongly agreed with creating a new global standard based on the code of practice.

The UK government says it will ask manufacturers to use the National Cyber Security Centre’s existing device security principles while this work continues. It also says it will finalise the security principles, make them modular within the broader set of secure-by-design codes of practice, and explore the feasibility of a certification scheme for manufacturers.

The response also states that the UK government will assess options for regulatory measures, following feedback that it needs to go beyond voluntary adoption and include some form of assurance or enforcement mechanism. It adds that the government will review whether the scope of this work should be expanded beyond enterprise-connected devices as part of its broader analysis of technology security.

The document says the UK government will seek to align this work, where possible and necessary, with international developments, including European Union standards processes under the Cyber Resilience Act. It also notes repeated calls from respondents for implementation guides and clearer alignment with existing legislation and standards.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Experts warn of potential quantum disruption to blockchain security

A survey by the Global Risk Institute has highlighted growing concern that quantum computing could undermine the cryptographic foundations of cryptocurrencies within the next decade.

Experts estimate a 28% to 49% probability that quantum machines capable of breaking current encryption standards could emerge within 10 years, with the probability rising further over a 15-year horizon.

Cryptocurrencies such as Bitcoin rely on public-key cryptography to secure transactions and verify ownership. Advanced quantum algorithms could reverse-engineer private keys from public data, exposing wallets and weakening blockchain security.

The risk is seen as particularly relevant for long-term stored assets and static addresses. Industry researchers and technology firms are already exploring post-quantum cryptography to mitigate potential disruption.

Efforts led by standards bodies such as the National Institute of Standards and Technology focus on developing encryption methods resistant to both classical and quantum attacks, although full migration across decentralised systems remains complex.

The findings place quantum readiness alongside broader digital security priorities, as financial systems, communications networks, and public infrastructure share similar cryptographic dependencies.

The evolving timeline is prompting early-stage preparation across the cryptocurrency ecosystem, where system upgrades must balance security, decentralisation, and continuity.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

European Business Council in Japan holds first cybersecurity conference in Tokyo

Tokyo hosted a cybersecurity conference organised by the European Business Council in Japan (EBC) Digital Committee on 7 April. The event took place at the EU Delegation in Tokyo.

The conference was the EBC Digital Committee’s first event. It brought together experts from the public and private sectors to exchange views on cybersecurity challenges and policy developments.

Speakers included Luis Miguel Vega Fidalgo from the European Commission, Satoshi D. from Japan’s Ministry of Economy, Trade and Industry, and Amelia Alder from Knorr-Bremse. A question-and-answer session followed their presentations.

Participants continued discussions during a networking reception after the session. The Digital Committee co-chairs, Wataru Suzuki and Felix von Helden, thanked the speakers and organisers, including Peter Fatelnig from the EU Delegation to Japan.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

Singapore to update cybersecurity standards and vendor obligations amid AI-enabled threats

Singapore’s Ministry of Digital Development and Information said the government will review and update cybersecurity standards and obligations as part of its response to evolving cyber threats, including AI-enabled attacks.

In a written parliamentary reply, the ministry said Singapore’s position as a major financial hub and digital economy makes it an attractive target for malicious actors. It added that the Cyber Security Agency of Singapore regularly updates the public on cybersecurity threats through SingCERT advisories and the Singapore Cyber Landscape publication.

The ministry said critical systems are already subject to higher cybersecurity standards and obligations under the Cybersecurity Act. It also said the government has invested in capability development, citing initiatives such as the Cybersecurity Development Programme and national exercises including Exercise Cyber Star.

As the threat evolves, so must the response, the ministry said. It stated that the Cyber Security Agency of Singapore will review and update cybersecurity standards and obligations to strengthen security controls, and that the government will help owners of critical systems better detect threats, including those from advanced threat actors and AI-enabled threats, through proprietary threat detection systems.

For government systems, the ministry said GovTech has internal guidelines to safeguard systems that hold sensitive data and provide important government services. It added that GovTech will introduce more stringent cybersecurity and data protection obligations for government vendors, including requiring vendors that manage critical systems and sensitive government data to meet Cyber Trust Mark requirements.

