AI is widening the cyber risk landscape and forcing security teams to rethink established safeguards. Microsoft has updated its Secure Development Lifecycle to address AI-specific threats across design, deployment and monitoring.
The updated approach reflects how AI can blur trust boundaries by combining data, tools, APIs and agents in one workflow. New attack paths include prompts, plugins, retrieved content and model updates, raising risks such as prompt injection and data poisoning.
Microsoft says policy alone cannot manage non-deterministic systems and fast iteration cycles. Guidance now centres on practical engineering patterns, tight feedback loops and cross-team collaboration between research, governance and development.
Its SDL for AI is organised around six pillars: threat research, adaptive policy, shared standards, workforce enablement, cross-functional collaboration and continuous improvement. Microsoft says the aim is to embed security into every stage of AI development.
The company also highlights new safeguards, including AI-specific threat modelling, observability, memory protections and stronger identity controls for agent workflows. Microsoft says more detailed guidance will follow in the coming months.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The British regulator, Ofcom, has released an update on its investigation into X after reports that the Grok chatbot had generated sexual deepfakes of real people, including minors.
As such, the regulator initiated a formal inquiry to assess whether X took adequate steps to manage the spread of such material and to remove it swiftly.
X has since introduced measures to limit the distribution of manipulated images, while the ICO and regulators abroad have opened parallel investigations.
The Online Safety Act does not cover all chatbot services, as regulation depends on whether a system enables user interactions, provides search functionality, or produces pornographic material.
Many AI chatbots fall partly or entirely outside the Act’s scope, limiting regulators’ ability to act when harmful content is created during one-to-one interactions.
Ofcom cannot currently investigate the standalone Grok service for producing illegal images because the Act does not cover that form of generation.
Evidence-gathering from X continues, with legally binding information requests issued to the company. Ofcom will offer X a full opportunity to present representations before any provisional findings are published.
Enforcement actions take several months, since regulators must follow strict procedural safeguards to ensure decisions are robust and defensible.
Ofcom added that people who encounter harmful or illegal content online are encouraged to report it directly to the relevant platforms. Incidents involving intimate images can be reported to dedicated services for adults or support schemes for minors.
Material that may constitute child sexual abuse should be reported to the Internet Watch Foundation.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Mozilla has confirmed that Firefox will include a built-in ‘AI kill switch‘ from version 148, allowing users to disable all AI features across the browser. The update follows earlier commitments that AI tools would remain optional as Firefox evolves into what the company describes as an AI-enabled browser.
The new controls will appear in the desktop release scheduled to begin rolling out on 24 February. A dedicated AI Controls section will allow users to turn off every AI feature at once or manage each tool individually, reflecting Mozilla’s aim to balance innovation with user choice.
At launch, Firefox 148 will introduce AI-powered translations, automatic alt text for images in PDFs, tab grouping suggestions, link previews, and an optional sidebar chatbot supporting services such as ChatGPT, Claude, Copilot, Gemini, and Le Chat Mistral.
All of these tools can be disabled through a single ‘Block AI enhancements’ toggle, which removes prompts and prevents new AI features from appearing. Mozilla has said preferences will remain in place across updates, with users able to adjust settings at any time.
The organisation said the approach is intended to give people full control over how AI appears in their browsing experience, while continuing development for those who choose to use it. Early access to the controls will also be available through Firefox Nightly.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission has missed a key deadline to issue guidance on how companies should classify high-risk AI systems under the EU AI Act, fuelling uncertainty around the landmark law’s implementation.
Guidance on Article 6, which defines high-risk AI systems and stricter compliance rules, was due by early February. Officials have indicated that feedback is still being integrated, with a revised draft expected later this month and final adoption potentially slipping to spring.
The delay follows warnings that regulators and businesses are unprepared for the act’s most complex rules, due to apply from August. Brussels has suggested delaying high-risk obligations under its Digital Omnibus package, citing unfinished standards and the need for legal clarity.
Industry groups want enforcement delayed until guidance and standards are finalised, while some lawmakers warn repeated slippage could undermine confidence in the AI Act. Critics warn further changes could deepen uncertainty if proposed revisions fail or disrupt existing timelines.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Commission plans to decide by early 2026 whether OpenAI’s ChatGPT should be classified as a vast online platform under the Digital Services Act.
