Digital business models

EU finalises AI code as 2025 compliance deadline approaches

The European Commission has released its finalised Code of Practice for general-purpose AI models, laying the groundwork for implementing the landmark AI Act. The new Code sets out transparency, copyright, and safety rules that developers must follow before deadlines.

Approved in March 2024 and effective from August, the AI Act introduces the EU’s first binding rules for AI. It bans high-risk applications such as real-time biometric surveillance, predictive policing, and emotion recognition in schools or workplaces.

Stricter obligations will apply to general-purpose models from August 2025, including mandatory documentation of training data, provided this does not violate intellectual property or trade secrets.

The Code of Practice, developed by experts with input from over 1,000 stakeholders, aims to guide AI providers through the AI Act’s requirements. It mandates model documentation, lawful content sourcing, risk management protocols, and a point of contact for copyright complaints.

However, industry voices, including the CCIA, have criticised the Code, saying it disproportionately burdens AI developers.

Member States and the European Commission will assess the effectiveness of the Code in the coming months. From August 2026, enforcement will begin for existing models, while new ones will be subject to the rules a year earlier.

The Commission says these steps are vital to ensure GPAI models are safe, transparent, and rights-respecting across the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Grok chatbot relies on Musk’s views instead of staying neutral

Grok, the AI chatbot owned by Elon Musk’s company xAI, appears to search for Musk’s personal views before answering sensitive or divisive questions.

Rather than relying solely on a balanced range of sources, Grok has been seen citing Musk’s opinions when responding to topics like Israel and Palestine, abortion, and US immigration.

Evidence gathered from a screen recording by data scientist Jeremy Howard shows Grok actively ‘considering Elon Musk’s views’ in its reasoning process. Out of 64 citations Grok provided about Israel and Palestine, 54 were linked to Musk.

Others confirmed similar results when asking about abortion and immigration laws, suggesting a pattern.

While the behaviour might seem deliberate, some experts believe it happens naturally instead of through intentional programming. Programmer Simon Willison noted that Grok’s system prompt tells it to avoid media bias and search for opinions from all sides.

Yet, Grok may prioritise Musk’s stance because it ‘knows’ its owner, especially when addressing controversial matters.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft and Salesforce use AI to cut costs and reshape workforce

Microsoft is reporting substantial productivity improvements across its operations, thanks to the growing integration of AI tools in daily workflows.

Judson Althoff, the company’s chief commercial officer, stated during a recent presentation that AI contributed to savings of over $500 million in Microsoft’s call centres last year alone.

The technology has reportedly improved employee and customer satisfaction while supporting operations in sales, customer service, and software engineering. Microsoft is also now using AI to handle interactions with smaller clients, streamlining engagement without significantly expanding headcount.

The developments follow Microsoft’s decision to lay off over 9,000 employees last week, marking the third round of cuts in 2024 and bringing the total to around 15,000.

Although it remains unclear whether automation directly replaced job losses, CEO Satya Nadella has previously stated that AI now generates 20 to 30 percent of the code in Microsoft repositories.

Similar shifts occur at Salesforce, where CEO Marc Benioff has openly acknowledged AI’s growing role in company operations and resource planning.

During a recent analyst call, Robin Washington, Salesforce’s CFO and COO confirmed that hiring has slowed, and 500 customer service roles have been reassigned internally.

The adjustment is expected to result in cost savings of $50 million, as the company focuses on optimising operations through digital transformation. Benioff also disclosed that AI performs between 30 and 50 percent of work previously handled by staff, contributing to workforce realignment.

Companies across the tech sector are rapidly adopting AI to improve efficiency, even as the broader implications for employment and labour markets continue to emerge.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Germany’s top banks move into crypto with regulated services

Some of Germany’s largest banks are set to enter the crypto market with fully regulated custody and trading services.

Deutsche Bank, Sparkassen-Finanzgruppe, and Volksbanken Raiffeisenbanken are building platforms aimed at institutional and retail clients, signalling a significant shift for conservative institutions.

These developments follow the EU’s Markets in Crypto‑Assets Regulation (MiCA), which took effect in 2025 and provides clear legal frameworks across Europe.

Deutsche Bank is developing an institutional crypto custody service with Bitpanda and Taurus compliant with BaFin and MiCA regulations. Meanwhile, Sparkassen-Finanzgruppe plans to embed retail crypto trading within its Sparkasse app, reaching nearly 50 million users by mid-2026.

Volksbanken Raiffeisenbanken are piloting compliant trading and custody services through collaborations with Börse Stuttgart Digital and Atruvia.

Deutsche Bank is also developing Project DAMA 2, an Ethereum layer-2 solution for tokenising assets and future bank-issued stablecoins. As major banks adopt crypto, Germany could lead an EU-wide shift to regulated digital assets, ending crypto’s unregulated early phase.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Qantas hacked as airline cyber threats escalate

Qantas Airways has confirmed that personal data from 5.7 million customers was stolen in a recent cyberattack, including names, contact details and meal preferences. The airline stated that no financial or login credentials were accessed, and frequent flyer accounts remain secure.

An internal investigation found the data breach involved various levels of personal information, with 2.8 million passengers affected most severely. Meal preferences were the least common data stolen, while over a million customers lost addresses or birth dates.

Qantas has contacted affected passengers and says it offers support while monitoring the situation with cybersecurity experts. Under pressure to manage the crisis effectively, CEO Vanessa Hudson assured the public that extra security steps had been taken.

The breach is the latest in a wave of attacks targeting airlines, with the FBI warning that the hacking group Scattered Spider may be responsible. Similar incidents have recently affected carriers in the US and Canada.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

McDonald’s faces backlash over AI hiring system security failures

A major security flaw in McDonald’s AI-driven recruitment platform has exposed the personal information of potentially 64 million job applicants.

The McHire platform, developed by Paradox.ai and powered by an AI chatbot named Olivia, suffered from basic authentication vulnerabilities and lacked critical security controls.

Security researchers Ian Carroll and Sam Curry discovered they could access the system using weak default credentials—simply the username and password ‘123456’.

The incident underscores serious cybersecurity lapses in automated hiring systems and raises urgent concerns about data protection in AI-powered HR tools. McHire is designed to streamline recruitment at McDonald’s franchise locations by using AI to screen candidates, collect contact details, and assess suitability.

The chatbot Olivia interacts with applicants using natural language processing, but users have often reported issues with miscommunication and unclear prompts. As a broader shift toward automation in hiring takes shape, McHire represents an attempt to scale recruitment efforts without expanding HR staff.

However, according to the researchers’ findings, the system’s backend infrastructure—housing millions of résumés, chat logs and assessments—was critically unprotected.

After prompt injection attacks failed, the researchers focused on login mechanisms and discovered a Paradox.ai staff portal linked from the McHire homepage.

Using simple password combinations and dictionary attacks, they could access the system with the password ‘123456’, bypassing standard security protocols. More worryingly, the account lacked two-factor authentication, enabling unrestricted access to administrative tools and candidate records.

From there, the researchers found an Insecure Direct Object Reference (IDOR) vulnerability that allowed traversal of the applicant database by manipulating ID numbers.

By increasing the numeric applicant ID above 64 million, they could view multiple records containing names, email addresses, phone numbers and chat logs. Although only seven records were considered during the test, five included personally identifiable information, highlighting the scale of the exposure.

Paradox.ai insisted that only a fraction of records held sensitive data, but the researchers warned of phishing risks linked to impersonation of McDonald’s recruiters. These could be used for payroll-related scams or to harvest further private information under false pretences.

McDonald’s acknowledged the breach and expressed disappointment in its third-party provider’s handling of basic security measures.

Paradox.ai confirmed the vulnerabilities and announced a bug bounty programme to incentivise researchers to report flaws before they are exploited. The exposed account was a dormant test login created in 2019 that had never been properly turned off—evidence of poor development hygiene.

Both companies have pledged to investigate the matter further and implement stronger safeguards, as scrutiny over AI accountability in hiring continues to grow.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong eyes over 40 firms for stablecoin licences

Hong Kong is processing enquiries from more than 40 companies ahead of the implementation of its Stablecoin Bill on 1 August. The Hong Kong Monetary Authority will start accepting stablecoin licence applications under the new regulatory framework.

Notable firms preparing to apply include JD.com, Ant Group, Standard Chartered, and Circle. Industry insiders say most applicants are large mainland Chinese companies, while smaller firms often lack the operational and technical capacity required.

Use cases under consideration range from stablecoin issuance to settlement infrastructure and wallet tools enabling fiat conversion.

Hong Kong’s approach focuses on formal oversight and compliance, unlike crypto-native models used in Singapore, Japan, and the EU. Experts note that transaction costs associated with stablecoins—accounting for exchange fees, on-chain processing, and compliance—may still reach around one percent.

The city’s licensing process could set a benchmark for Asian financial centres, balancing innovation and regulatory control.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta offers $200 million to top AI talent as superintelligence race heats up

Meta has reportedly offered over $200 million in compensation to Ruoming Pang, a former senior AI engineer at Apple, as it escalates its bid to dominate the AI arms race.

The offer, which includes long-term stock incentives, far exceeded Apple’s willingness to match and is seen as one of Silicon Valley’s most aggressive poaching efforts.

The move is part of Meta’s broader campaign to build a world-class team under its new Meta Superintelligence Lab (MSL), which is focused on developing artificial general intelligence (AGI).