The reply also pointed to measures for businesses and consumers. It said the Cyber Security Agency of Singapore has rolled out initiatives, including its CISO-as-a-Service programme for small and medium enterprises, while mandatory cybersecurity requirements for gateway devices such as home routers have already been introduced.

The ministry added that standards for home routers will be raised further and that Singapore will explore introducing similar standards for IP cameras.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK data reveals alarming growth in online child abuse cases

A sharp increase in online child abuse cases has been reported by the Internet Watch Foundation (IWF) and NSPCC’s Childline, based on data from the Report Remove service.

Nearly 1,900 UK children reported sexual imagery concerns in 2025, a 66 percent rise, with more than 1,100 confirmed cases involving abuse material. Weekly reports show a consistent pattern of coercion, threats, and financial pressure targeting minors.

The scale of the increase reflects structural changes in how abuse operates online. Offenders use fake identities and contact many victims simultaneously, turning exploitation into a repeatable activity.

Financial incentives reinforce the pattern, while teenage boys aged 14 to 17 represent the majority of cases, indicating targeted and adaptive behaviour by perpetrators.

Weaknesses in digital environments further sustain such growth. Platforms prioritise speed and interaction instead of prevention, while anonymity and cross-border activity reduce enforcement effectiveness.

Psychological pressure remains central, with threats designed to isolate victims and limit reporting, meaning recorded cases likely underestimate the real scale.

The IWF‘s findings highlight a policy gap between technological expansion and child safety protections in the UK.

While services like Report Remove improve response and mitigation, they do not address underlying risks. Without stronger platform accountability and preventive regulation, online child abuse is likely to continue expanding.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU digital identity strengthens after 20 years of .eu expansion

Two decades since the launch of the .eu domain, the EU has marked its role in establishing a unified digital identity across member states.

On 7 April 2006, the .eu top-level domain (TLD) was launched, offering businesses, citizens, and organisations a pan-EU online identity.

Over time, .eu has developed into one of the largest country-code domains globally, with millions of registrations and consistent growth.

Its technical stability and security record, including uninterrupted service since launch, have reinforced its reputation as a reliable digital infrastructure. Investments in fraud detection and data integrity have further strengthened trust in its ecosystem.

The domain has also evolved to reflect the EU’s linguistic diversity, with the introduction of internationalised domain names and additional scripts such as Cyrillic and Greek. These developments have expanded accessibility and reinforced inclusivity within the European digital space.

Looking ahead, .eu is positioned as a key instrument for advancing digital sovereignty and supporting the Single Market. Its role in global internet governance discussions is expected to grow, particularly as the EU institutions seek to shape a more open, secure, and rights-based digital environment.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Project Glasswing unites tech firms for AI-driven cyber defence

Major technology and security companies have joined forces under Project Glasswing to defend critical software infrastructure using advanced AI. The initiative brings together organisations including AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorganChase and the Linux Foundation.

Anthropic is deploying its frontier model, Claude Mythos Preview, at the centre of the effort. The system detects complex software vulnerabilities at scale, uncovering thousands of previously unknown flaws across operating systems, browsers, and core infrastructure.

The model’s findings suggest a major shift in cybersecurity capabilities. AI systems are increasingly capable of matching or surpassing human expert performance in vulnerability discovery, raising both defensive opportunities and security risks.

Some of the flaws identified had persisted for decades, undetected by traditional testing methods.

Project Glasswing aims to convert these capabilities into a coordinated defensive advantage. Partners will use the model to scan and secure systems more efficiently, supported by $100 million in usage credits and additional funding for open-source security initiatives.

The programme also targets long-term improvements in cybersecurity standards and secure development practices.

Modern society depends on software that runs critical infrastructure, including banking systems, healthcare networks, energy grids, and communications platforms. When AI systems find vulnerabilities at scale, the balance shifts between attackers and defenders, making hidden weaknesses easier to uncover and faster to fix before exploitation.

For global infrastructure, this means cybersecurity is shifting from slow, human-driven auditing to continuous, AI-assisted defence, where speed, coordination, and secure-by-design practices become essential to maintaining stability and reducing systemic risk.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.