Cybersecurity

OpenAI unveils AgentKit for faster AI agent creation

OpenAI has launched AgentKit, a new suite of developer tools designed to simplify AI-powered agents’ creation, deployment, and optimisation. The platform unifies workflows that previously required multiple systems, offering a faster and more visual way to build intelligent applications.

AgentKit’s AI includes Agent Builder, Connector Registry, ChatKit, and advanced evaluation tools. Developers can now design multi-agent workflows on a visual canvas, manage data connections across workspaces, and integrate chat-based agents directly into apps and websites.

Early users such as Ramp and LY Corporation built working agents in just a few hours, cutting development cycles by up to 70%. Companies including Canva and HubSpot have used ChatKit to embed conversational support agents, transforming customer experience and developer engagement.

New evaluation features and reinforcement fine-tuning allow users to test, grade, and improve agents’ reasoning abilities. AgentKit is now available to developers and enterprises through OpenAI’s API and ChatGPT Enterprise, with a wider rollout expected later this year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New report finds IT leaders unprepared for evolving cyber threats

A new global survey by 11:11 Systems highlights growing concerns among IT leaders over cyber incident recovery. More than 800 senior IT professionals across North America, Europe, and the Asia Pacific report a rising strain from evolving threats, staffing gaps, and limited clean-room infrastructure.

Over 80% of respondents experienced at least one major cyberattack in the past year, with more than half facing multiple incidents. Nearly half see recovery planning complexity as their top challenge, while over 80% say their organisations are overconfident in their recovery capabilities.

The survey also reveals that 74% believe integrating AI could increase cyberattack vulnerability. Despite this, 96% plan to invest in cyber incident recovery within the next 12 months, underlining its growing importance in budget strategies.

The financial stakes are high. Over 80% of respondents reported spending at least six figures during just one hour of downtime, with the top 5% incurring losses of over one million dollars per hour. Yet 30% of businesses do not test their recovery plans annually, despite these risks.

11:11 Systems’ CTO Justin Giardina said organisations must adopt a proactive, AI-driven approach to recovery. He emphasised the importance of advanced platforms, secure clean rooms, and tailored expertise to enhance cyber resilience and expedite recovery after incidents.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Scammers use AI to fake British boutiques

Fraudsters are using AI-generated images and back stories to pose as British family businesses, luring shoppers into buying cheap goods from Asia. Websites claiming to be long-standing local boutiques have been linked to warehouses in China and Hong Kong.

Among them is C’est La Vie, which presented itself as a Birmingham jeweller run by a couple called Eileen and Patrick. The supposed owners appeared in highly convincing AI-generated photos, while customers later discovered their purchases were shipped from China.

Victims described feeling cheated after receiving poor-quality jewellery and clothes that bore no resemblance to the advertised items. More than 500 complaints on Trustpilot accuse such companies of exploiting fabricated stories to appear authentic.

Consumer experts at Which? warn that AI tools now enable scammers to create fake brands at an unprecedented scale. The ASA has called on social media platforms to act, as many victims were targeted through Facebook ads.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New cyber rules tighten grip on China’s critical infrastructure

China has introduced one of the world’s strictest cybersecurity reporting laws, requiring major infrastructure providers to report serious cyber incidents within just one hour. The regulation, issued by the Cyberspace Administration of China, applies to all network operators working in the country and its territories.

Incidents must be graded by severity, with ‘key infrastructure’ breaches reported within 60 minutes, and ‘particularly serious’ cases, such as those threatening national security or social stability, within 30 minutes. Operators who delay or conceal information face harsh penalties under the new rules.

The directive defines major cyber incidents as those that cause large-scale paralysis, severe data loss, or the compromise of massive amounts of personal information. Even social organisations and individuals are encouraged to report significant security breaches.

Notably, attacks targeting online media or information sites that remain visible for over six hours or reach more than a million views will also be classified as widespread cyberattacks, reflecting Beijing’s tight grip on online information control.

These requirements go far beyond standards in the United States and the European Union. In the US, companies have 72 hours to report major incidents under the Cyber Incident Reporting for Critical Infrastructure Act, while the EU’s NIS2 Directive allows up to 72 hours for full notification and one month for a final report.