The division has already attracted prominent names, including ex-GitHub CEO Nat Friedman, AI investor Daniel Gross, and Scale AI co-founder Alexandr Wang, who joined as Chief AI Officer through a $14.3 billion stake deal.

Most compensation offers in the MSL reportedly rival CEO packages at global banks, but they are heavily performance-based and tied to long-term equity vesting.

Meta’s mix of base salary, signing bonuses, and high-value stock options is designed to attract and retain elite AI talent amid a fierce talent war with OpenAI, Google, and Anthropic.

OpenAI CEO Sam Altman recently claimed Meta has dangled bonuses up to $100 million to lure staff away, though he insists many stayed for cultural reasons.

Still, Meta has already hired more than 10 researchers from OpenAI and poached talent from Google DeepMind, including principal researcher Jack Rae.

The AI rivalry could come to a head as Altman and Zuckerberg meet at the Sun Valley conference this week.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI to release Chromium-based AI browser competing with Chrome

OpenAI is preparing to launch an AI-powered web browser that could challenge Google Chrome’s dominant market position. The browser is expected to debut in the coming weeks and aims to change how users interact with the web fundamentally.

The new browser will reportedly integrate AI capabilities directly into the browsing experience, allowing for more intelligent and task-driven user interactions. Instead of simply directing users to websites, the browser is designed to keep many interactions within a native ChatGPT-style interface.

If adopted by ChatGPT’s 500 million weekly users, the browser could seriously threaten Google’s ad-driven ecosystem. Chrome is critical in Alphabet’s advertising revenue, accounting for nearly three-quarters of the company’s income by collecting user data and directing traffic to Google Search.

By building its browser, OpenAI would gain more direct access to user behaviour data, improving its AI models and enabling new forms of web engagement. However, this move is part of OpenAI’s broader strategy to integrate its services into users’ personal and professional lives.

The browser will reportedly support AI ‘agents’ capable of performing tasks such as making reservations or filling out web forms automatically. These agents could operate directly within websites, making the browsing experience more seamless and productive.

While OpenAI declined to comment, sources suggest the browser is built on Google’s open-source Chromium codebase—the same foundation behind Chrome, Edge, and Opera. However, this allows OpenAI to maintain compatibility while customising user experience and data control.

Competition in the AI-powered browser space is heating up. Startups like Perplexity and Brave have already launched intelligent browsers, and The Browser Company continues to develop features for AI-driven navigation and summarisation.

Despite Chrome’s 3-billion-strong user base and over two-thirds of the browser market share, OpenAI sees an opportunity to disrupt the space. Apple’s Safari holds second place with just 16% of the global share, leaving room for new challengers.

Last year, OpenAI hired two senior Google engineers from the original Chrome team, fueling speculation that the company was eyeing the browser space. One executive even testified that OpenAI would consider buying Chrome if it were made available through antitrust divestiture.

Instead, OpenAI built its browser from the ground up, allowing greater autonomy over features, data collection, and AI integration. A source told Reuters this approach ensures better alignment with OpenAI’s goal of embedding AI across user experiences.

In addition to hardware acquisitions and agent-based interfaces, the browser represents a crucial link in OpenAI’s strategy to deepen user engagement. The company recently acquired the AI hardware firm io, co-founded by Apple’s former design chief Jony Ive, for $6.5 billion.

The browser could become the gateway for OpenAI’s AI agents like ‘Operator,’ enhancing productivity by turning passive browsing into interactive assistance. Such integration could give OpenAI a competitive edge in the evolving consumer AI landscape.

Meanwhile, Google faces legal challenges over Chrome’s central role in its ad monopoly. A US judge ruled that Google maintains an unlawful hold over online search, prompting the Department of Justice to push for divestiture of key assets, including Chrome.

OpenAI’s entry could spark a broader shift in how consumers, businesses, and advertisers engage with the internet as the browser race intensifies. With built-in AI capabilities and task automation, browsing may become a different experience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Sanctions proposed on Bukele amid El Salvador’s crypto controversy

A group of US Democratic senators has proposed legislation seeking sanctions against El Salvador’s President Nayib Bukele and members of his government. The El Salvador Accountability Act targets alleged human rights abuses and Bitcoin misuse during the state of exception.

The bill calls for measures including freezing US-held assets, visa restrictions, and suspending financial aid to Bukele, his cabinet, and other government-linked individuals. It requires the US president to give annual updates on sanctions and a detailed report on El Salvador’s crypto activities.

The report must detail public Bitcoin spending, exchanges used, wallet addresses, and potential gaps enabling corruption or sanctions evasion.

President Bukele rejected the sanctions proposal, mocking the lawmakers on social media and pointing to his growing cooperation with US President Donald Trump. Their collaboration includes efforts against gangs and shared support for crypto initiatives.

Bukele’s dismissal underscores tensions between US lawmakers and El Salvador’s leadership amid ongoing geopolitical and financial debates.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot