Alberta uses Claude Code to review government systems

The Government of Alberta has used Anthropic’s Claude Code to review and secure provincial government systems, according to a case study published by the company. Anthropic said Alberta’s Ministry of Technology and Innovation used Claude Code with its Opus and Sonnet models to analyse code, identify vulnerabilities and support remediation.

According to Anthropic, the ministry scanned 466 million lines of code in about 20 hours, covering systems used across 27 provincial ministries. Around 50 AI agents worked in parallel to identify security vulnerabilities, infrastructure weaknesses and documentation gaps.

The ministry manages about 1,280 applications and 3,400 code repositories supporting services including social services, public safety and wildfire response. Anthropic said many had never undergone comprehensive security reviews, resulting in accumulated technical debt and incomplete documentation.

Alberta used a two-stage review process. A rules engine first identified known patterns, after which Claude Code analysed the results and cited the relevant files and lines for each finding. Anthropic said the approach uncovered issues that conventional automated scanning tools had missed.

Claude Code was also used to generate fixes, write tests where needed and assist with modernising legacy systems. Anthropic said ministry engineers reviewed and approved all proposed patches before deployment, maintaining human oversight throughout the remediation process.

Alberta also developed specialised Claude-based review agents for continuous security testing during software development. These include red-team agents that probe applications for vulnerabilities, blue-team agents that assess compliance with security standards, and additional agents that review code quality and public-facing content.

Why does it matter?

The case illustrates how governments are beginning to use AI coding agents to modernise and secure large portfolios of legacy software, an area that has traditionally required significant time and specialised expertise. If these tools prove reliable, they could help public administrations reduce technical debt, improve cybersecurity and accelerate software maintenance across critical public services.

At the same time, the deployment highlights the importance of governance in public-sector AI adoption. Alberta’s reported use of human review before implementing AI-generated changes reflects a growing emphasis on combining AI-assisted development with oversight, accountability and established security practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia records highest data breach notifications since 2018

Australia recorded its highest annual number of data breach notifications in 2025 since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner.

The regulator received 1,205 notifications under the Notifiable Data Breaches scheme in 2025, an 8% increase from 1,112 in 2024.

Organisations covered by the Privacy Act must notify the OAIC of data breaches that are likely to result in serious harm to affected individuals.

Malicious or criminal activity remained the leading cause of reported breaches, accounting for 716 notifications. Cyber hacking continued to be the main cause of reported incidents.

Health service providers were the most affected sector, reporting 225 breaches, or 19% of the annual total. Financial services, Australian government agencies, business and professional associations, education providers and legal, accounting and management services were also among the most affected sectors.

The OAIC has released a new quick reference guide to help organisations assess potential breaches, decide whether notification is required and understand how to report incidents.

Privacy Commissioner of Australia, Carly Kind, said the threat posed by data breaches to Australian businesses and organisations is substantial and rising year on year.

The regulator’s latest privacy attitudes survey also found that data breaches remain the top privacy concern for Australians, with 82% expressing concern, up from 74% in 2023.

Why does it matter?

Rising breach notifications show that data protection is becoming a persistent operational and regulatory challenge for Australian organisations. The dominance of malicious activity and cyber hacking links privacy compliance directly to cybersecurity preparedness, especially in sensitive sectors such as health. OAIC’s new guide also signals a push towards faster, clearer breach assessment and notification, which matters for affected individuals as well as regulated entities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Sysdig reports first documented agentic ransomware case

Cloud security firm Sysdig says it has documented the first known case of agentic ransomware, after observing an AI-driven extortion operation it tracks as JADEPUFFER.

According to Sysdig, the operation began with exploiting CVE-2025-3248 on an internet-facing Langflow instance. Langflow is an open-source framework for building LLM-driven applications and agent workflows.

The attacker then pivoted towards a production database server running MySQL and Alibaba Nacos.

Sysdig said the operation was driven by a large language model rather than a traditional human-led toolkit. The agent carried out reconnaissance, credential harvesting, lateral discovery, persistence and destructive database activity.

The company said JADEPUFFER executed more than 600 distinct payloads and adapted to failures in real time. In one case, the agent moved from a failed login attempt to a corrected working approach in 31 seconds.

