Qantas hacked as airline cyber threats escalate

Qantas Airways has confirmed that personal data from 5.7 million customers was stolen in a recent cyberattack, including names, contact details and meal preferences. The airline stated that no financial or login credentials were accessed, and frequent flyer accounts remain secure.

An internal investigation found the data breach involved various levels of personal information, with 2.8 million passengers affected most severely. Meal preferences were the least common data stolen, while over a million customers lost addresses or birth dates.

Qantas has contacted affected passengers and says it offers support while monitoring the situation with cybersecurity experts. Under pressure to manage the crisis effectively, CEO Vanessa Hudson assured the public that extra security steps had been taken.

The breach is the latest in a wave of attacks targeting airlines, with the FBI warning that the hacking group Scattered Spider may be responsible. Similar incidents have recently affected carriers in the US and Canada.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

McDonald’s faces backlash over AI hiring system security failures

A major security flaw in McDonald’s AI-driven recruitment platform has exposed the personal information of potentially 64 million job applicants.

The McHire platform, developed by Paradox.ai and powered by an AI chatbot named Olivia, suffered from basic authentication vulnerabilities and lacked critical security controls.

Security researchers Ian Carroll and Sam Curry discovered they could access the system using weak default credentials—simply the username and password ‘123456’.

The incident underscores serious cybersecurity lapses in automated hiring systems and raises urgent concerns about data protection in AI-powered HR tools. McHire is designed to streamline recruitment at McDonald’s franchise locations by using AI to screen candidates, collect contact details, and assess suitability.

The chatbot Olivia interacts with applicants using natural language processing, but users have often reported issues with miscommunication and unclear prompts. As a broader shift toward automation in hiring takes shape, McHire represents an attempt to scale recruitment efforts without expanding HR staff.

However, according to the researchers’ findings, the system’s backend infrastructure—housing millions of résumés, chat logs and assessments—was critically unprotected.

After prompt injection attacks failed, the researchers focused on login mechanisms and discovered a Paradox.ai staff portal linked from the McHire homepage.

Using simple password combinations and dictionary attacks, they could access the system with the password ‘123456’, bypassing standard security protocols. More worryingly, the account lacked two-factor authentication, enabling unrestricted access to administrative tools and candidate records.

From there, the researchers found an Insecure Direct Object Reference (IDOR) vulnerability that allowed traversal of the applicant database by manipulating ID numbers.

By increasing the numeric applicant ID above 64 million, they could view multiple records containing names, email addresses, phone numbers and chat logs. Although only seven records were considered during the test, five included personally identifiable information, highlighting the scale of the exposure.

Paradox.ai insisted that only a fraction of records held sensitive data, but the researchers warned of phishing risks linked to impersonation of McDonald’s recruiters. These could be used for payroll-related scams or to harvest further private information under false pretences.

McDonald’s acknowledged the breach and expressed disappointment in its third-party provider’s handling of basic security measures.

Paradox.ai confirmed the vulnerabilities and announced a bug bounty programme to incentivise researchers to report flaws before they are exploited. The exposed account was a dormant test login created in 2019 that had never been properly turned off—evidence of poor development hygiene.

Both companies have pledged to investigate the matter further and implement stronger safeguards, as scrutiny over AI accountability in hiring continues to grow.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong eyes over 40 firms for stablecoin licences

Hong Kong is processing enquiries from more than 40 companies ahead of the implementation of its Stablecoin Bill on 1 August. The Hong Kong Monetary Authority will start accepting stablecoin licence applications under the new regulatory framework.

Notable firms preparing to apply include JD.com, Ant Group, Standard Chartered, and Circle. Industry insiders say most applicants are large mainland Chinese companies, while smaller firms often lack the operational and technical capacity required.

Use cases under consideration range from stablecoin issuance to settlement infrastructure and wallet tools enabling fiat conversion.

