Australian audit highlights governance gaps in public-sector AI

The Australian National Audit Office has found that IP Australia’s use of AI in the patent rights process is largely effective, while calling for stronger cybersecurity governance, monitoring and strategic oversight.

Auditor-General Report No. 43 of 2025–26 examined whether IP Australia has effective arrangements to support AI adoption in the patent rights process. IP Australia administers intellectual property rights, including patents, trade marks, design rights and plant breeders’ rights.

The agency deployed its first AI tool for patent examination in 2018 and now uses four AI tools in the process. The tools are designed to provide examiners with information to support better decisions, rather than to decide patent applications themselves.

The ANAO said IP Australia has been an early adopter of AI and has progressively improved its governance arrangements. The agency has introduced an AI governance policy, risk-scaled assessment mechanisms and clearer enterprise accountability roles.

However, the audit found that strategic oversight of AI implementation and related benefits is not yet fully established. It said IP Australia’s AI inventory, committee roles and use-case ownership remain works in progress.

Monitoring and reporting were assessed as only partly effective. The ANAO said benefits have been inconsistently defined and measured, making it harder to demonstrate the ongoing effectiveness of AI tools and manage emerging risks.

The ANAO made two recommendations, urging IP Australia to review cybersecurity governance controls for AI and establish clearer risk-based monitoring and reporting arrangements. IP Australia agreed to both recommendations.

The audit said public-sector agencies should regularly reassess AI governance frameworks as they move from experimentation to wider use.

Why does it matter?

The audit shows how AI is moving from experimentation into routine public-sector decision support. IP Australia’s experience points to the benefits of AI in improving efficiency and quality, but also shows that governance must evolve as tools become embedded in official processes. Cybersecurity, accountability, monitoring and measurable benefits are becoming central to responsible AI use in government.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Singapore launches Online Safety Commission for online harms

Singapore’s Online Safety Commission has begun operations, giving victims of online harms a dedicated channel to seek faster support and redress.

The commission was established to support the office of the Commissioner of Online Safety under the Online Safety (Relief and Accountability) Act 2025. Specified provisions on statutory torts under the Act also came into effect on 29 June 2026.

In its first phase, the commission will support victims affected by five categories of online harm: online harassment, including online sexual harassment, doxxing, online stalking, intimate image abuse and image-based child abuse.

Victims of online harassment and online stalking are generally expected to report harmful content to the relevant platform first. If the platform fails to respond promptly or provides an inadequate response within 24 hours, the platform may be reported to the commission. More serious harms, including doxxing and image-based abuse, can be reported directly.

Where there is reason to suspect that online harm has occurred, the Commissioner may issue directions to the person who posted the content, the administrator of the online space or the platform hosting it. These directions may require access to harmful content to be disabled or an account to be restricted. Non-compliance is a criminal offence.

Singapore is also introducing court-based remedies through statutory torts. Victims may bring civil claims against communicators, administrators, or platforms that fail to meet the duties set out in the law. For intimate image abuse and image-based child abuse, courts must award at least $5,000 for each image or recording if the claim succeeds.

The commission will also work with community partners that can provide counselling and practical support to victims and families.

Why does it matter?

Singapore’s Online Safety Commission provides victims of online harms with a dedicated institutional route for faster relief, rather than leaving them to rely solely on platform complaint systems or lengthy court processes. The model combines administrative directions, platform duties, community support and civil remedies. It is especially relevant for image-based abuse, doxxing and child safety, where rapid content restriction and victim support can be critical.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot 

Europol highlights technology-driven organised crime threats

The European Commission, Europol and the Cypriot Presidency of the Council of the EU have presented a new assessment of Europe’s most threatening organised criminal networks, warning that they are becoming increasingly adaptive, technologically advanced and deeply embedded across the region.

The report finds that organised crime is expanding across multiple sectors, including drug trafficking, cybercrime, migrant smuggling, human trafficking, fraud and money laundering.

Criminal organisations are increasingly exploiting digital technologies, global trade routes and legitimate business structures while operating through flexible cross-border networks instead of traditional hierarchical organisations.

The European Commission said stronger cross-border cooperation and an updated Europol mandate are needed to respond to increasingly digital, cross-border and technologically sophisticated forms of organised crime.

Why does it matter?

