Cybersecurity

New guidelines by Apple curb how apps send user data to external AI systems

Apple has updated its App Review Guidelines to require developers to disclose and obtain permission before sharing personal data with third-party AI systems. The company says the change enhances user control as AI features become more prevalent across apps.

The revision arrives ahead of Apple’s planned 2026 release of an AI-enhanced Siri, expected to take actions across apps and rely partly on Google’s Gemini technology. Apple is also moving to ensure external developers do not pass personal data to AI providers without explicit consent.

Previously, rule 5.1.2(i) already limited the sharing of personal information without permission. The update adds explicit language naming third-party AI as a category that requires disclosure, reflecting growing scrutiny of how apps use machine learning and generative models.

The shift could affect developers who use external AI systems for features such as personalisation or content generation. Enforcement details remain unclear, as the term ‘AI’ encompasses a broad range of technologies beyond large language models.

Apple released several other guideline updates alongside the AI change, including support for its new Mini Apps Programme and amendments involving creator tools, loan products, and regulated services such as crypto exchanges.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Firefox expands AI features with full user choice

Mozilla has outlined its vision for integrating AI into Firefox in a way that protects user choice instead of limiting it. The company argues that AI should be built like the open web, allowing people and developers to use tools on their own terms rather than being pushed into a single ecosystem.

Recent features such as the AI sidebar chatbot and Shake to Summarise on iOS reflect that approach.

The next step is an ‘AI Window’, a controlled space inside Firefox that lets users chat with an AI assistant while browsing. The feature is entirely optional, offers full control, and can be switched off at any time. Mozilla has opened a waitlist so users can test the feature early and help shape its development.

Mozilla believes browsers must adapt as AI becomes a more common interface to the web. The company argues that remaining independent allows it to prioritise transparency, accountability and user agency instead of the closed models promoted by competitors.

The goal is an assistant that enhances browsing and guides users outward to the wider internet rather than trapping them in isolated conversations.

Community involvement remains central to Mozilla’s work. The organisation is encouraging developers and users to contribute ideas and support open-source projects as it works to ensure Firefox stays fast, secure and private while embracing helpful forms of AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CERN unveils AI strategy to advance research and operations

CERN has approved a comprehensive AI strategy to guide its use across research, operations, and administration. The strategy unites initiatives under a coherent framework to promote responsible and impactful AI for science and operational excellence.

It focuses on four main goals: accelerating scientific discovery, improving productivity and reliability, attracting and developing talent, and enabling AI at scale through strategic partnerships with industry and member states.

Common tools and shared experiences across sectors will strengthen CERN’s community and ensure effective deployment.

Implementation will involve prioritised plans and collaboration with EU programmes, industry, and member states to build capacity, secure funding, and expand infrastructure. Applications of AI will support high-energy physics experiments, future accelerators, detectors, and data-driven decision-making.

AI is now central to CERN’s mission, transforming research methodologies and operations. From intelligent automation to scalable computational insight, the technology is no longer optional but a strategic imperative for the organisation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Agentic AI drives a new identity security crisis

New research from Rubrik Zero Labs warns that agentic AI is reshaping the identity landscape faster than organisations can secure it.

The study reveals a surge in non-human identities created through automation and API driven workflows, with numbers now exceeding human users by a striking margin.

Most firms have already introduced AI agents into their identity systems or plan to do so, yet many struggle to govern the growing volume of machine credentials.

Experts argue that identity has become the primary attack surface as remote work, cloud adoption and AI expansion remove traditional boundaries. Threat actors increasingly rely on valid credentials instead of technical exploits, which makes weaknesses in identity governance far more damaging.

Rubrik’s researchers and external analysts agree that a single compromised key or forgotten agent account can provide broad access to sensitive environments.

Industry specialists highlight that agentic AI disrupts established IAM practices by blurring distinctions between human and machine activity.

Organisations often cannot determine whether a human or an automated agent performed a critical action, which undermines incident investigations and weakens zero-trust strategies. Poor logging, weak lifecycle controls and abandoned machine identities further expand the attack surface.

Rubrik argues that identity resilience is becoming essential, since IAM tools alone cannot restore trust after a breach. Many firms have already switched IAM providers, reflecting widespread dissatisfaction with current safeguards.

Analysts recommend tighter control of agent creation, stronger credential governance and a clearer understanding of how AI-driven identities reshape operational and security risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands AI model Aurora to improve global weather forecasts

Extreme weather displaced over 800,000 people worldwide in 2024, highlighting the importance of accurate forecasts for saving lives, protecting infrastructure, and supporting economies. Farmers, coastal communities, and energy operators rely on timely forecasts to prepare and respond effectively.

Microsoft is reaffirming its commitment to Aurora, an AI model designed to help scientists better understand Earth systems. Trained on vast datasets, Aurora can predict weather, track hurricanes, monitor air quality, and model ocean waves and energy flows.

The platform will remain open-source, enabling researchers worldwide to innovate, collaborate, and apply it to new climate and weather challenges.

Through partnerships with Professor Rich Turner at the University of Cambridge and initiatives like SPARROW, Microsoft is expanding access to high-quality environmental data.

Community-deployable weather stations are improving data coverage and forecast reliability in underrepresented regions. Aurora’s open-source releases, including model weights and training pipelines, will let scientists and developers adapt and build upon the platform.

The AI model has applications beyond research, with energy companies, commodity traders, and national meteorological services exploring its use.

By supporting forecasting systems tailored to local environments, Aurora aims to improve resilience against extreme weather, optimise renewable energy, and drive innovation across multiple industries, from humanitarian aid to financial services.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Anthropic uncovers a major AI-led cyberattack

The US R&D firm, Anthropic, has revealed details of the first known cyber espionage operation largely executed by an autonomous AI system.