The move underscores China’s dual stance in cyberspace, reinforcing domestic defences while being accused of conducting aggressive cyber operations abroad. Western security agencies recently linked Chinese-backed hackers, such as the group Salt Typhoon, to breaches of US telecoms, the Treasury Department, and other key sectors.

A 2025 CrowdStrike report found China-related hacking activity surged by 150% last year, marking what analysts called an ‘inflexion point’ in Beijing’s global cyber ambitions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google unveils CodeMender, an AI agent that repairs code vulnerabilities

Google researchers have unveiled CodeMender, an AI-powered agent designed to automatically detect and fix software vulnerabilities.

The tool aims to improve code security by generating and applying patches that address critical flaws, allowing developers to focus on building reliable software instead of manually locating and repairing weaknesses.

Built on the Gemini Deep Think models, CodeMender operates autonomously, identifying vulnerabilities, reasoning about the underlying code, and validating patches to ensure they are correct and do not introduce regressions.

Over the past six months, it has contributed 72 security fixes to open source projects, including those with millions of lines of code.

The system combines advanced program analysis with multi-agent collaboration to strengthen its decision-making. It employs techniques such as static and dynamic analysis, fuzzing and differential testing to trace the root causes of vulnerabilities.

Each proposed fix undergoes rigorous validation before being reviewed by human developers to guarantee quality and compliance with coding standards.

According to Google, CodeMender’s dual approach (reactively patching new flaws and proactively rewriting code to eliminate entire vulnerability classes) represents a major step forward in AI-driven cybersecurity.

The company says the tool’s success demonstrates how AI can transform the maintenance and protection of modern software systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Harvard team builds quantum computer that runs continuously for over two hours

A team of Harvard physicists has built a quantum computing machine that can operate continuously without restarting, achieving a significant milestone in experimental quantum hardware.

Until now, quantum computing systems have typically run only for milliseconds or seconds before decoherence or atom loss forces a reset. But in a new setup, the team sustained operation for more than two hours, and they claim that, in theory, it could run indefinitely.

The breakthrough depends on a design that uses an optical lattice conveyor belt together with optical tweezers. These tools allow the system to replenish qubits (atoms) in real time, injecting new atoms at a rate of 300,000 per second into a 3,000-qubit array, to counteract atom loss and maintain quantum information.

Overcoming atom loss has been one of the biggest bottlenecks in scaling quantum computers. Without that fix, durability and error accumulation limit usability. With this experiment, the researchers demonstrate a path toward more robust, always-on quantum platforms.

Mikhail Lukin, who leads Harvard’s quantum research, said that while scaling remains challenging, the approach appears compatible with larger systems. Collaboration with MIT physicist Vladan Vuletić suggested that machines capable of indefinite operation could be within reach in as little as three years.

Applications in cryptography, materials simulation, finance, and medicine could benefit enormously if quantum machines can reliably operate over long durations. The new design resets a key assumption in quantum systems, shifting focus from short bursts of computation to sustained, fault-tolerant operation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Production restarts after cyber incident as JLR launches supplier financing

JLR has begun restarting its manufacturing operations after a cyber incident in early September disrupted production. The phased return started on 8 October at the Electric Propulsion Manufacturing Centre and the Battery Assembly Centre in the West Midlands.

Staff are also returning to stamping facilities in Castle Bromwich, Halewood, and Solihull, as well as the body shop, paint shop, and Logistics Operations Centre in Solihull. Vehicle production in Nitra, Slovakia, and the Range Rover and Range Rover Sport lines in Solihull are resuming this week, with further updates expected for other sites, including Halewood.

JLR has introduced a new financing scheme to support suppliers during the restart and ease cashflow pressures. The programme allows qualifying suppliers to receive the bulk of their payment shortly after orders are placed, with the remainder settled upon invoice.

The move accelerates payments by as much as 120 days compared with the company’s standard 60-day terms. JLR will cover the financing costs for suppliers participating during the restart phase.

The new scheme builds on earlier measures to assist suppliers following the cyberattack, such as setting up a dedicated help desk, creating a manual payment system for pending invoices, and recently restoring automated payment systems. Initially focused on suppliers critical to restarting production, the programme will expand to include some non-production suppliers as operations stabilise.

JLR also took steps to bolster liquidity in September to support the phased recovery and ensure its supply chain remains robust as full production resumes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU digital laws simplified by CEPS Task Force to boost innovation

The Centre for European Policy Studies (CEPS) Task Force, titled ‘Next Steps for EU Law and Regulation for the Digital World’, aims to refine and simplify the EU’s digital rulebook.

This rulebook now covers key legislation, including the Digital Markets Act (DMA), Digital Services Act (DSA), GDPR, Data Act, AI Act, Data Governance Act (DGA), and Cyber Resilience Act (CRA).

While these laws position Europe as a global leader in digital regulation, they also create complexity, overlaps, and legal uncertainty.

The Task Force focuses on enhancing coherence, efficiency, and consistency across digital acts while maintaining strong protections for consumers and businesses.

The CEPS Task Force emphasises targeted reforms to reduce compliance burdens, especially for SMEs, and strengthen safeguards.

It also promotes procedural improvements, including robust impact assessments, independent ex-post evaluations, and the adoption of RegTech solutions to streamline compliance and make regulation more adaptive.

Between November 2025 and January 2026, the Task Force will hold four workshops addressing: alignment of the DMA with competition law, fine-tuning the DSA, improving data governance, enhancing GDPR trust, and ensuring AI Act coherence.

The findings will be published in a Final Report in March 2026, outlining a simpler, more agile EU digital regulatory framework that fosters innovation, reduces regulatory burdens, and upholds Europe’s values.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Brazil advances first national cybersecurity law

Brazil is preparing to pass its first national cybersecurity law, aiming to centralise oversight and strengthen protection for citizens and companies. The Cybersecurity Legal Framework would establish a new National Cybersecurity Authority to coordinate defence efforts across government and industry.

The legislation comes after a series of high-profile cyberattacks disrupted hospitals and exposed millions of personal records, highlighting gaps in Brazil’s digital defences. The authority would create nationwide standards, replacing fragmented rules currently managed by individual ministries and agencies.

Under the bill, public procurement will require compliance with official security standards, and suppliers will share responsibility for incidents. Companies meeting the rules could be listed as trusted providers, potentially boosting competitiveness in both public and private sectors.

The framework also includes incentives: financing through the National Public Security Fund and priority for locally developed technologies. While the bill still awaits approval in Congress, its adoption would make Brazil one of Latin America’s first countries with a comprehensive cybersecurity law.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Deloitte’s AI blunder: A costly lesson in consultancy business

Deloitte has agreed to refund the Australian government the full amount of $440,000 after acknowledging major errors in a consultancy report concerning welfare mutual obligations. These errors were the result of using AI tools, which led to fabricated content, including false quotes related to the Federal Court case on the Robodebt scheme and fictitious academic references.

That incident underscores the challenges of deploying AI in crucial government consultancy projects without sufficient human oversight, raising questions about the credibility of government policy decisions influenced by such flawed reports.

In response to these errors, Deloitte has publicly accepted full responsibility and committed to refunding the government. The firm is re-evaluating its internal quality assurance procedures and has emphasised the necessity of rigorous human review to maintain the integrity of consultancy projects that utilise AI.

The situation has prompted the government of Australia to reassess its reliance on AI-generated content for policy analysis, and it is currently investigating the oversight mechanisms to prevent future occurrences. The inaccuracies in the report had previously swayed discussions on welfare compliance, thereby shaking public trust in the consultancy services employed for critical government policymaking.

The broader consultancy industry is feeling the ripple effects, as this incident highlights the reputational and financial dangers of unchecked AI outputs. As AI becomes more prevalent for its efficiency, this case serves as a stark reminder of its limitations, particularly in sensitive government matters.

Industry pressure is growing for firms to enhance their quality control measures, disclose the level of AI involvement in their reports, and ensure that technology use does not compromise information quality. The Deloitte case adds to ongoing discussions about the ethical and practical integration of AI into professional services, reinforcing the imperative for human oversight and editorial controls even as AI technology progresses.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot