Cybersecurity

Anthropic expands AI cybersecurity programme for critical infrastructure

AI company Anthropic has announced a major expansion of Project Glasswing, an initiative aimed at strengthening the security of critical software through AI-assisted vulnerability detection.

After initially providing access to around 50 organisations, the programme will expand to approximately 150 additional partners across more than 15 countries.

Project Glasswing provides selected organisations with access to Claude Mythos Preview, Anthropic’s cybersecurity-focused AI model. According to Anthropic, participating organisations have identified more than 10,000 high- and critical-severity software vulnerabilities through the programme.

The newly added participants include operators and vendors across critical infrastructure sectors such as power, water, healthcare, communications and hardware manufacturing.

Anthropic argues that increasingly capable AI systems could significantly reshape cybersecurity, creating both new defensive opportunities and new risks. The company says future AI models may enable defenders to identify, analyse and remediate vulnerabilities at greater scale, while also potentially enhancing the capabilities available to malicious actors.

Project Glasswing is intended to help critical organisations adapt before such capabilities become widely accessible.

Alongside the expansion, Anthropic said it plans to provide additional cybersecurity tools, support vulnerability remediation efforts and work with industry, governments and open-source software maintainers to strengthen cyber resilience.

Why does it matter?

The expansion of Project Glasswing highlights the growing role of AI in cybersecurity, particularly in vulnerability discovery and software security testing. As critical infrastructure operators face increasingly sophisticated cyber threats, AI-assisted tools may help identify and address security weaknesses more quickly.

At the same time, the initiative reflects broader concerns that advances in AI could benefit both defenders and attackers, increasing the importance of responsible deployment, coordinated security research and resilience planning across critical sectors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Finland implements national framework for EU Cyber Resilience Act

Finland’s national cyber resilience law entered into force on 1 June, establishing national procedures for implementing the European Union’s Cyber Resilience Act. The Cyber Resilience Act establishes cybersecurity requirements for software and hardware products placed on the EU market.

The law assigns responsibility for implementing key provisions of the Cyber Resilience Act to the National Cyber Security Centre Finland, which operates within the Finnish Transport and Communications Agency (Traficom). The act covers market surveillance, vulnerability reporting, notification of conformity assessment bodies, administrative sanctions, and provisions linked to EU cybersecurity certification.

From 11 September 2026, manufacturers will be required to notify the National Cyber Security Centre Finland of actively exploited vulnerabilities and serious security incidents affecting their products. Notifications must be submitted within 24 hours of the manufacturer becoming aware of the vulnerability or incident.

Products covered by the Cyber Resilience Act must comply with its requirements from 11 December 2027. The requirements apply to manufacturers, importers, distributors, and open-source software stewards, while high-risk AI systems in Finland will be supervised by the authorities responsible for the Artificial Intelligence Act in their respective sectors.

Finland has also amended its Act on Electronic Communications Services to support the implementation of domain name registration requirements under the NIS2 Directive. The new obligations will apply after a three-month transition period and will extend to domain name resellers and certain domain names other than .fi and .ax, where the entity’s main establishment or designated representative is located in Finland.

Why does it matter?

The Cyber Resilience Act represents one of the EU’s most significant efforts to improve cybersecurity across connected products and software. By introducing security-by-design requirements, vulnerability reporting obligations and market surveillance mechanisms, the regulation aims to reduce cybersecurity risks throughout the digital supply chain.

Finland’s implementation measures provide the national framework needed to enforce these requirements, while the related NIS2 amendments further strengthen oversight of critical digital infrastructure and domain name services.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

White House launches new AI security framework for frontier models

US President Donald Trump has signed an executive order aimed at advancing AI innovation while strengthening cybersecurity protections across government networks and critical infrastructure sectors.

The order directs federal agencies to strengthen cyber defences and expand the use of AI-powered security tools. Several federal departments have been given 30-day deadlines to begin implementing additional protections for national security systems, civilian government networks and critical infrastructure operators.

A central element of the initiative is the creation of an AI cybersecurity clearinghouse that will work with technology companies and infrastructure providers to identify software vulnerabilities, coordinate security research and support faster patch deployment.

Federal officials will also examine funding opportunities for projects focused on advanced AI vulnerability detection and expand cybersecurity recruitment programmes.