Hong Kong’s approach focuses on formal oversight and compliance, unlike crypto-native models used in Singapore, Japan, and the EU. Experts note that transaction costs associated with stablecoins—accounting for exchange fees, on-chain processing, and compliance—may still reach around one percent.

The city’s licensing process could set a benchmark for Asian financial centres, balancing innovation and regulatory control.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta offers $200 million to top AI talent as superintelligence race heats up

Meta has reportedly offered over $200 million in compensation to Ruoming Pang, a former senior AI engineer at Apple, as it escalates its bid to dominate the AI arms race.

The offer, which includes long-term stock incentives, far exceeded Apple’s willingness to match and is seen as one of Silicon Valley’s most aggressive poaching efforts.

The move is part of Meta’s broader campaign to build a world-class team under its new Meta Superintelligence Lab (MSL), which is focused on developing artificial general intelligence (AGI).

The division has already attracted prominent names, including ex-GitHub CEO Nat Friedman, AI investor Daniel Gross, and Scale AI co-founder Alexandr Wang, who joined as Chief AI Officer through a $14.3 billion stake deal.

Most compensation offers in the MSL reportedly rival CEO packages at global banks, but they are heavily performance-based and tied to long-term equity vesting.

Meta’s mix of base salary, signing bonuses, and high-value stock options is designed to attract and retain elite AI talent amid a fierce talent war with OpenAI, Google, and Anthropic.

OpenAI CEO Sam Altman recently claimed Meta has dangled bonuses up to $100 million to lure staff away, though he insists many stayed for cultural reasons.

Still, Meta has already hired more than 10 researchers from OpenAI and poached talent from Google DeepMind, including principal researcher Jack Rae.

The AI rivalry could come to a head as Altman and Zuckerberg meet at the Sun Valley conference this week.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI to release Chromium-based AI browser competing with Chrome

OpenAI is preparing to launch an AI-powered web browser that could challenge Google Chrome’s dominant market position. The browser is expected to debut in the coming weeks and aims to change how users interact with the web fundamentally.

The new browser will reportedly integrate AI capabilities directly into the browsing experience, allowing for more intelligent and task-driven user interactions. Instead of simply directing users to websites, the browser is designed to keep many interactions within a native ChatGPT-style interface.

If adopted by ChatGPT’s 500 million weekly users, the browser could seriously threaten Google’s ad-driven ecosystem. Chrome is critical in Alphabet’s advertising revenue, accounting for nearly three-quarters of the company’s income by collecting user data and directing traffic to Google Search.

By building its browser, OpenAI would gain more direct access to user behaviour data, improving its AI models and enabling new forms of web engagement. However, this move is part of OpenAI’s broader strategy to integrate its services into users’ personal and professional lives.

The browser will reportedly support AI ‘agents’ capable of performing tasks such as making reservations or filling out web forms automatically. These agents could operate directly within websites, making the browsing experience more seamless and productive.

While OpenAI declined to comment, sources suggest the browser is built on Google’s open-source Chromium codebase—the same foundation behind Chrome, Edge, and Opera. However, this allows OpenAI to maintain compatibility while customising user experience and data control.

Competition in the AI-powered browser space is heating up. Startups like Perplexity and Brave have already launched intelligent browsers, and The Browser Company continues to develop features for AI-driven navigation and summarisation.

Despite Chrome’s 3-billion-strong user base and over two-thirds of the browser market share, OpenAI sees an opportunity to disrupt the space. Apple’s Safari holds second place with just 16% of the global share, leaving room for new challengers.

Last year, OpenAI hired two senior Google engineers from the original Chrome team, fueling speculation that the company was eyeing the browser space. One executive even testified that OpenAI would consider buying Chrome if it were made available through antitrust divestiture.

Instead, OpenAI built its browser from the ground up, allowing greater autonomy over features, data collection, and AI integration. A source told Reuters this approach ensures better alignment with OpenAI’s goal of embedding AI across user experiences.

In addition to hardware acquisitions and agent-based interfaces, the browser represents a crucial link in OpenAI’s strategy to deepen user engagement. The company recently acquired the AI hardware firm io, co-founded by Apple’s former design chief Jony Ive, for $6.5 billion.

The browser could become the gateway for OpenAI’s AI agents like ‘Operator,’ enhancing productivity by turning passive browsing into interactive assistance. Such integration could give OpenAI a competitive edge in the evolving consumer AI landscape.

Meanwhile, Google faces legal challenges over Chrome’s central role in its ad monopoly. A US judge ruled that Google maintains an unlawful hold over online search, prompting the Department of Justice to push for divestiture of key assets, including Chrome.

OpenAI’s entry could spark a broader shift in how consumers, businesses, and advertisers engage with the internet as the browser race intensifies. With built-in AI capabilities and task automation, browsing may become a different experience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sanctions proposed on Bukele amid El Salvador’s crypto controversy

A group of US Democratic senators has proposed legislation seeking sanctions against El Salvador’s President Nayib Bukele and members of his government. The El Salvador Accountability Act targets alleged human rights abuses and Bitcoin misuse during the state of exception.

The bill calls for measures including freezing US-held assets, visa restrictions, and suspending financial aid to Bukele, his cabinet, and other government-linked individuals. It requires the US president to give annual updates on sanctions and a detailed report on El Salvador’s crypto activities.

The report must detail public Bitcoin spending, exchanges used, wallet addresses, and potential gaps enabling corruption or sanctions evasion.

President Bukele rejected the sanctions proposal, mocking the lawmakers on social media and pointing to his growing cooperation with US President Donald Trump. Their collaboration includes efforts against gangs and shared support for crypto initiatives.

Bukele’s dismissal underscores tensions between US lawmakers and El Salvador’s leadership amid ongoing geopolitical and financial debates.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU urges stronger AI oversight after Grok controversy

A recent incident involving Grok, the AI chatbot developed by xAI, has reignited European Union calls for stronger oversight of advanced AI systems.

Comments generated by Grok prompted criticism from policymakers and civil society groups, leading to renewed debate over AI governance and voluntary compliance mechanisms.

The chatbot’s responses, which circulated earlier this week, included highly controversial language and references to historical figures. In response, xAI stated that the content was removed and that technical steps were being taken to prevent similar outputs from appearing in the future.

European policymakers said the incident highlights the importance of responsible AI development. Brando Benifei, an Italian lawmaker who co-led the EU AI Act negotiations, said the event illustrates the systemic risks the new regulation seeks to mitigate.

Christel Schaldemose, a Danish member of the European Parliament and co-lead on the Digital Services Act, echoed those concerns. She emphasised that such incidents underline the need for clear and enforceable obligations for developers of general-purpose AI models.

The European Commission is preparing to release guidance aimed at supporting voluntary compliance with the bloc’s new AI legislation. This code of practice, which has been under development for nine months, is expected to be published this week.

Earlier drafts of the guidance included provisions requiring developers to share information on how they address systemic risks. Reports suggest that some of these provisions may have been weakened or removed in the final version.

A group of five lawmakers expressed concern over what they described as the last-minute removal of key transparency and risk mitigation elements. They argue that strong guidelines are essential for fostering accountability in the deployment of advanced AI models.

The incident also brings renewed attention to the Digital Services Act and its enforcement, as X, the social media platform where Grok operates, is currently under EU investigation for potential violations related to content moderation.

General-purpose AI systems, such as OpenAI’s GPT, Google’s Gemini and xAI’s Grok, will be subject to additional requirements under the EU AI Act beginning 2 August. Obligations include disclosing training data sources, addressing copyright compliance, and mitigating systemic risks.

While these requirements are mandatory, their implementation is expected to be shaped by the Commission’s voluntary code of practice. Industry groups and international stakeholders have voiced concerns over regulatory burdens, while policymakers maintain that safeguards are critical for public trust.