The assessment highlights how organised crime is evolving alongside digital transformation. Criminal networks are increasingly using digital technologies, legitimate businesses and international supply chains to expand their operations, making traditional law enforcement approaches less effective against increasingly decentralised and cross-border threats.

The report also reinforces the need for stronger European cooperation. As cybercrime, fraud and money laundering become more interconnected with other forms of organised crime, improved intelligence sharing, operational coordination and investigative capabilities will be essential to disrupting criminal networks operating across multiple jurisdictions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI previews GPT-5.6 Sol model with stronger safeguards

OpenAI has begun a limited preview of GPT-5.6 Sol, a new flagship model in its new GPT-5.6 family, which also includes Terra and Luna. The company said all three models are expected to become generally available in the coming weeks.

The company said the preview is initially limited to a small group of trusted partners. OpenAI said it shared its release plans and model capabilities with the US government before launch and is initially limiting access at the government’s request.

The company said it does not consider government pre-release access an appropriate long-term default. Instead, it described the limited preview as a temporary measure while working with the US administration on a repeatable release framework linked to a cybersecurity Executive Order.

OpenAI described GPT-5.6 Sol as its most capable model to date, highlighting improvements in agentic coding, biology and cybersecurity while saying a broader set of evaluation results will be published when the model becomes generally available.

For coding, OpenAI said GPT-5.6 Sol set a new state of the art on Terminal-Bench 2.1, which tests command-line workflows involving planning, iteration and tool coordination.

The company also reported improvements in biology workflows. On GeneBench v1, which evaluates long-horizon genomics and quantitative biology tasks, OpenAI said the model performed better than GPT-5.5 while using fewer tokens.

Cybersecurity is a major focus of the preview. OpenAI said GPT-5.6 Sol is its most capable model yet for cybersecurity tasks, including vulnerability research and exploitation-related workflows.

OpenAI said the model performs better at identifying and helping remediate vulnerabilities than at carrying out end-to-end offensive cyber operations. According to the company, GPT-5.6 Sol did not exceed the Cyber Critical threshold under its Preparedness Framework.

OpenAI said the GPT-5.6 release includes its most robust safeguards to date, with configurations tailored to each model’s capabilities. The company said these safeguards are intended to constrain prohibited offensive use while preserving access for legitimate work such as code review, vulnerability research, patch development, debugging, security education and defensive testing.

Safeguards include model-level protections, real-time generation checks, account-level monitoring, differentiated access controls, enforcement mechanisms and ongoing testing. OpenAI said some higher-risk requests may be delayed or blocked during the preview period.

The company said it devoted more than 700,000 A100-equivalent GPU hours to automated red-teaming, complemented by third-party expert testing, to evaluate the model’s resilience against jailbreak attempts.

During the preview, GPT-5.6 models will initially be available through the API and Codex to selected trusted partners and organisations. OpenAI said broader access for ChatGPT, Codex and API users is planned soon.

During the preview, GPT-5.6 models will be available through the API and Codex to selected partners. OpenAI said broader access across ChatGPT, Codex and the API is planned soon. It also announced pricing for the model family and said GPT-5.6 Sol will launch on Cerebras in July, initially for a limited group of customers.

Why does it matter?

GPT-5.6 Sol illustrates how frontier AI releases are becoming increasingly governed by phased deployment, targeted access and extensive safety testing rather than immediate public availability. OpenAI’s emphasis on cybersecurity evaluations, automated red-teaming and layered safeguards reflects growing efforts to manage the risks associated with increasingly capable foundation models.

The rollout also highlights the evolving relationship between AI companies and governments. By combining limited pre-release access, enterprise deployment and structured safety frameworks, OpenAI is helping shape emerging norms for how advanced AI systems are evaluated, governed and introduced into real-world use.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

IWF urges EU to restore legal basis for voluntary CSAM detection

The Internet Watch Foundation has urged the EU policymakers to adopt a permanent legal framework allowing technology companies to voluntarily detect, report and remove child sexual abuse material online.

The organisation said Europe cannot keep relying on children to protect themselves from online predators, warning that awareness campaigns and digital literacy measures cannot replace platform responsibility, technical safeguards and proactive detection tools.

The IWF said the EU’s failure to agree on a long-term Child Sexual Abuse Regulation has created legal uncertainty after the expiry of the temporary framework that previously allowed online services to use voluntary detection measures.

According to the organisation, child sexual abuse increasingly begins online through grooming, coercion, sextortion and blackmail. The IWF said that more than a quarter of the 500,000 unique child sexual abuse images and videos it identified in 2025 were self-generated after children were manipulated into creating explicit material.

The group argues that voluntary detection should become a minimum standard across the EU, supported by legal safeguards that protect privacy and prevent misuse.

The debate remains one of the EU’s most contested digital policy issues. Child-safety organisations warn that legal uncertainty could reduce the detection of abuse, while privacy advocates have raised concerns about surveillance, false positives and the scanning of private communications.

The IWF said policymakers should not treat child protection and privacy as a binary choice, but should create a framework that allows technology companies to detect abuse while maintaining appropriate safeguards.

Why does it matter?

The debate goes to the heart of EU online safety policy: how to protect children from grooming, sextortion and the circulation of abuse material while preserving privacy and communications rights. The IWF’s intervention highlights the child-protection argument for legal certainty around voluntary detection tools. At the same time, the controversy shows why any permanent framework will need strong safeguards, transparency and limits on how detection technologies are used.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Türkiye steps into quantum race with strategic roadmap

Türkiye has published an updated quantum technology roadmap, setting out 85 priority technology topics across quantum computing, quantum sensing and quantum communication.

The roadmap was developed through the Quantum Focus Technology Network (OTAĞ), coordinated by the Presidency of the Republic of Türkiye, Secretariat of Defence Industries. The process involved 305 experts from 123 institutions and organisations, including civilian and military stakeholders.

The roadmap classifies the 85 proposed technology topics into 34 near-term and 51 long-term priorities. Technologies were assessed using an analytical prioritisation method that considered Türkiye’s needs, existing capabilities, infrastructure, and end user requirements.

The strategy focuses on building domestic capability in quantum computing, sensing and communication by strengthening research infrastructure, developing skilled human capital and expanding cooperation between universities, industry, research centres and public institutions.

Priority steps include postgraduate programmes in quantum engineering and hardware technologies, researcher exchange and internship schemes, international research partnerships and critical infrastructure such as nanofabrication, cryogenic testing, precision measurement laboratories and sensor packaging.

The roadmap forms part of Türkiye’s wider effort to build a coordinated quantum ecosystem and improve its international competitiveness in a field with implications for cybersecurity, secure communications, advanced sensing and future computing.

Why does it matter?

Quantum technologies could reshape encryption, secure communications, sensing, navigation and high-performance computing. Türkiye’s roadmap is important because it turns quantum capability-building into a structured national programme with defence and strategic-technology relevance. By aligning universities, public institutions, industry and research centres around shared priorities, Türkiye is trying to reduce dependence on foreign technologies and position itself earlier in a field where global leadership is still being contested.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Microsoft and Europol disrupt Amadey and StealC malware infrastructure

Microsoft has disrupted more than 200 command-and-control servers linked to Amadey and StealC, two widely used cybercrime tools that support credential theft, fraud and ransomware attacks.

The company’s Digital Crimes Unit said the action targeted the shared infrastructure behind the two tools rather than treating them as separate threats. In the first two weeks of May, Amadey and StealC were linked to more than 140,000 infected computers worldwide.

Amadey is often used to gain access to devices, while StealC is used to steal passwords and sensitive information. Microsoft said the tools form part of a wider cybercrime supply chain in which specialised malware services help attackers turn initial access into fraud, ransomware, espionage or other operations.

Microsoft said investigators used AI, including Copilot, to analyse malware and identify connections between the two tools more quickly. The company said the analysis helped its legal team treat both malware families as part of a single conspiracy under the US Racketeer Influenced and Corrupt Organizations Act.

The action was carried out with Europol and industry partners, including ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Europol’s European Cybercrime Centre also investigated StealC as part of Operation Endgame, alongside European law enforcement partners and cybersecurity companies, including IBM X-Force and Proofpoint.

Microsoft said it has identified more than 18,000 victim computers since the start of the operation and is working with telecommunications providers to help protect affected users.

The company said findings from the case will feed into its Statutory Automated Disruption programme, which accelerates the removal of malicious domains and infrastructure.

Why does it matter?

The operation reflects a shift in cybercrime disruption strategy. Instead of targeting one malware family or service at a time, Microsoft and its partners focused on the shared infrastructure that allows criminal tools to work together. That matters because modern cybercrime increasingly operates as a modular supply chain: one tool gains access, another steals credentials, and other actors monetise that access through fraud, ransomware or espionage. The use of AI to accelerate malware analysis also points to how defenders are trying to match the speed and scale of cybercriminal operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK’s Youth Justice Board highlights growing risks of online harms for children

The UK Youth Justice Board has published new evidence on how online harms affect children across England and Wales, warning that digital risks are increasingly linked to safeguarding, well-being and youth justice outcomes.

The Evidence and Insights Pack brings together research, data and practice examples to improve understanding of the risks children face online and how services can protect them more effectively.

The report says children face overlapping digital harms, including cyberbullying, sexual abuse, radicalisation, exploitation and the non-consensual sharing of intimate images. It also warns that harmful content and image-based abuse are becoming increasingly normalised among children, disproportionately affecting girls.

The YJB says many children who engage in problematic online behaviour have complex needs or have experienced abuse themselves. Weak platform design and limited digital literacy among adults can increase children’s vulnerability and make safeguarding more difficult.

The report calls for responses that go beyond criminal justice. It identifies promising approaches, including safety-by-design and teen-by-default platform measures, early intervention, harm-reduction responses, digital media and gaming literacy, healthy relationships education and gender-sensitive programmes.

The YJB also highlights strength-based interventions that promote belonging, critical thinking and positive identity building for children. It says such approaches can help reduce harm while avoiding unnecessary criminalisation.

The publication comes as the UK implements the Online Safety Act and prepares to ban social media for under-16s by spring 2027. The YJB said protecting children will require coordinated action across education, health, policing, local government, housing and social care.

Why does it matter?

The report strengthens the case for treating online harms as a safeguarding and public policy issue, not only a matter for platforms or the police. It shows that children can be victims, perpetrators and vulnerable participants in the same digital environments, especially where abuse, exploitation, misogyny or harmful content are normalised. The YJB’s focus on prevention and early support is important because punitive responses can deepen children’s contact with the justice system without addressing the underlying risks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

NIST explores OT asset management to strengthen cybersecurity

NIST’s National Cybersecurity Center of Excellence (NCCoE) is seeking public feedback on a new project focused on operational technology (OT) asset management as the foundation for stronger OT cybersecurity.

The draft project description, Asset Management as a Foundation for OT Cybersecurity, outlines the project’s scope, challenges and technical approach. The NCCoE plans to demonstrate practical methods for OT asset discovery, inventory, configuration and change management.

The project will involve collaboration with asset owners, operators, and solution providers. The NCCoE plans to demonstrate real-world OT asset management and visibility solutions using commercially available products.

The proposal also includes a high-level reference architecture, desired technical capabilities and alignment with relevant standards, including outcomes from the NIST Cybersecurity Framework 2.0.

The NCCoE said AI is accelerating both the discovery and exploitation of vulnerabilities, making strong OT asset management increasingly important as organisations modernise industrial systems, adopt zero trust architectures and respond to AI-driven cyber threats.

Many organisations struggle to maintain a complete inventory of OT assets. Without effective asset management, activities such as risk assessment, network segmentation, vulnerability management, incident response and technology modernisation become significantly more difficult.

The NCCoE said the laboratory demonstration will support the development of source code, scripts, architectures, procedures, and guidelines. These resources are intended to help organisations gain the visibility needed to detect and respond to modern cyber threats in OT environments.

The centre is seeking input from asset owners, operators, technology providers, and cybersecurity practitioners. Feedback will help refine the project scope, use cases, reference architecture, and demonstration objectives.

Following the consultation, the NCCoE plans to recruit collaborators for project demonstrations and development activities. Public comments on the draft are open until 31 July 2026.

Why does it matter?

Operational technology underpins critical infrastructure, manufacturing and industrial operations, making accurate asset visibility a prerequisite for effective cybersecurity. As AI enables attackers to identify and exploit vulnerabilities more quickly, organisations need reliable inventories, configuration management and continuous monitoring to support risk assessments, zero trust strategies and incident response.

The project also reflects a broader shift towards practical cybersecurity guidance. By working with industry to develop reference architectures, tools and implementation guidance aligned with the NIST Cybersecurity Framework 2.0, the NCCoE aims to help organisations translate cybersecurity best practices into operational improvements across industrial environments.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

NCSC warns of growing cyber risks to critical infrastructure

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot