Researchers at the University of California, Davis, have revealed that generative AI browser assistants may be harvesting sensitive data from users without their knowledge or consent.
The study, led by the UC Davis Data Privacy Lab, tested popular browser extensions powered by AI and discovered that many collect personal details ranging from search history and email contents to financial records.
The findings highlight a significant gap in transparency. While these tools often market themselves as productivity boosters or safe alternatives to traditional assistants, many lack clear disclosures about the data they extract.
Researchers sometimes observed personal information being transmitted to third-party servers without encryption.
Privacy advocates argue that the lack of accountability puts users at significant risk, particularly given the rising adoption of AI assistants for work, education and healthcare. They warn that sensitive data could be exploited for targeted advertising, profiling, or cybercrime.
The UC Davis team has called for stricter regulatory oversight, improved data governance, and mandatory safeguards to protect users from hidden surveillance.
They argue that stronger frameworks are needed to balance innovation with fundamental rights as generative AI tools continue to integrate into everyday digital infrastructure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google has patched a high-severity flaw in its Chrome browser with the release of version 139, addressing vulnerability CVE-2025-9132 in the V8 JavaScript engine.
The out-of-bounds write issue was discovered by Big Sleep AI, a tool built by Google DeepMind and Project Zero to automate vulnerability detection in real-world software.
Chrome 139 updates (Windows/macOS: 139.0.7258.138/.139, Linux: 139.0.7258.138) are now rolling out to users. Google has not confirmed whether the flaw is being actively exploited.
Users are strongly advised to install the latest update to ensure protection, as V8 powers both JavaScript and WebAssembly within Chrome.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Two critical vulnerabilities have been discovered in an accounting application developed by Workhorse Software and used by more than 300 municipalities in Wisconsin.
The first flaw, CVE-2025-9037, involved SQL server connection credentials stored in plain text within a shared network folder. The second, CVE-2025-9040, allowed backups to be created and restored from the login screen without authentication.
Both issues were disclosed by the CERT Coordination Centre at Carnegie Mellon University following a report from Sparrow IT Solutions. Exploitation could give attackers access to personally identifiable information such as Social Security numbers, financial records and audit logs.
Workhorse has since released version 1.9.4.48019 with security patches, urging municipalities to update their systems immediately. The incident underscores the risks posed by vulnerable software in critical public infrastructure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Weymouth and Kingston Maurward College in Dorset is investigating a recent phishing attack that compromised several email accounts. The breach occurred on Friday, 15 August, during the summer holidays.
Spam emails were sent from affected accounts, though the college confirmed that personal data exposure was minimal.
The compromised accounts may have contained contact information from anyone who previously communicated with the college. Early detection allowed the college to lock down affected accounts promptly, limiting the impact.
A full investigation is ongoing, with additional security measures now in place to prevent similar incidents. The matter has been reported to the Information Commissioner’s Office (ICO).
Phishing attacks involve criminals impersonating trusted entities to trick individuals into revealing sensitive information such as passwords or personal data. The college reassured students, staff, and partners that swift action and robust systems limited the disruption.
The colleges, which merged just over a year ago, recently received a ‘Good’ rating across all areas in an Ofsted inspection, reflecting strong governance and oversight amid the cybersecurity incident.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The EU has engaged in talks with the Bangladesh Telecommunication Regulatory Commission to strengthen cooperation on data protection, cybersecurity, and the country’s digital economy.
The meeting was led by EU Ambassador Michael Miller and BTRC Chairman Major General (retd) Md Emdad ul Bari.
The EU emphasised safeguarding fundamental rights while encouraging innovation and investment. With opportunities in broadband expansion, 5G deployment, and last-mile connectivity, the EU reaffirmed its commitment to supporting Bangladesh’s vision for a secure and inclusive digital future.
Both parties agreed to deepen collaboration, with the EU offering technical expertise under its Global Gateway strategy to help Bangladesh build a safer and more connected digital landscape.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A data breach at Allianz Life exposed the personal information of around 1.1 million customers, including names, addresses, and dates of birth.
Hackers accessed a customer database hosted on Salesforce, stealing emails, phone numbers, and in some cases, Social Security numbers.
The company confirmed the breach in late July but has not specified the full scale of the incident while its investigation continues.
Cybercrime group ShinyHunters is believed to be behind the attack and is reportedly preparing a data leak site to extort victims.
Several global companies using Salesforce infrastructure, including Qantas and Workday, have reported similar incidents linked to the same hacking collective.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Google’s Cloud Experience lead Hayete Gallot says developer interest in sovereign cloud solutions is rising sharply amid AI concerns. More clients are asking to control how and where their data is stored, processed, and encrypted within public cloud environments.
Microsoft said it could not guarantee full cloud data sovereignty in July, increasing pressure on rivals to offer stronger protections.
Gallot noted that sovereignty is more than location. Cybersecurity measures such as encryption, ownership, and administrative access are now top priorities for businesses.
On AI, Gallot dismissed fears that assistants will replace developers, saying skills like prompt writing still require critical thinking.
She believes modern developers must adapt, comparing today’s AI tools to learning older languages like Pascal or Fortran.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
OpenAI CEO Sam Altman has warned that the United States may be underestimating China’s rapid advances in AI. He argued that export controls on semiconductors are unlikely to be a reliable long-term solution to the global AI race.
At a press briefing in San Francisco, Altman said the competition cannot be reduced to a simple scoreboard. China can expand inference capacity more quickly, even as Washington tightens restrictions on advanced semiconductor exports.
He expressed doubts about the effectiveness of purely policy-driven approaches. ‘You can export-control one thing, but maybe not the right thing… workarounds exist,’ Altman said. He stressed that chip controls may not keep pace with technological realities.
His comments come as US policy becomes increasingly complex. President Trump halted advanced chip supplies in April, while the Biden administration recently allowed ‘China-safe’ chips, requiring Nvidia and AMD to share revenue. Critics call the rules contradictory and difficult to enforce.
Meanwhile, Chinese firms are accelerating efforts to replace US suppliers, with Huawei and others building domestic alternatives. Altman suggested this push for self-sufficiency could undermine Washington’s goals, raising questions about America’s strategy in the AI race.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