CyberScoop later reported Sysdig’s clarification that the attack was not fully human-free. A person still set up and directed the operation, provisioned command-and-control and staging infrastructure, chose the victim, and supplied credentials likely obtained through a prior compromise.

Sysdig also said API keys for OpenAI, Anthropic, DeepSeek and Gemini were among the material the agent collected from the compromised environment. That does not confirm which model powered the attack.

The case is notable less for novel techniques than for automation. Sysdig said the attack relied on known vulnerabilities and exposed infrastructure, but an AI agent chained the steps together quickly and carried out a ransomware-style database extortion workflow.

Why does it matter?

JADEPUFFER shows how agentic AI could change cybercrime by automating work that previously required skilled operators. Even if humans still choose targets and set up infrastructure, agents can speed up reconnaissance, credential theft, lateral movement and destructive activity once access is available. The defensive lesson is immediate: exposed AI tools, unpatched systems, leaked credentials, and internet-facing databases become more dangerous when attackers can automate exploitation and adaptation at machine speed.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

MEPs to debate EU AI cybersecurity strategy

Members of the European Parliament are set to question the European Commission on its latest AI and cybersecurity proposals, including a new AI cybersecurity strategy expected to be unveiled on 7 July.

According to the European Parliament’s plenary newsletter, the Commission’s action plan is expected to include measures to help EU member states and companies address AI-related cybersecurity risks.

The strategy is also expected to strengthen Europe’s AI cybersecurity capabilities as policymakers examine how AI is reshaping both cyber threats and cyber defence.

The debate follows the European Commission’s welcome of the G7 cybersecurity declaration on strengthening global cyber resilience. Parliament is also considering two legislative proposals collectively referred to as the ‘Cybersecurity Act 2‘.

The proposals are expected to address issues including the NIS2 framework, the role of the EU Agency for Cybersecurity (ENISA), the EU cybersecurity certification framework and ICT supply chain security.

The debate is scheduled for 7 July, as part of a European Commission statement followed by parliamentary scrutiny.

Why does it matter?

The debate shows that AI-related cybersecurity risks are becoming part of the EU’s broader cyber resilience agenda. By linking AI policy with NIS2, ENISA, certification and supply chain security, the EU is preparing to treat AI not only as an innovation priority but also as a cybersecurity concern.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong launches AI privacy sandbox for schools

Hong Kong’s Office of the Privacy Commissioner for Personal Data and the Digital Policy Office have launched an AI privacy sandbox to support responsible AI adoption in schools.

The Safeguarding Personal Data AI Sandbox will provide a collaborative platform for schools exploring AI solutions while managing the risks to personal data protection.

The first phase will run for six months and select 15 school applicants. It is open to publicly funded primary and secondary schools, with applications accepted until 30 October 2026.

Selected schools will receive guidance from the Privacy Commissioner’s office on compliance with the Personal Data (Privacy) Ordinance.

They will also receive support from the Digital Policy Office on Hong Kong’s Generative Artificial Intelligence Technical and Application Guideline.

Cyberport, Hong Kong, and the Hong Kong Productivity Council will provide technical advice.

A briefing session for interested schools is scheduled for 28 August 2026.

Why does it matter?

Schools are increasingly exploring AI tools, but their use of student data creates specific privacy, safety and governance risks. Hong Kong’s sandbox offers a practical way to test AI adoption in education while giving schools regulatory and technical support. The initiative also shows how governments can move beyond broad AI principles by creating sector-specific support mechanisms for institutions that may lack in-house expertise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

SDAIA, DCO and ICAIRE to discuss responsible AI implementation in Geneva

A side event at the first session of the Global Dialogue on AI Governance will focus on responsible AI implementation, exploring how ethical AI commitments can be translated into practical governance and delivery models.

The session, titled Responsible, Trusted, and Safe AI for Prosperity: From Principles to Practice will take place on 7 July at Palexpo in Geneva. It is being organised by the Saudi Data and Artificial Intelligence Authority (SDAIA), the Digital Cooperation Organization (DCO), and the International Center for Artificial Intelligence Research and Ethics (ICAIRE).

According to the concept note, the discussion will explore how governments and their partners can move from shared AI principles to institutional models that support the safe, trusted, and inclusive deployment of AI. Topics will include national AI readiness, public-sector adoption, governance frameworks, capacity-building and cross-border cooperation.

The organisers frame responsible AI implementation as a public value issue, linking it to stronger public services, national development priorities and sustainable digital prosperity. The session will also highlight SDAIA’s role in building national AI capabilities, ICAIRE’s work connecting AI ethics with research, and the DCO’s efforts to strengthen international digital cooperation.

The agenda includes keynote remarks from DCO Secretary-General Deemah AlYahya and a senior representative of SDAIA. A high-level panel featuring representatives from the DCO, ICAIRE and participating governments will be followed by a question-and-answer session with the audience.

Why does it matter?

The discussion reflects a broader shift in international AI governance from developing high-level principles to building the institutions, skills and regulatory frameworks needed to implement them effectively. As more countries publish AI strategies and governance commitments, the challenge is increasingly how to translate those ambitions into practical public-sector capabilities.

The session also highlights the growing importance of international cooperation in AI governance. By bringing together governments and international organisations to exchange implementation experiences, the event aims to support more consistent, trusted and inclusive approaches to AI adoption across different countries.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

IWF and NCA urge parents to protect children’s photos from AI misuse

The Internet Watch Foundation (IWF) and the UK’s National Crime Agency (NCA) have launched new guidance urging parents and carers to better protect images of their children online, warning that criminals are increasingly using AI to turn publicly available photographs into child sexual abuse material.

The campaign responds to a sharp rise in AI-generated child sexual abuse material and aims to help families make more informed decisions about sharing children’s image online and obtaining their consent.

The guidance accompanies a public awareness campaign across Facebook, Instagram and YouTube, encouraging families to review privacy settings, reconsider who can access children’s photographs and discuss image consent with young people.

Parents are encouraged to regularly review whether they are comfortable sharing images online, limit access through private groups where appropriate, and talk openly with their children about AI-generated imagery, deepfake nudes and online safety.

The campaign follows growing evidence that offenders are exploiting publicly accessible family and school photographs.

The IWF recently helped prevent the circulation of more than 100 AI-generated sexual images created from photographs taken from a UK school’s website after criminals attempted to blackmail the school. According to the organisations, even ordinary family photographs can now be manipulated into realistic abuse material without the knowledge of children or their parents.

The scale of the threat has grown significantly. The IWF identified 8,029 AI-generated child sexual abuse images and videos in 2025, a 14% increase on the previous year.

AI-generated videos increased from just 13 identified in 2024 to 3,443 in 2025, with nearly two-thirds classified as the UK’s most severe Category A abuse material.

The IWF argues that technology companies must strengthen safeguards around AI image generation tools before release, while continuing to support law enforcement efforts to combat online child exploitation.

Why does it matter?

Generative AI has made it significantly easier to create realistic child sexual abuse material from ordinary photographs, fundamentally changing the online child protection landscape. Images shared on social media, school websites or other public platforms can now be manipulated without a child’s knowledge, creating new risks for families and increasing the burden on law enforcement and child protection organisations.

The campaign also highlights that preventing AI-enabled abuse requires more than criminal enforcement. Stronger safeguards in AI image-generation tools, improved privacy practices, greater parental awareness and better digital literacy around image sharing and consent are all becoming essential components of online child safety.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

ITU showcases AI tools to strengthen digital trust

The International Telecommunication Union (ITU) has highlighted a new generation of AI researchers developing practical tools to strengthen digital trust, improve content authenticity and combat misinformation.

Ahead of the AI for Good Global Summit in Geneva, the Young Researcher Associate Programme is showcasing projects designed to improve multimedia authenticity, helping people identify manipulated content while supporting creativity and innovation in the age of generative AI.

The initiative operates under the AI and Multimedia Authenticity Standards Collaboration, established in 2024 by the World Standards Cooperation, which brings together the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO) and the ITU.

The programme brings together early-career researchers from universities around the world to develop solutions addressing content authenticity, provenance and digital rights as AI-generated media becomes increasingly common online.

Three flagship projects illustrate the programme’s multidisciplinary approach. STOP&SCAN promotes critical thinking through a five-step framework that encourages people to assess the source, content and context of digital information before sharing it.

AMITO provides an AI-powered multimedia integrity toolkit through Telegram and WhatsApp, analysing suspicious images and videos while explaining its findings in plain language rather than simply labelling content as authentic or fake.

Meanwhile, the Policy-as-Code project maps AI-related regulations across jurisdictions, helping creators, businesses and policymakers understand how AI-generated content is regulated while laying the foundations for machine-readable compliance mechanisms.

The researchers will present their work at the AI for Good Global Summit on 9 July, demonstrating how technical innovation, behavioural science and regulatory frameworks can work together to build more trustworthy digital ecosystems. According to the ITU, strengthening digital trust requires collaboration across generations, disciplines and countries.

According to ITU, designing digital trust requires collaboration across generations, disciplines and countries to ensure AI strengthens rather than undermines confidence in online information.

Why does it matter?

As generative AI makes it easier to create convincing synthetic media, verifying the authenticity and provenance of digital content is becoming increasingly important for governments, businesses and the public. Technical tools alone are unlikely to solve the problem, making user education, common standards and transparent governance equally important.

The initiative also highlights the growing role of international standards organisations in shaping AI governance. By combining authenticity technologies, regulatory mapping and practical educational tools, the ITU and its partners are helping develop a shared foundation for trusted digital ecosystems that can operate across platforms and national borders.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Bank of England explores AI ‘kill switches’ for markets

The Bank of England is exploring whether emergency ‘kill switches’ could halt trading activity if autonomous AI systems begin behaving unpredictably, reflecting growing concern that existing market safeguards may not be suited to AI-driven trading.

Deputy Governor Sarah Breeden said regulatory frameworks must evolve as AI systems become capable of autonomously chaining actions and executing trading strategies. Speaking at the European Central Bank’s Sintra Forum, she warned that relying solely on human oversight may no longer be sufficient as financial markets become increasingly automated.

Regulators are particularly concerned about systemic risks, including AI models amplifying market volatility, exhibiting coordinated behaviour or pursuing objectives that diverge from their intended design. They also warned that AI could strengthen cyber defences while simultaneously making it easier to discover and exploit vulnerabilities at scale.

Breeden said the Bank is also exploring resilience measures such as simulation testing, stronger recovery mechanisms and potential cross-institution support during market disruptions. She added that international coordination will be essential as increasingly autonomous AI systems become embedded in global financial markets.

Why does it matter? 

The Bank of England’s proposals reflect a growing recognition that autonomous AI systems could introduce systemic risks that existing market safeguards were not designed to address. Traditional mechanisms such as circuit breakers assume markets are ultimately driven by human decisions, whereas AI agents may react to changing conditions at machine speed and in highly coordinated ways.

The discussion also illustrates how financial regulators are shifting from studying AI risks to preparing practical resilience measures. Tools such as simulation testing, emergency trading controls and international coordination could become increasingly important as AI takes on a larger role in trading, payments and other core financial market functions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

AI for Good Global Commission launches to expand trusted AI access

Rwanda’s President Paul Kagame, Salesforce Chair and CEO Marc Benioff and International Telecommunication Union Secretary-General Doreen Bogdan-Martin have announced the launch of the AI for Good Global Commission.

The Commission brings together more than 40 founding members, including heads of state and government, technology executives and heads of UN agencies.

It is co-chaired by Kagame and Benioff, with Bogdan-Martin serving as vice-chair. ITU said the Commission will work to identify practical pathways to strengthen trust, expand access and unlock AI’s potential to address real-world challenges.

The initiative will focus on technical, socioeconomic and policy questions around AI, with an emphasis on responsible innovation, human capability and broad-based economic and social benefits.

Access is a central part of the Commission’s mandate. ITU said 2.2 billion people remain offline, limiting their ability to benefit from AI developments.

The Commission builds on ITU/UNESCO Broadband Commission for Sustainable Development, which has focused on connectivity, digital inclusion and economic development.

Its inaugural meeting will take place during the AI for Good Global Summit 2026 from 7 to 10 July. The Summit is part of Digital Week, which also includes the first UN-mandated Global Dialogue on AI Governance and the WSIS Forum 2026.

Why does it matter?

The AI for Good Global Commission places digital inclusion at the centre of global AI governance debates. Its launch highlights a key challenge: many countries and communities cannot benefit from AI if they lack connectivity, infrastructure, skills and institutional capacity. The Commission’s relevance will depend on whether it can move beyond high-level commitments and help turn access, trust and responsible innovation into practical support for developing countries.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!