Cybersecurity

China and India adopt contrasting approaches to AI governance

As AI becomes central to business strategy, questions of corporate governance and regulation are gaining prominence. The study by Akshaya Kamalnath and Lin Lin examines how China and India are addressing these issues through law, policy, and corporate practice.

The paper focuses on three questions: how regulations are shaping AI and data protection in corporate governance, how companies are embedding technological expertise into governance structures, and how institutional differences influence each country’s response.

Findings suggest a degree of convergence in governance practices. Both countries have seen companies create chief technology officer roles, establish committees to manage technological risks, and disclose information about their use of AI.

In China, these measures are largely guided by central and provincial authorities, while in India, they reflect market-driven demand.

China’s approach is characterised by a state-led model that combines laws, regulations, and soft-law tools such as guidelines and strategic plans. The system is designed to encourage innovation while addressing risks in an adaptive manner.

India, by contrast, has fewer binding regulations and relies on a more flexible, principles-based model shaped by judicial interpretation and self-regulation.

Broader themes also emerge. In China, state-owned enterprises are using AI to support environmental, social, and governance (ESG) goals, while India has framed its AI strategy under the principle of ‘AI for All’ with a focus on the role of public sector organisations.

Together, these approaches underline how national traditions and developmental priorities are shaping AI governance in two of the world’s largest economies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Singapore mandates Meta to tackle scams or risk $1 million penalty

In a landmark move, Singapore police have issued their first implementation directive under the Online Criminal Harms Act (OCHA) to tech giant Meta, requiring the company to tackle scam activity on Facebook or face fines of up to $1 million.

Announced on 3 September by Minister of State for Home Affairs Goh Pei Ming at the Global Anti-Scam Summit Asia 2025, the directive targets scam advertisements, fake profiles, and impersonation of government officials, particularly Prime Minister Lawrence Wong and former Defence Minister Ng Eng Hen. The measure is part of Singapore’s intensified crackdown on government official impersonation scams (GOIS), which have surged in 2025.

According to mid-year police data, Gois cases nearly tripled to 1,762 in the first half of 2025, up from 589 in the same period last year. Financial losses reached $126.5 million, a 90% increase from 2024.
PM Wong previously warned the public about deepfake ads using his image to promote fraudulent cryptocurrency schemes and immigration services.

Meta responded that impersonation and deceptive ads violate its policies and are removed when detected. The company said it uses facial recognition to protect public figures and continues to invest in detection systems, trained reviewers, and user reporting tools.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

SCO Tianjin Summit underscores economic cooperation and security dialogue

The Shanghai Cooperation Organisation (SCO) summit in Tianjin closed with leaders adopting the Tianjin Declaration, highlighting member states’ commitment to multilateralism, sovereignty, and shared security.

The discussions emphasised economic resilience, financial cooperation, and collective responses to security challenges.

Proposals included exploring joint financial mechanisms, such as common bonds and payment systems, to shield member economies from external disruptions.

Leaders also underlined the importance of strengthening cooperation in trade and investment, with China pledging additional funding and infrastructure support across the bloc. Observers noted that these measures reflect growing interest in alternative global finance and economic governance approaches.

Security issues are prominently featured, with agreements to enhance counter-terrorism initiatives and expand existing structures such as the Regional Anti-Terrorist Structure. Delegates also called for greater collaboration against cross-border crime, drug trafficking, and emerging security risks.

At the same time, they stressed the need for political solutions to ongoing regional conflicts, including those in Ukraine, Gaza, and Afghanistan.

With its expanding membership and combined economic weight, the SCO continues to position itself as a platform for cooperation beyond traditional regional security concerns.

While challenges remain, including diverging interests among key members, the Tianjin summit indicated the bloc’s growing role in discussions on multipolar governance and collective stability.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TSMC faces curbs on shipping US tech to China

The United States has revoked Taiwan Semiconductor Manufacturing Company’s licence to ship advanced technology from America to China. The decision follows similar restrictions on South Korean firms Samsung and SK Hynix, increasing uncertainty for chipmakers operating Chinese facilities.

TSMC confirmed that Washington has notified that its authorisation will expire by the end of the year. The company said it would discuss the matter with the US government and stressed its commitment to keeping operations in China running without disruption.

The curbs are part of broader US measures to limit China’s access to advanced semiconductors. While they could complicate shipments and force suppliers to seek individual approvals, analysts suggest the direct impact on TSMC will be limited, as its sole Chinese plant in Nanjing makes older-generation chips that contribute only a small share of revenue.

Chinese customers may increasingly turn to domestic chipmakers, even if their technology lags. Such a shift could spur innovation in less performance-critical areas, while global suppliers grapple with higher costs and regulatory hurdles.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI framework Hexstrike-AI repurposed by cybercriminals for rapid attacks

Within hours of its public release, the offensive security framework Hexstrike-AI has been weaponised by threat actors to exploit zero-day vulnerabilities, most recently affecting Citrix NetScaler ADC and Gateway, within just ten minutes.

Automated agents execute actions such as scanning, exploiting CVEs and deploying webshells, all orchestrated through high-level commands like ‘exploit NetScaler’.

Researchers from CheckPoint note that attackers are now using Hexstrike-AI to achieve unauthenticated remote code execution automatically.

The AI framework’s design, complete with retry logic and resilience, makes chaining reconnaissance, exploitation and persistence seamless and more effective.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon espionage campaign revealed through global cybersecurity advisory

Intelligence and cybersecurity agencies from 13 countries, including the NSA, CISA, the UK’s NCSC and Canada’s CSIS, have jointly issued an advisory on Salt Typhoon, a Chinese state-sponsored advanced persistent threat group.

The alert highlights global intrusions into telecommunications, military, government, transport and lodging sectors.

Salt Typhoon has exploited known, unpatched vulnerabilities in network-edge appliances, such as routers and firewalls, to gain initial access. Once inside, it covertly embeds malware and employs living-off-the-land tools for persistence and data exfiltration.

The advisory also warns that stolen data from compromised ISPs can help intelligence services track global communications and movements.

It pinpoints three Chinese companies with links to the Ministry of State Security and the People’s Liberation Army as central to Salt Typhoon’s operations.

Defensive guidelines accompany the advisory, urging organisations to apply urgent firmware patches, monitor for abnormal network activity, verify firmware integrity and tighten device configurations, especially for telecom infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Experts warn of sexual and drug risks to kids from AI chatbots

A new report highlights alarming dangers from AI chatbots on platforms such as Character AI. Researchers acting as 12–15-year-olds logged 669 harmful interactions, from sexual grooming to drug offers and secrecy instructions.

Bots frequently claimed to be real humans, increasing their credibility with vulnerable users.

Sexual exploitation dominated the findings, with nearly 300 cases of adult bots pursuing romantic relationships and simulating sexual activity. Some bots suggested violent acts, staged kidnappings, or drug use.

Experts say the immersive and role-playing nature of these apps amplifies risks, as children struggle to distinguish between fantasy and reality.

Advocacy groups, including ParentsTogether Action and Heat Initiative, are calling for age restrictions, urging platforms to limit access to verified adults. The scrutiny follows a teen suicide linked to Character AI and mounting pressure on tech firms to implement effective safeguards.

OpenAI has announced parental controls for ChatGPT, allowing parents to monitor teen accounts and set age-appropriate rules.

Researchers warn that without stricter safety measures, interactive AI apps may continue exposing children to dangerous content. Calls for adult-only verification, improved filters, and public accountability are growing as the debate over AI’s impact on minors intensifies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers exploit Ethereum smart contracts to spread malware

Cybersecurity researchers have uncovered a new method hackers use to deliver malware, which hides malicious commands inside Ethereum smart contracts. ReversingLabs identified two compromised NPM packages on the popular Node Package Manager repository.

The packages, named ‘colortoolsv2’ and ‘mimelib2,’ were uploaded in July and used blockchain queries to fetch URLs that delivered downloader malware. The contracts hid command and control addresses, letting attackers evade scans by making blockchain traffic look legitimate.

Researchers say the approach marks a shift in tactics. While the Lazarus Group previously leveraged Ethereum smart contracts, the novel element uses them as hosts for malicious URLs. Analysts warn that open-source repositories face increasingly sophisticated evasion techniques.

The malicious packages formed part of a broader deception campaign involving fake GitHub repositories posing as cryptocurrency trading bots. With fabricated commits, fake user accounts, and professional-looking documentation, attackers built convincing projects to trick developers.

Experts note that similar campaigns have also targeted Solana and Bitcoin-related libraries, signalling a broader trend in evolving threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Free GPU access offered to AI startups in Taiwan

Taiwan’s new Digital Minister Lin Yi-ching has unveiled his policy agenda, putting AI development, cybersecurity and anti-fraud at the forefront.

He pledged to build on the work of his predecessor while accelerating digital government projects.

Lin said the government will support the AI industry through five key tools: computing power, data, talent, marketing and funding.

Taiwan startups will gain free GPU access, revised regulations will release non-sensitive public data, and a sovereign AI corpus will be developed.

Cybersecurity and fraud prevention are also central. Measures include DNS blocking, government SMS codes, and partnerships with platforms like Google and Line to curb scams. Lin reaffirmed the government’s commitment to the digital certificate wallet.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Jaguar Land Rover production disrupted by cyber incident

Jaguar Land Rover (JLR) has confirmed its production and retail operations were ‘severely disrupted’ due to a cyber incident, prompting a precautionary system shutdown.

The company stated there is currently ‘no evidence’ that any customer data has been compromised and assured it is working at pace to restore systems in a controlled manner.

The incident disrupted output at key UK plants, including Halewood and Solihull, led to operational bottlenecks such as halted vehicle registrations, and impacted a peak retail period following the release of ’75’ number plates.

A Telegram group named Scattered Lapsus$ Hunters, a conflation of known hacking collectives, claimed responsibility, posting what appeared to be internal logs. Cybersecurity experts caution that such claims should be viewed sceptically, as attribution via Telegram may be misleading.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!