The debate over Grok’s outputs reflects broader challenges in balancing AI innovation with the need for oversight. The EU’s approach, combining binding legislation with voluntary guidance, seeks to offer a measured path forward amid growing public scrutiny of generative AI technologies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Perplexity launches AI browser to challenge Google Chrome

Perplexity AI, backed by Nvidia and other major investors, has launched Comet, an AI-driven web browser designed to rival Google Chrome.

The browser uses ‘agentic AI’ that performs tasks, makes decisions, and simplifies workflows in real time, offering users an intelligent alternative to traditional search and navigation.

Comet’s assistant can compare products, summarise articles, book meetings, and handle research queries through a single interface. Initially available to subscribers of Perplexity Max at US$200 per month, Comet will gradually roll out more broadly via invite during the summer.

The launch signals Perplexity’s move into the competitive browser space, where Chrome currently dominates with a 68 per cent global market share.

The company aims to challenge not only Google’s and Microsoft’s browsers but also compete with OpenAI, which recently introduced search to ChatGPT. Unlike many AI tools, Comet stores data locally and does not train on personal information, positioning itself as a privacy-first solution.

Still, Perplexity has faced criticism for using content from major media outlets without permission. In response, it launched a publisher partnership program to address concerns and build collaborative relationships with news organisations like Forbes and Dow Jones.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

X CEO Yaccarino resigns as AI controversy and Musk’s influence grow

Linda Yaccarino has stepped down as CEO of X, ending a turbulent two-year tenure marked by Musk’s controversial leadership and ongoing transformation of the social media company.

Her resignation came just one day after a backlash over offensive posts by Grok, the AI chatbot created by Musk’s xAI, which had been recently integrated into the platform.

Yaccarino, who was previously a top advertising executive at NBCUniversal, was brought on in 2023 to help stabilise the company following Musk’s $44bn acquisition.

In her farewell post, she cited efforts to improve user safety and rebuild advertiser trust, but did not provide a clear reason for her departure.

Analysts suggest growing tensions with Musk’s management style, particularly around AI moderation, may have prompted the move.

Her exit adds to the mounting challenges facing Musk’s empire.

Tesla is suffering from slumping sales and executive departures, while X remains under pressure from heavy debts and legal battles with advertisers.

Yaccarino had spearheaded ambitious initiatives, including payment partnerships with Visa and plans for an X-branded credit or debit card.

Despite these developments, X continues to face scrutiny for its rightward political shift and reliance on controversial AI tools.

Whether the company can fulfil Musk’s vision of becoming an ‘everything app’ without Yaccarino remains to be seen.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Nvidia nears $4 trillion milestone as AI boom continues

Nvidia has made financial history by nearly reaching a $4 trillion market valuation, a milestone highlighting investor confidence in AI as a powerful economic force.

Shares briefly peaked at $164.42 before closing slightly lower at $162.88, just under the record threshold. The rise underscores Nvidia’s position as the leading supplier of AI chips amid soaring demand from major tech firms.

Led by CEO Jensen Huang, the company now holds a market value larger than the economies of Britain, France, or India.

Nvidia’s growth has helped lift the Nasdaq to new highs, aided in part by improved market sentiment following Donald Trump’s softened stance on tariffs.

However, trade barriers with China continue to pose risks, including export restrictions that cost Nvidia $4.5 billion in the first quarter of 2025.

Despite those challenges, Nvidia secured a major AI infrastructure deal in Saudi Arabia during Trump’s visit in May. Innovations such as the next-generation Blackwell GPUs and ‘real-time digital twins’ have helped maintain investor confidence.

The company’s stock has risen over 21% in 2025, far outpacing the Nasdaq’s 6.7% gain. Nvidia chips are also being used by the US administration as leverage in global tech diplomacy.

While competition from Chinese AI firms like DeepSeek briefly knocked $600 billion off Nvidia’s valuation, Huang views rivalry as essential to progress. With the growing demand for complex reasoning models and AI agents, Nvidia remains at the forefront.

Still, the fast pace of AI adoption raises concerns about job displacement, with firms like Ford and JPMorgan already reporting workforce impacts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!