Cybersecurity

Hong Kong checks AI privacy compliance across sectors

Hong Kong’s Office of the Privacy Commissioner for Personal Data has completed compliance checks on 60 organisations to assess how AI use affects personal data privacy.

The checks, launched in January 2026, covered sectors including banking and finance, education, government departments, insurance, medical services, telecommunications, transport, accounting, food and beverage, logistics, property management, and innovation and technology. The PCPD found no contravention of the Personal Data (Privacy) Ordinance during the exercise.

Among the organisations reviewed, 57 (95%) used AI in day-to-day operations, an increase of 15 percentage points from the previous round of checks. Around 79% of those organisations had used AI for more than a year, while 51% used three or more AI systems.

AI systems were mainly used for administrative support, customer service, research and development, marketing, compliance and risk management, human resources, corporate communications, cybersecurity and data analysis.

Of the 57 organisations using AI, 24 collected or used personal data through AI systems. All provided Personal Information Collection Statements before or during data collection and implemented security measures such as access controls, encryption, penetration testing and anonymisation.

The PCPD found that 23 of those 24 organisations tested AI systems before implementation, while 19 conducted privacy impact assessments. Nineteen adopted a human-in-the-loop approach, and five used a human-in-command model for oversight.

The checks also found that 19 organisations had established AI governance structures, while 17 had internal policies or guidelines for employees’ use of generative AI at work. Twenty organisations provided AI-related training, with most including content on privacy risks.

Also, the PCPD recommended that organisations using AI comply with the Personal Data (Privacy) Ordinance, establish internal governance structures, provide staff training, adopt incident response plans, conduct risk and privacy impact assessments, and regularly audit AI systems. It also urged organisations to use agentic AI prudently by limiting access rights, assessing data sensitivity and maintaining system and data security.

Why does it matter?

The checks show that AI is becoming embedded in business and public-sector operations in Hong Kong, including in areas involving personal data. The PCPD’s findings suggest that many organisations are beginning to adopt safeguards such as impact assessments, human oversight and AI governance structures, while its warnings on agentic AI point to growing concern over systems that can act with greater autonomy and access sensitive data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Myanmar proposes Anti-Online Fraud Bill targeting digital currency scams

Myanmar’s military-backed authorities have proposed a new Anti-Online Fraud Bill to tackle digital currency scams and online fraud networks operating in the country.

The draft legislation would introduce severe penalties for offences linked to online fraud and ‘digital currency fraud’. Reports citing the text say those convicted could face prison sentences ranging from 10 years to life imprisonment.

The bill also proposes the death penalty in the most serious cases involving online scam centres, particularly where people are unlawfully detained, violently coerced or forced into scam operations. AFP, cited by Malay Mail, reported that the proposed penalty would apply to those who detain or violently coerce victims into working in online scam centres.

The proposal reflects growing pressure on Myanmar over large scam compounds where trafficked people have reportedly been forced into online fraud schemes, including romance and cryptocurrency scams. International scrutiny has intensified as cyber-fraud networks across Southeast Asia continue to target victims globally.

Myanmar’s authorities have presented online fraud and online gambling as national security concerns. State media has previously reported crackdowns, deportations and plans for a national anti-scam centre, while also describing telecom fraud and online gambling as threats requiring stronger enforcement.

The bill comes amid wider regional action against transnational scam networks. China has pursued criminal cases linked to Myanmar-based fraud syndicates, while international organisations and law enforcement agencies have warned that online scam compounds combine cybercrime, financial fraud and human trafficking.

Why does it matter?

The proposed bill shows how governments are escalating responses to transnational online fraud networks, particularly where crypto scams overlap with human trafficking and forced labour in scam compounds. Myanmar’s approach would mark a shift towards extreme punitive measures, raising both enforcement and human rights concerns, while highlighting how digital fraud has become a cross-border security issue involving organised crime, financial losses and exploitation of vulnerable people.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

DIGITALEUROPE urges stronger EU-US digital cooperation

DIGITALEUROPE has called for the rapid implementation of the EU-US trade deal and the launch of a broader transatlantic digital dialogue. The organisation said commitments under the Turnberry Agreement should be implemented to provide greater predictability for businesses.

DIGITALEUROPE said progress on implementing legislation is important for timely adoption of the agreement. The organisation also highlighted the importance of cooperation on digital resilience and competitiveness between the EU and the United States.

According to DIGITALEUROPE, the proposed EU-US Digital Dialogue could address areas including critical technologies, cybersecurity, secure connectivity, and energy technologies. The organisation said industry participation would support cooperation and transatlantic coordination.