The executive order also introduces a voluntary framework for developers of advanced AI models. Under the framework, companies may choose to work with the government to determine whether their systems qualify as frontier AI models and provide secure early access for cybersecurity assessments prior to broader deployment.

Administration officials emphasised that the framework does not create mandatory licensing or government approval requirements for the release of new AI technologies.

Why does it matter? 

The order signals a US strategy of accelerating AI development while addressing emerging national security risks, reflecting growing competition among major economies to lead the next generation of advanced technologies.

Its emphasis on voluntary collaboration rather than strict regulation could influence how other countries approach AI governance, innovation and cybersecurity in the years ahead.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Greece advances digital transformation with AI, interoperability and cybersecurity measures

Greece’s Minister of Digital Governance and Artificial Intelligence, Dimitris Papastergiou, has outlined a broad digital transformation agenda in an interview with the newspaper Manifesto, highlighting new legislation, AI deployment, cybersecurity measures and digital public services.

A key element of the agenda is the implementation of the EU’s ‘once-only’ principle, which allows citizens and businesses in Greece to avoid repeatedly submitting the same information to public authorities across the EU. The legislation also introduces more than 800 new interoperability connections between government systems, aiming to reduce bureaucracy and improve service delivery.

Papastergiou highlighted the growing use of AI in public administration, including the mAigov digital assistant, which has handled more than 4.4 million citizen queries. Greece is also investing in AI infrastructure projects, including the Daedalus supercomputer and the Pharos AI Factory, while preparing national legislation aligned with the EU AI Act.

The minister also highlighted a memorandum of understanding with voice AI company ElevenLabs aimed at improving accessibility and public services through voice-based technologies. Additional initiatives include the creation of a Unified Property Hub, stronger anti-phishing measures, a National Malicious Websites Blocking List, the Defective Vehicle Recall Registry and enhancements to the MyStreet application.

On child online safety, Greece plans to introduce age-verification requirements for users under 15 through the Kids Wallet application from January 2027. According to the minister, the system will verify age without exposing or storing unnecessary personal information.

Why does it matter?

Greece’s plans illustrate how governments are increasingly combining AI deployment, digital public services and cybersecurity measures within broader digital transformation strategies.

The initiatives also reflect wider European efforts to improve interoperability, strengthen digital infrastructure, enhance online safety for children and prepare for the implementation of the EU AI Act.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Singapore consults on personal data rules for generative AI

Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation on proposed advisory guidelines governing the use of personal data in generative AI systems. Published on 2 June, the draft guidelines seek feedback on how Singapore’s Personal Data Protection Act (PDPA) applies when personal data is used in the development and deployment of generative AI systems.

The proposed guidelines address the collection and use of personal data for generative AI model development, the allocation of data protection responsibilities across the AI lifecycle, and the handling of individual rights requests relating to personal data. The guidance is organised around development, deployment, and post-deployment stages.

For model development, the draft guidelines clarify how organisations may rely on exemptions for publicly available information when using web-scraped datasets containing personal data. They also set out considerations for data behind digital barriers such as paywalls, registration requirements, authentication mechanisms, and tools that block automated access.

The PDPC proposes that general privacy notices should not be considered sufficient for obtaining consent to use personal data for large-scale AI training or fine-tuning. Organisations would instead be expected to provide AI-specific notices explaining the categories of personal data used, the purpose of the processing, the model’s intended functions, and how individuals can refuse or withdraw consent.

The proposed guidelines also outline responsibilities for model providers, system providers, and system deployers, including retention, protection, purpose limitation, and accountability obligations. The post-deployment guidance addresses access and correction requests while recognising technical challenges associated with large datasets, embeddings, temporary context windows and the removal of specific information from trained models. Interested parties may submit comments to the PDPC by 1 July 2026.

Why does it matter?

The consultation highlights the growing challenge of applying existing data protection laws to generative AI systems that rely on large-scale data collection and model training. Regulators worldwide are increasingly examining how privacy principles such as consent, transparency and purpose limitation should operate in AI development.

Singapore’s proposed guidance could provide an important reference point for organisations developing or deploying generative AI, particularly in areas such as web scraping, AI training datasets and the allocation of responsibilities across the AI value chain.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK strengthens Online Safety Act protections against intimate image abuse

The UK Government has announced an amendment to Ofcom’s Illegal Content Codes of Practice under the Online Safety Act, introducing new measures to tackle non-consensual intimate images. The update was outlined in by the Minister for AI and Online Safety, Kanishka Narayan.