Suspicious activity detected in September 2025 led to an investigation that uncovered an attack framework, which used Claude Code as an automated agent to infiltrate about thirty high-value organisations across technology, finance, chemicals and government.

The attackers relied on recent advances in model intelligence, agency and tool access.

By breaking tasks into small prompts and presenting Claude as a defensive security assistant instead of an offensive tool, they bypassed safeguards and pushed the model to analyse systems, identify weaknesses, write exploit code and harvest credentials.

The AI completed most of the work with only a few moments of human direction, operating at a scale and speed that human hackers would struggle to match.

Anthropic responded by banning accounts, informing affected entities and working with authorities as evidence was gathered. The company argues that the case shows how easily sophisticated operations can now be carried out by less-resourced actors who use agentic AI instead of traditional human teams.

Errors such as hallucinated credentials remain a limitation, yet the attack marks a clear escalation in capability and ambition.

The firm maintains that the same model abilities exploited by the attackers are needed for cyber defence. Greater automation in threat detection, vulnerability analysis and incident response is seen as vital.

Safeguards, stronger monitoring and wider information sharing are presented as essential steps for an environment where adversaries are increasingly empowered by autonomous AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Digital ID arrives for Apple users

Apple has introduced Digital ID, a new feature that lets users create an identification card in Apple Wallet using information from a US passport.

The feature launches in beta at Transportation Security Administration checkpoints across more than two hundred and fifty airports for domestic travel, instead of relying solely on physical documentation.

It offers an alternative for users who lack a Real ID-compliant card while not replacing a physical passport for international journeys.

Users set up a Digital ID by scanning the passport’s photo page, reading the chip on the back of the document, and completing facial movements for verification.

Once added, the ID can be presented with an iPhone or Apple Watch by holding the device near an identity reader and confirming the request with Face ID or Touch ID. New verification options for in-person checks at selected businesses, apps and online platforms are planned.

The company highlights privacy protection by storing passport data only on the user’s device, instead of Apple’s servers. Digital ID information is encrypted and cannot be viewed by Apple, and biometric authentication ensures that only the owner can present the identity.

Only the required information is shared during each transaction, and the user must approve it before it is released.

The launch expands Apple Wallet’s existing support for driver’s licences and state IDs, which are already available in twelve states and Puerto Rico. Recent months have added Montana, North Dakota and West Virginia, and Japan adopted the feature with the My Number Card.

Apple expects Digital ID to broaden secure personal identification across more services over time.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Baidu launches new AI chips amid China’s self-sufficiency push

In a strategic move aligned with national technology ambitions, Baidu announced two newly developed AI chips, the M100 and the M300, at its annual developer and client event.

The M100, designed by Baidu’s chip subsidiary Kunlunxin Technology, targets inference efficiency for large models using mixture-of-experts techniques, while the M300 is engineered for training very large multimodal models comprising trillions of parameters.

The M100 is slated for release in early 2026 and the M300 in 2027, according to Baidu, which claims they will deliver ‘powerful, low-cost and controllable AI computing power’ to support China’s drive for technological self-sufficiency.

Baidu also revealed plans for clustered architectures such as the Tianchi256 stack in the first half of 2026 and the Tianchi512 in the second half of 2026, intended to boost inference capacity through large-scale interconnects of chips.

This announcement illustrates how China’s tech ecosystem is accelerating efforts to reduce dependence on foreign silicon, particularly amid export controls and geopolitical tensions. Domestically-designed AI processors from Baidu and other firms such as Huawei Technologies, Cambricon Technologies and Biren Technology are increasingly positioned to substitute for western hardware platforms.

From a policy and digital diplomacy perspective, the development raises questions about the global semiconductor supply chain, standards of compute sovereignty and how AI-hardware competition may reshape power dynamics.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Romania pilots EU Digital Identity Wallet for payments

In a milestone for the European digital identity ecosystem, Banca Transilvania and payments-tech firm BPC have completed the first pilot in Romania using the EU Digital Identity Wallet (EUDIW) for a real-money transaction.

The initiative lets a cardholder authenticate a purchase using the wallet rather than a conventional one-time password or card reader.

The pilot forms part of a large-scale testbed led by the European Commission under the eIDAS 2 Regulation, which requires all EU banks to accept the wallet for strong customer authentication and KYC (know-your-customer) purposes by 2027.

Banca Transilvania’s Deputy CEO Retail Banking, Oana Ilaş, described the project as a historic step toward a unified European digital identities framework that enhances interoperability, inclusivity and banking access.

From a digital governance and payments policy perspective, this pilot is significant. It shows how national banking systems are beginning to integrate digital-ID wallets into card and account-based flows, potentially reducing reliance on legacy authentication mechanisms (such as SMS OTP or hardware tokens) that are vulnerable to fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New York Times lawsuit prompts OpenAI to strengthen privacy protections

OpenAI says a New York Times demand to hand over 20 million private ChatGPT conversations threatens user privacy and breaks with established security norms. The request forms part of the Times’ lawsuit over alleged misuse of its content.

The company argues the demand would expose highly personal chats from people with no link to the case. It previously resisted broader requests, including one seeking more than a billion conversations, and says the latest move raises similar concerns about proportionality.

OpenAI says it offered privacy-preserving alternatives, such as targeted searches and high-level usage data, but these were rejected. It adds that chats covered by the order are being de-identified and stored in a secure, legally restricted environment.

The dispute arises as OpenAI accelerates its security roadmap, which includes plans for client-side encryption and automated systems that detect serious safety risks without requiring broad human access. These measures aim to ensure private conversations remain inaccessible to external parties.

OpenAI maintains that strong privacy protections are essential as AI tools handle increasingly sensitive tasks. It says it will challenge any attempt to make private conversations public and will continue to update users as the legal process unfolds.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!