DIGITALEUROPE also called for progress on a Cyber Mutual Recognition Agreement between the EU and the US. The statement reflects ongoing efforts to reinforce digital collaboration between Europe and the US.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Financial institutions increase cyber defences following AI security findings

Banking institutions across the United States, Europe, and Japan are strengthening cybersecurity measures following the identification of new vulnerabilities through AI-assisted security analysis tools. The findings have increased discussion around how AI may affect cyber risks across financial infrastructure.

Security teams are reviewing legacy system vulnerabilities and accelerating remediation efforts, according to sector reports. Smaller institutions are relying on intelligence shared by larger banks, while regulators warn that inaction increases exposure to coordinated cyberattacks.

International financial organisations, including the International Monetary Fund, have highlighted potential risks linked to evolving AI-enabled cyber threats.

Recent incidents involving platform breaches, supply-chain compromises, and AI-related exploit techniques have contributed to broader cybersecurity concerns across sectors.

Cybersecurity specialists said defence strategies increasingly rely on coordinated intelligence-sharing and AI-supported security systems.

Why does it matter?

AI is accelerating both the discovery of system weaknesses and the sophistication of cyberattacks, increasing systemic risk across interconnected financial infrastructure. As banking becomes more digitally dependent, cybersecurity shifts into a core stability concern for global financial governance and market resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

UK authorities issue guidance on frontier AI cyber risks in finance

The Bank of England, the Financial Conduct Authority (FCA), and HM Treasury published a joint statement on cybersecurity and operational resilience risks linked to frontier AI models.

According to the statement, current frontier AI models can perform certain cyber-related tasks at high speed and scale, potentially increasing operational and security risks if misused.

UK authorities said regulated firms should strengthen governance, vulnerability management, third-party risk oversight, and recovery capabilities. The statement also referred to the use of automated and AI-supported defensive measures in cybersecurity operations.

The guidance highlighted risks associated with third-party services, open-source software, and legacy systems. According to the statement, boards and senior management should maintain awareness of frontier AI-related operational and cyber risks.

The authorities said they will continue monitoring frontier AI developments and engage with industry through the Cross Market Operational Resilience Group (CMORG). The statement also references guidance published by the UK National Cyber Security Centre (NCSC) on vulnerability management and AI-related cyber risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Claude Mythos AI model triggers global cyber risk review

Anthropic’s Claude Mythos Preview has drawn attention from financial regulators after the UK AI Security Institute found a notable increase in the model’s cybersecurity capabilities, including stronger performance on multi-step cyber-attack simulations.

AISI said earlier that its evaluation found continued improvement in capture-the-flag challenges and significant improvement in multi-step cyber-attack simulations. The institute said Mythos completed a previously unsolved 32-step simulated corporate network attack, marking the first time one of its tested models had completed that scenario.

Anthropic has also published its own technical assessment of Claude Mythos Preview, describing the model as a general-purpose system with advanced cybersecurity capabilities. The company has limited access to the model, reflecting concerns about the dual-use nature of systems that can support vulnerability discovery and cyber operations.

According to media reports, Anthropic is expected to brief the Financial Stability Board on the cybersecurity implications of Claude Mythos, as regulators examine whether frontier AI models could create new risks for banks and other financial institutions. The reports said the model has not been made publicly available because of concerns that its capabilities could be misused.

The scrutiny comes as financial authorities pay closer attention to the links between AI, cyber resilience and systemic risk. Advanced AI models support defenders by helping identify vulnerabilities and improve security testing, but similar capabilities could also lower the cost and complexity of offensive cyber activity.

Some experts have cautioned against treating Mythos as a wholly new category of threat, arguing that it amplifies existing cyber risks rather than replacing them. Weak authentication, unpatched systems and poor cyber hygiene remain central causes of breaches, making baseline resilience and governance critical as AI capabilities advance.

Why does it matter?

Claude Mythos shows how frontier AI models can become dual-use infrastructure: useful for strengthening cyber defence, but potentially risky if similar capabilities are misused. For financial institutions, the issue is systemic. If advanced models can accelerate vulnerability discovery or cyber operations across interconnected organisations, regulators may need to treat AI model oversight as part of financial stability and cyber resilience planning.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Interpol warns AI is increasing scale and accessibility of cybercrime

Interpol said AI tools are changing cybercrime operations by lowering technical barriers and enabling broader use of online fraud techniques. Interpol Cybercrime Director Neal Jetton said AI tools, including chatbots and automated phishing services, can enable individuals with limited technical expertise to conduct online scams.

According to Interpol, phishing-as-a-service models and AI-generated content are contributing to more scalable fraud campaigns.

Interpol said organised criminal groups are increasingly using outsourced technical services and AI-supported tools in cyber-enabled fraud operations. Law enforcement officials said AI-enabled fraud may increase the scale and profitability of some cybercrime activities.

Interpol said international law enforcement cooperation is expanding in response to cross-border fraud networks and evolving cyber threats. Authorities are focusing on disrupting cross-border fraud infrastructure and strengthening national cyber capabilities as AI-driven threats continue to evolve.

Why does it matter?

AI is effectively industrialising cybercrime by reducing the skill threshold required to execute sophisticated fraud at scale. That shift expands the pool of potential attackers and increases the speed, volume, and personalisation of scams, placing sustained pressure on digital trust in financial, governmental, and communication systems.

At the same time, it forces law enforcement and cybersecurity frameworks to adapt from reactive investigation models to more proactive, intelligence-led, and cross-border coordination mechanisms to keep pace with rapidly evolving threat capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UK regulator updates online safety guidance on AI-generated intimate imagery

Ofcom has announced proposed measures intended to strengthen protections against illegal intimate image abuse online, including AI-generated explicit deepfakes and non-consensual image sharing.

The UK regulator said it is updating its Illegal Content Codes to recommend that certain online platforms use automated detection technologies to identify illegal intimate images.

According to Ofcom, hash matching systems convert images into digital identifiers that can help platforms detect repeated uploads of harmful content. Ofcom specifically referenced the StopNCII database as a recommended tool for platforms implementing the technology.

Ofcom said the measures are intended to improve protections against AI-generated intimate imagery and digitally manipulated sexual content.

The recommendations complement recent UK legislation addressing non-consensual intimate imagery and AI-enabled nudification tools.

Ofcom said the updated Illegal Content Codes are expected to enter into force in autumn 2026, subject to parliamentary approval. The regulator also said additional online safety measures under consultation may be announced later in the year.

The measures form part of the UK’s implementation of the Online Safety Act and related online safety obligations for digital platforms.

Why does it matter?

AI-generated deepfakes and synthetic sexual imagery are rapidly becoming major online safety and digital rights concerns globally. Regulators increasingly fear that existing moderation systems cannot keep pace with the scale and speed of AI-generated abuse. Ofcom’s decision illustrates how governments are beginning to shift towards mandatory or strongly encouraged proactive detection systems, particularly for highly harmful content involving intimate imagery, harassment, and exploitation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK financial regulators highlight operational risks linked to frontier AI

Bank of England, Financial Conduct Authority and HM Treasury have issued a joint statement warning regulated firms about escalating cybersecurity risks associated with frontier AI models.

The authorities said current frontier AI systems already possess cyber capabilities that may exceed those of skilled practitioners in some areas while operating at greater speed and scale. According to the statement, malicious use of these capabilities could increase risks to financial stability, market integrity, customers, and firms’ operational resilience.

UK regulators warned that firms underinvesting in cybersecurity protections may face increased exposure as more advanced AI systems emerge. The statement said regulated firms and financial market infrastructures should strengthen resilience against AI-driven cyber threats.

The guidance highlighted several priority areas, including governance, vulnerability management, third-party and supply-chain risks, data protection, network security, and recovery planning. The authorities urged boards and senior management teams to improve their understanding of frontier AI cyber risks.

Bank of England, Financial Conduct Authority and HM Treasury also warned that frontier AI models could rapidly identify and exploit vulnerabilities across complex technology estates, forcing firms to accelerate patching, remediation, and threat-detection processes. Firms were encouraged to deploy automation and AI-enabled defensive tools capable of responding at a comparable speed to emerging AI-driven attacks.

The statement additionally emphasised growing risks linked to third-party providers, open-source software dependencies, and supply-chain exposure. Regulators said firms should strengthen capabilities to identify, monitor, and manage vulnerabilities linked to third-party providers and software dependencies.

The authorities confirmed they will continue monitoring AI developments and coordinating with industry through the Cross Market Operational Resilience Group.

Why does it matter?

The financial sector increasingly depends on interconnected digital infrastructure, cloud services, AI systems, and third-party software supply chains. Frontier AI could dramatically accelerate both offensive cyber capabilities and defensive security operations, creating a rapidly evolving threat environment where traditional cybersecurity practices may no longer be sufficient.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Indian science ministry outlines AI and quantum technology priorities

India’s Ministry of Science and Technology has outlined a strategy placing AI and quantum sovereignty at the centre of future growth, according to statements by Jitendra Singh. The announcement was made during a programme hosted by the Technology Development Board.

Minister Jitendra Singh said long-term progress in deep technology depends on a coordinated national approach. The minister linked the strategy to the Research, Development and Innovation Fund scheme, which aims to expand private-sector participation in research and innovation.

According to officials, five projects were approved under the scheme in areas including battery technology, satellite systems, healthcare, and unmanned aerial systems. Initial funding disbursement has begun, alongside the release of progress reports and outlining a national quantum safe ecosystem.

Officials said post-quantum cryptography and secure digital infrastructure are emerging priorities under the National Quantum Mission. The announcements were made during a programme hosted by the Technology Development Board in New Delhi, India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.