Digital cooperation

OpenClaw vulnerabilities exposed by AI-powered code scanner

Researchers at Endor Labs identified six high- to critical vulnerabilities in the open-source AI agent framework OpenClaw using an AI-powered static application security testing engine to trace untrusted data flows. The flaws included server-side request forgery, authentication bypass, and path traversal.

The bugs affected multiple components of the agentic system, which integrates large language models with external tools and web services. Several SSRF issues were found in the gateway and authentication modules, potentially exposing internal services or cloud metadata depending on the deployment context.

Access control failures were also found in OpenClaw. A webhook handler lacked proper verification, enabling forged requests, while another flaw allowed unauthenticated access to protected functionality. Researchers confirmed exploitability with proof-of-concept demonstrations.

The team said that traditional static analysis tools struggle with modern AI software stacks, where inputs undergo multiple transformations before reaching sensitive operations. Their AI-based SAST engine preserved context across layers, tracing untrusted data from entry points to critical functions.

OpenClaw maintainers were notified through responsible disclosure and have since issued patches and advisories. Researchers argue that as AI agent frameworks expand into enterprise environments, security analysis must adapt to address both conventional vulnerabilities and AI-specific attack surfaces.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Sony targets AI music copyright use

Sony Group has developed technology designed to identify the original sources of music generated by AI. The move comes amid growing concern over the unauthorised use of copyrighted works in AI training.

According to Sony Group, the system can extract data from an underlying AI model and compare generated tracks with original compositions. The process aims to quantify how much specific works contributed to the output.

Composers, songwriters and publishers could use the technology to seek compensation from AI developers if their material was used without permission. Sony said the goal is to help ensure creators are properly rewarded.

Efforts to safeguard intellectual property have intensified across the music industry. Sony Music Entertainment in the US previously filed a copyright infringement lawsuit in 2024 over AI-generated music, underscoring wider tensions around AI and creative rights.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Enterprises rethink cloud amid digital sovereignty push

Digital sovereignty has moved to the boardroom as geopolitical tensions rise and cloud adoption accelerates. Organisations are reassessing infrastructure to protect autonomy, ensure compliance, and manage jurisdictional risk. Cloud strategy is increasingly shaped by data location, control, and resilience.

Regulations such as NIS2, DORA, and national data laws have intensified scrutiny of cross-border dependencies. Sovereignty concerns now extend beyond governments to sectors such as healthcare and finance. Vendor selection increasingly prioritises sovereign regions and stricter data controls.

Hybrid cloud remains dominant. Organisations place sensitive workloads on private platforms to strengthen oversight while retaining public cloud innovation. Large-scale repatriation is rare due to cost and complexity, though compliance pressures are driving broader multicloud diversification.

Government investment and oversight are reinforcing the shift. Sovereignty is becoming part of national resilience policy, prompting stricter audits and governance expectations. Enterprises face growing pressure to demonstrate control over critical systems, supply chains, and data flows.

A pragmatic approach, often described as minimum viable sovereignty, helps reduce exposure without unnecessary complexity. Organisations can identify critical workloads, secure enforceable vendor commitments, and plan for disruption. Early adaptation supports resilience and long-term flexibility.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Commission delays high risk AI guidance

The European Commission has confirmed it will again delay publishing guidance on high-risk AI systems under the EU AI Act. The guidelines were due by 2 February 2026, but will now follow a revised timeline.

According to Euractiv, the document is intended to clarify which AI systems fall into the high-risk category and therefore face stricter obligations. Officials said more time is needed to incorporate significant stakeholder feedback.

The delay marks the second missed deadline and adds to broader implementation setbacks surrounding the EU AI Act. Several member states have yet to designate national enforcement bodies, complicating oversight preparations.

Brussels is also considering postponing the application of high-risk rules through a digital simplification package. Parliament and Council appear supportive of moving the August deadline back by more than a year, easing pressure on companies awaiting guidance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Global privacy regulators warn of rising AI deepfake harms

Privacy regulators from around the world have issued a joint warning about the rise of AI-generated deepfakes, arguing that the spread of non-consensual images poses a global risk instead of remaining a problem confined to individual countries.

Sixty-one authorities endorsed a declaration that draws attention to AI images and videos depicting real people without their knowledge or consent.

The signatories highlight the rapid growth of intimate deepfakes, particularly those targeting children and individuals from vulnerable communities. They note that such material often circulates widely on social platforms and may fuel exploitation or cyberbullying.

The declaration argues that the scale of the threat requires coordinated action rather than isolated national responses.

European authorities, including the European Data Protection Board and the European Data Protection Supervisor, support the effort to build global cooperation.