The amendment requires relevant online services to use perceptual hash-matching technologies, or equivalent tools, to identify and prevent the re-upload of known non-consensual intimate images, including AI-generated intimate image deepfakes.

According to the government, the change strengthens the framework established by Ofcom’s Illegal Content Codes of Practice, which entered into force in 2025. The updated approach aims to ensure that once abusive content has been identified and removed, systems are in place to prevent it from being repeatedly shared.

The amendment has been laid before Parliament for scrutiny and will take effect if neither House objects. The government said the measure is intended to strengthen protections for victims, particularly women and girls, and forms part of the ongoing implementation of the Online Safety Act in the UK.

Why does it matter?

Governments and regulators are increasingly treating AI-generated intimate imagery as a form of image-based abuse alongside authentic non-consensual intimate content. As generative AI tools make it easier to create and distribute realistic deepfakes, policymakers are looking for mechanisms to prevent harmful content from repeatedly reappearing online.

The UK’s proposal reflects a broader trend towards requiring platforms to deploy technical measures that can identify and block known abusive content while strengthening protections for victims of online harms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia launches AI Safety Institute to boost trust in AI adoption

Australia’s AI Safety Institute became operational on 2 June as the government seeks to strengthen public trust in AI development, deployment and governance. The announcement was made during the AFR AI Summit in Canberra, where the government described public trust as essential to building a domestic AI industry.

According to Assistant Minister for Science, Technology and the Digital Economy Hon Dr Andrew Charlton, Australia’s national AI plan rests on three pillars:

  • Capturing the opportunity
  • Sharing the benefits
  • Keeping Australians safe.

The AI Safety Institute is intended to support that effort by testing AI systems, assisting regulators and strengthening public confidence in the technology.

In his speech, Charlton also argued that Australia faces a choice between building a world-class AI industry or relying on foreign capability, while warning that low public trust could slow AI adoption and investment.

Charlton cited survey findings showing that only 30% of Australians believe the benefits of AI outweigh the risks, while 78% are concerned about potential negative impacts, and 36% say they trust the technology. It linked public scepticism to concerns that AI benefits may flow offshore while costs linked to jobs, privacy, power bills, and local communities are borne domestically.

Data centres were highlighted as an example of how trust considerations are shaping AI policy. The government said data-centre developers should contribute new renewable energy capacity, cover an appropriate share of transmission and distribution costs, engage with local communities and avoid creating pressure on water resources.

The AI Safety Institute will analyse and test AI models and applications, support regulators responding to emerging AI-related harms, and contribute to national and international discussions on safe AI development and governance. The speech also pointed to wider work on privacy reform, online safety, workplace impacts, competition, consumer issues, and public-sector AI adoption.

Why does it matter?

Australia is positioning trust as a key component of its AI strategy at a time when governments are balancing economic opportunities from AI with concerns about safety, privacy, employment and infrastructure impacts.

By creating a dedicated AI Safety Institute, Australia joins a growing number of countries establishing specialised institutions to evaluate AI risks, support regulators and build public confidence in the deployment of increasingly capable AI systems.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

G7 digital and technology ministers agree on priorities on AI, resilience and online child safety

G7 digital and technology ministers have agreed on priorities covering secure AI, AI openness, digital sector resilience and online safety for minors following a meeting in Paris under France’s presidency. Ministers said digital technologies are central to innovation, productivity and competitiveness, while also creating new challenges for users, businesses and service providers.

The statement reaffirmed support for Data Free Flow with Trust, while highlighting privacy, data protection, intellectual property and security considerations. Ministers also welcomed G7 work on semiconductors, digital standards, quantum technologies, and competition in AI inputs, including computing power, data, energy, and talent.

On AI, ministers said secure, responsible and trustworthy systems are needed to maintain public trust and support adoption. They welcomed the revised Hiroshima AI Process Reporting Framework and said France’s presidency would start discussions with stakeholders, the OECD, and members of the International Network for Advanced AI Measurement, Evaluation and Science to improve comparability between AI risk assessment frameworks.

The G7 also backed a Vision on AI Openness, intended to clarify terminology and support access to open-source and open-weight AI approaches. Ministers said AI openness can help diffuse AI, support research collaboration, and contribute to innovation and economic growth, while clearer language can reduce ambiguity and support trust.

Ministers also supported a G7 SME AI Readiness Tool, developed with the OECD and in cooperation with the G7 Social-Employment working group. The tool is expected to be made available through the G7 AI Training Hub to help micro, small and medium-sized enterprises assess their digital and AI readiness, improve AI literacy and lower adoption barriers.

The statement also addresses digital and AI sector resilience, resource efficiency and growing pressure on energy grids and digital infrastructure. On child online safety, ministers supported a Common G7 Set of Principles for a safe and secure digital space for minors, covering digital literacy, AI education, risk mitigation by digital service providers, support for parents and guardians, and protection against online harms.

Why does it matter?

The G7 statement reflects growing international coordination around AI governance, digital resilience and online child safety. By addressing AI risk assessment, openness, SME adoption and digital infrastructure pressures in one framework, ministers are linking technological innovation with trust, security and economic competitiveness.

The agreement also signals that online safety for minors is becoming a core part of digital policy cooperation among major economies, particularly as AI systems and digital platforms play a larger role in children’s online experiences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Greece approves major digital governance and interoperability reforms

The Greek Parliament has approved a bill from the Ministry of Digital Governance and Artificial Intelligence to expand digital public services, reduce bureaucracy, and strengthen cybersecurity.

The legislation implements the EU rules on the cross-border automated exchange of supporting documents through the once-only principle, allowing citizens and businesses to avoid repeatedly submitting the same documents to public authorities across the EU.

Greece’s new framework establishes technical and operational measures enabling public authorities to retrieve official documents securely and automatically, with the user’s consent. The system will operate through the European interoperability infrastructure and in line with the EU data protection requirements.

The General Secretariat for Information Systems and Digital Governance will oversee technical coordination and implementation.

Beyond cross-border services, the legislation introduces several domestic digital initiatives. These include a Defective Vehicle Recall Registry to notify vehicle owners about critical safety issues, upgrades to the MyStreet application with electric vehicle charging points and emergency gathering locations, and a customer relationship management platform on gov.gr that will allow citizens to track public service requests through a single interface.

The bill also includes measures to accelerate the launch of more than 800 new public-sector interoperability services and strengthen protections against online fraud. A National Malicious Website Blocking List will be established through Greece’s National Cybersecurity Authority to support faster blocking of phishing websites, scam portals, and malicious online services.

Why does it matter?

The legislation shows how EU interoperability rules are being translated into national digital government reforms. Greece is combining the once-only principle for cross-border public services with domestic service integration, citizen-facing digital tools, and cybersecurity measures against online fraud. The result is a broader shift towards public administration built around automated document exchange, consent-based data retrieval, and shared digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

IWF and CaseScan partner to strengthen the detection of child abuse material

The Internet Watch Foundation has announced a new partnership with CaseScan aimed at improving the detection and identification of child sexual abuse material online.

CaseScan, a specialist technology company supporting child protection investigations and digital safety work, has joined the IWF as a member. The company develops tools that help specialist teams identify, classify, and prioritise illegal material more efficiently, reducing manual workloads and supporting faster responses when criminal content is found.

Through its membership, CaseScan will be able to draw on IWF intelligence and services to strengthen how it helps approved clients detect child sexual abuse material. The IWF said the collaboration will support faster identification of criminal content.

The partnership comes amid a rapidly evolving online threat landscape. According to the IWF’s 2025 Annual Data & Insights Report, new technologies, systemic vulnerabilities, and the continued distribution of child sexual abuse material are increasing the challenges faced by investigators and online safety organisations.

CaseScan said the collaboration will strengthen its ability to support professionals working on the front line of child protection investigations. The IWF said industry partnerships are essential to disrupting the criminal distribution of abusive images and videos and preventing the repeated victimisation of children online.

Why does it matter?

The partnership shows how child safety organisations and specialist technology providers are working to improve the speed and accuracy of CSAM detection. As the volume and complexity of illegal material online grow, trusted intelligence and specialist detection tools can help investigators and approved organisations prioritise cases, reduce manual review burdens, and respond more quickly to harmful content.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.