OpenAI’s tool reported 120.4 million average monthly users in the EU back in October, a figure far above the 45-million threshold that triggers more onerous obligations instead of lighter oversight.
Officials said the designation procedure depends on both quantitative and qualitative assessments of how a service operates, together with input from national authorities.
The Commission is examining whether a standalone AI chatbot can fall within the scope of rules usually applied to platforms such as social networks, online marketplaces and significant search engines.
ChatGPT’s user data largely stems from its integrated online search feature, which prompts users to allow the chatbot to search the web. The Commission noted that OpenAI could voluntarily meet the DSA’s risk-reduction obligations while the formal assessment continues.
The EU’s latest wave of designations included Meta’s WhatsApp, though the rules applied only to public channels, not private messaging.
A decision on ChatGPT that will clarify how far the bloc intends to extend its most stringent online governance framework to emerging AI systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The cybercrime unit of the Paris prosecutor has raided the French office of X as part of an expanding investigation into alleged algorithm manipulation and illicit data extraction.
Authorities said the probe began in 2025 after a lawmaker warned that biassed algorithms on the platform might have interfered with automated data systems. Europol supported the operation together with national cybercrime officers.
Prosecutors confirmed that the investigation now includes allegations of complicity in circulating child sex abuse material, sexually explicit deepfakes and denial of crimes against humanity.
Elon Musk and former chief executive Linda Yaccarino have been summoned for questioning in April in their roles as senior figures of the company at the time.
The prosecutor’s office also announced its departure from X in favour of LinkedIn and Instagram, rather than continuing to use the platform under scrutiny.
X strongly rejected the accusations and described the raid as politically motivated. Musk claimed authorities should focus on pursuing sex offenders instead of targeting the company.
The platform’s government affairs team said the investigation amounted to law enforcement theatre rather than a legitimate examination of serious offences.
Regulatory pressure increased further as the UK data watchdog opened inquiries into both X and xAI over concerns about Grok producing sexualised deepfakes. Ofcom is already conducting a separate investigation that is expected to take months.
The widening scrutiny reflects growing unease around alleged harmful content, political interference and the broader risks linked to large-scale AI systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
European data and legal software stocks fell sharply after US AI startup Anthropic launched a new tool for corporate legal teams. The company said the software can automate contract reviews, compliance workflows, and document triage, while clarifying that it does not offer legal advice.
Investors reacted swiftly, sending shares in Pearson, RELX, Sage, Wolters Kluwer, London Stock Exchange Group, and Experian sharply lower. Thomson Reuters also suffered a steep decline, reflecting concern that AI tools could erode demand for traditional data-driven services.
Market commentators warned that broader adoption of AI in professional services could compress margins or bypass established providers altogether. Morgan Stanley flagged intensifying competition, while AJ Bell pointed to rising investor anxiety across the sector.
The sell-off also revived debate over AI’s impact on employment, particularly in legal and other office-based roles. Recent studies suggest the UK may face greater disruption than other large economies as companies adopt AI tools, even as productivity gains continue to rise.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The United Arab Emirates is strengthening its global tech role by treating advanced innovation as a pillar of sovereignty rather than a standalone growth driver. National strategy increasingly links technology with long-term economic resilience, security, and geopolitical relevance.
A key milestone was the launch of the UAE Advanced Technology Centre with the Technology Innovation Institute and the World Economic Forum, announced alongside the Davos gathering.
The initiative highlights the UAE’s transition from technology consumer to active participant in shaping global governance frameworks for emerging technologies.
The centre focuses on policy and governance for areas including artificial intelligence, quantum computing, biotechnology, robotics, and space-based payment systems.
Backed by a flexible regulatory environment, the UAE is promoting regulatory experimentation and translating research into real-world applications through institutions such as the Mohamed bin Zayed University of Artificial Intelligence and innovation hubs like Masdar City.
Alongside innovation, authorities are addressing rising digital risks, particularly deepfake technologies that threaten financial systems, public trust, and national security.
By combining governance, ethical standards, and international cooperation, the UAE is advancing a model of digital sovereignty that prioritises security, shared benefits, and long-term strategic independence.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Second International Submarine Cable Resilience Summit opened this week in Porto, Portugal, bringing together senior officials from governments, international organisations, and industry to address the growing risks facing the underwater cables that carry most of the world’s internet traffic. The event highlighted how submarine cables have become critical infrastructure for the global digital economy, especially as societies grow more dependent on cloud services, AI, and cross-border data flows.
Opening the summit, Ambassador João Mira Gomes, Permanent Representative of Portugal to the United Nations Office at Geneva, explained that Portugal’s infrastructure minister was absent due to ongoing storm recovery efforts, underlining the real-world pressures facing critical infrastructure today. He recalled Portugal’s long history in global connectivity, noting that one of the earliest submarine cables linking Portugal and the United Kingdom was built to support the port wine trade, a reminder that communication networks and economic exchange have long evolved together.
Professor Sandra Maximiano, co-chair of the International Advisory Body for Submarine Cable Resilience, placed the discussions in a broader historical context. She pointed to the creation of the International Telecommunication Union in 1865 as the first global organisation dedicated to managing international communications, stressing that cooperation on submarine cables has always been a ‘positive-sum game’ in which all countries benefit from shared rules and coordination.
Maximiano also highlighted Portugal’s strategic role as a cable hub, citing its extensive coastline, large exclusive economic zone, and favourable landing conditions connecting Europe, the Americas, Africa, and Asia. She outlined key projects such as the Atlantic CAM system linking mainland Portugal with Madeira and the Azores using a resilient ring design and smart cable technology that combines telecommunications with seismic and oceanographic monitoring. Existing and planned systems, she said, are not just data pipelines but foundations for innovation, scientific cooperation, and strategic autonomy.
A major outcome of the summit was the adoption of the Porto Declaration on Submarine Cable Resilience, developed with input from more than 150 experts worldwide. The declaration sets out practical guidance to improve permitting and repair processes, strengthen legal frameworks, promote route diversity and risk mitigation, and enhance capacity-building, with special attention to the needs of small island states and developing countries.
ITU Secretary-General Doreen Bogdan-Martin framed these efforts within a rapidly changing digital landscape, announcing that 2026 will be designated the ‘year of resilience.’ She warned that the scale of global digital dependence has transformed the impact of cable disruptions, as even minor outages can ripple across AI systems, cloud platforms, and autonomous services. Resilience, she argued, now depends as much on international coordination and preparedness as on cable design itself.
From the European Union perspective, European Commission Vice-President Henna Virkkunen outlined upcoming EU measures, including a submarine cable security toolbox and targeted funding through the Connecting Europe Facility. She stressed the importance of regional coordination and praised Portugal’s active role in aligning EU initiatives with global efforts led by the ITU.
Closing the opening session, Ambassador Gomes linked cable resilience to broader goals of development and peace, warning that digital divides fuel inequality and instability, and reaffirming Portugal’s commitment to international cooperation and capacity-building as the summit moves the global conversation from policy to action.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
OpenAI faced a wave of global complaints after many users struggled to access ChatGPT.
Reports began circulating in the US during the afternoon, with outage cases climbing to more than 12.000 in less than half an hour. Social media quickly filled with questions from people trying to determine whether the disruption was widespread or a local glitch.
Also, users in the UK reported complete failure to generate responses, yet access returned when they switched to a US-based VPN.
Other regions saw mixed results, as VPNs in Ireland, Canada, India and Poland allowed ChatGPT to function, although replies were noticeably slower instead of consistent.
OpenAI later confirmed that several services were experiencing elevated errors. Engineers identified the source of the disruption, introduced mitigations and continued monitoring the recovery.
The company stressed that users in many regions might still experience intermittent problems while the system stabilises rather than operating at full capacity.
In the following update, OpenAI announced that its systems were fully operational again.
The status page indicated that the affected services had recovered, and engineers were no longer aware of active issues. The company added that the underlying fault was addressed, with further safeguards being developed to prevent similar incidents.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