Regulators say that only joint oversight can limit the harms caused by AI systems that generate false depictions, rather than protecting individuals’ privacy as required under frameworks such as the General Data Protection Regulation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Anthropic uncovers large-scale AI model theft operations

Three AI laboratories have been found conducting large-scale illicit campaigns to extract capabilities from Anthropic’s Claude AI, the company revealed.

DeepSeek, Moonshot, and MiniMax used around 24,000 fraudulent accounts to generate more than 16 million interactions, violating terms of service and regional access restrictions. The technique, called distillation, trains a weaker model on outputs from a stronger one, speeding AI development.

Distilled models obtained in this manner often lack critical safeguards, creating serious national security concerns. Without protections, these capabilities could be integrated into military, intelligence, surveillance, or cyber operations, potentially by authoritarian governments.

The attacks also undermine export controls designed to preserve the competitive edge of US AI technology and could give a misleading impression of foreign labs’ independent AI progress.

Each lab followed coordinated playbooks using proxy networks and large-scale automated prompts to target specific capabilities such as agentic reasoning, coding, and tool use.

Anthropic attributed the campaigns using request metadata, infrastructure indicators, and corroborating observations from industry partners. The investigation detailed how distillation attacks operate from data generation to model launch.

In response, Anthropic has strengthened detection systems, implemented stricter access controls, shared intelligence with other labs and authorities, and introduced countermeasures to reduce the effectiveness of illicit distillation.

The company emphasises that addressing these attacks will require coordinated action across the AI industry, cloud providers, and policymakers to protect frontier AI capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AWS warns of AI powered cybercrime

Amazon Web Services has revealed that a Russian-speaking threat actor used commercial AI tools to compromise more than 600 FortiGate firewalls across 55 countries. AWS described the campaign as an AI-powered assembly line for cybercrime.

According to AWS, the attacker relied on exposed management ports and weak single-factor credentials rather than exploiting software vulnerabilities. The campaign targeted FortiGate devices globally and focused on harvesting credentials and configuration data.

AWS said the potentially Russian group appeared unsophisticated but achieved scale through AI-assisted mass scanning and automation. When encountering stronger defences, the attackers reportedly shifted to easier targets rather than persist.

The company advised organisations using FortiGate appliances to secure management interfaces, change default credentials and enforce complex passwords. Amazon said it was not compromised during the campaign.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Wikipedia removes Archive.today links

Wikipedia editors have voted to remove all links to Archive.today, citing allegations that the web archive was involved in a distributed denial of service attack.

Editors said Archive.today, which also operates under domains such as archive.is and archive.ph, should not be linked because it allegedly used visitors’ browsers to target blogger Jani Patokallio. The site has also been accused of altering archived pages, raising concerns about reliability.

Archive.today had previously been blacklisted in 2013 before being reinstated in 2016. Wikipedia’s latest guidance calls for replacing Archive.today links with original sources or alternative archives such as the Wayback Machine.

The apparent owner of Archive.today denied wrongdoing in posts linked from the site and suggested the controversy had been exaggerated. Wikipedia editors nevertheless concluded that readers should not be directed to a service facing such allegations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

OpenAI model revises proof claim

OpenAI has published its attempts to solve all 10 problems in the First Proof challenge, a research-level maths test designed to assess whether AI can produce checkable, domain-specific proofs. Leading experts created the issues and require extended reasoning rather than short answers.

The company said at least five of its proof attempts are likely correct following expert feedback, although one previously confident submission has now been judged incorrect. Several other attempts remain under review as specialists continue to assess the arguments.

According to OpenAI, the evaluation involved limited human supervision, with researchers sometimes prompting the model to refine or clarify reasoning. The process included exchanges between an internal model and ChatGPT for verification, formatting and style adjustments.

OpenAI described frontier research challenges, such as First Proof, as crucial for testing next-generation AI systems. The company said it plans to deepen its engagement with academics to develop more rigorous evaluation frameworks for research-grade reasoning.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Stanford speech warns of AI tsunami

Senator Bernie Sanders has warned at Stanford University in California that the US is unprepared for the speed and scale of the AI revolution. Speaking in California alongside Congressman Ro Khanna, he called the moment one of the most dangerous in modern US history.

At Stanford University, Sanders urged a moratorium on the expansion of AI data centres to slow development while lawmakers catch up. He argued that the American public lacks a clear understanding of the economic and social impact ahead and that New York is already considering a pause.

Khanna, who represents Silicon Valley in California, rejected a complete moratorium but called for steering AI growth through renewable energy and water efficiency standards. He outlined principles to prevent wealth from being concentrated among a small group of tech billionaires.

Sanders also raised concerns in California about job losses and emotional reliance on AI, citing projections of widespread automation. He called for a national debate in the US over whether AI will benefit the public or deepen inequality.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.