Digital cooperation

Mixpanel breach exposes limited OpenAI API metadata

OpenAI says a security incident at Mixpanel exposed limited metadata linked to the API interface. Mixpanel’s systems, not OpenAI’s, were compromised during the intrusion. No chat content, passwords, API keys, or payment information was affected.

Mixpanel told OpenAI that an attacker exported a dataset containing basic user profile fields. The information includes names, email addresses, coarse location data, and browser details. OpenAI has removed Mixpanel from production and is notifying impacted users.

OpenAI maintains that its internal infrastructure remains secure with no evidence of unauthorised access. Wider reviews across the vendor ecosystem are underway to assess potential risks. The company has raised security requirements for partners and continues to monitor for misuse.

Security teams warn that the leaked data could fuel phishing or social-engineering attempts. Users are urged to treat unsolicited messages with caution and verify communications sent under the OpenAI name. Multi-factor authentication remains strongly recommended for all accounts as an added safeguard.

OpenAI reiterates that trust and privacy remain core to its products and operations. The organisation has ended its use of Mixpanel and is reviewing supporting services to prevent similar issues. Impacted organisations will receive direct notifications as the investigation continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase Ventures reveals top areas to watch in 2026

Coinbase Ventures has shared the ideas its team is most excited about for 2026, highlighting areas with high potential for innovation in crypto and blockchain. Key sectors include asset tokenisation, specialised exchanges, next-generation DeFi, and AI-driven robotics.

The firm is actively seeking teams to invest in these emerging opportunities.

Perpetual contracts on real-world assets are set to expand, enabling synthetic exposure to private companies, commodities, and macroeconomic data. Specialised exchanges and trading terminals aim to consolidate liquidity, protect market makers, and improve the prediction market user experience.

Next-gen DeFi will expand with composable perpetual markets, unsecured lending, and privacy-focused applications. These developments could redefine capital efficiency, financial infrastructure, and user confidentiality across the ecosystem.

AI and robotics are also a focus, with projects targeting advanced robotic data collection, proof-of-humanity solutions, and AI-driven innovative contract development. Coinbase Ventures emphasises the potential for these technologies to accelerate on-chain adoption and innovation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU prepares tougher oversight for crypto operators

EU regulators are preparing for a significant shift in crypto oversight as new rules take effect on 1 January 2026. Crypto providers must report all customer transactions and holdings in a uniform digital format, giving tax authorities broader visibility across the bloc.

The DAC8 framework brings mandatory cross-border data sharing, a centralised operator register and unique ID numbers for each reporting entity. These measures aim to streamline supervision and enhance transparency, even though data on delisted firms must be preserved for up to twelve months.

Privacy concerns are rising as the new rules expand the travel rule for transfers above €1,000 and introduce possible ownership checks on private wallets. Combined with MiCA and upcoming AML rules, regulators gain deeper insight into user behaviour, wallet flows and platform operations.

Plans for ESMA to oversee major exchanges are facing pushback from smaller financial hubs, which are concerned about higher compliance costs and reduced competitiveness. Supporters argue that unified supervision is necessary to prevent regulatory gaps and reinforce market integrity across the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

London councils activate emergency plans after serious cyber attack

The Royal Borough of Kensington and Chelsea has activated emergency response plans after a cyberattack disrupted council systems in west London.

Westminster City Council and Hammersmith and Fulham Council are also affected through joint arrangements, with the National Crime Agency and the National Cyber Security Centre, led by GCHQ, leading the investigation. Staff in some areas have been advised to work from home while parts of the network stay offline as a precaution.

An internal memo shows that sections of the network remain closed and that a full return of affected systems is not expected for several days. Phone lines and online forms may face disruption, although alternative contact numbers are available on the council website.

Cybersecurity specialist Nathan Webb advised residents to be cautious about emails or calls referencing the incident, as attackers frequently exploit public attention surrounding a breach to launch scams.

He added that identifying any external supplier involved is essential so that other clients can secure their own systems. Forescout expert Rik Ferguson said the case demonstrates how shared digital services can allow a breach to spread risk across multiple organisations.

Councils have praised the overnight work by IT teams, but are not disclosing technical details while the investigation continues.

BBC cyber correspondent Joe Tidy said taking servers offline is an extreme step usually used for significant incidents. He pointed to the Co-op case earlier this year, where the company also disconnected systems, but only after hackers had already taken data from 6.5 million people.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

New phishing kit targets Microsoft 365 users

Researchers have uncovered a large phishing operation, known as Quantum Route Redirect (QRR), that creates fake Microsoft 365 login pages across nearly 1,000 domains. The campaign uses convincing email lures, including DocuSign notices and payment alerts, to steal user credentials.

QRR operations have reached 90 countries, with US users hit hardest. Analysts say the platform evades scanners by sending bots to safe pages while directing real individuals to credential-harvesting sites on compromised domains.

The kit emerged shortly after Microsoft disrupted the RaccoonO365 network, which had stolen thousands of accounts. Similar tools, such as VoidProxy and Darcula, have appeared; yet, QRR stands out for its automation and ease of use, which enable rapid, large-scale attacks.

Cybersecurity experts warn that URL scanning alone can no longer stop such operations. Organisations are urged to adopt layered protection, stronger sign-in controls and behavioural monitoring to detect scams that increasingly mimic genuine Microsoft systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

As AI agents proliferate, human purpose is being reconsidered

As AI agents rapidly evolve from tools to autonomous actors, experts are raising existential questions about human value and purpose.

These agents, equipped with advanced reasoning and decision-making capabilities, can now complete entire workflows with minimal human intervention.

The report notes that in corporate settings, AI agents are already being positioned to handle tasks such as client negotiations, quote generation, project coordination, or even strategic decision support. Some proponents foresee these agents climbing organisational charts, potentially serving as virtual CFOs or CEOs.

At the same time, sceptics warn that such a shift could hollow out traditional human roles. Research from McKinsey Global Institute suggests that while many human skills remain relevant, the nature and context of work will change significantly, with humans increasingly collaborating with AI rather than directly doing classical tasks.

The questions this raises extend beyond economics and efficiency: they touch on identity, dignity, and social purpose. If AI can handle optimisation and execution, what remains uniquely human, and how will societies value those capacities?

Some analysts suggest we shift from valuing output to valuing emotional leadership, creativity, ethical judgement and human connection.

The rise of AI agents thus invites a critical rethink of labour, value, and our roles in an AI-augmented world. As debates continue, it may become ever more crucial to define what we expect from people, beyond productivity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Staffordshire Police trials AI agents on its 101 line

Staffordshire Police will trial AI-powered ‘agents’ on its 101 non-emergency service early next year, according to a recent BBC report.

The technology, known as Agentforce, is designed to resolve simple information requests without human intervention, allowing call handlers to focus on more complex or urgent cases. The force said the system aims to improve contact centre performance after past criticism over long wait times.

Senior officers explained that the AI agent will support queries where callers are seeking information rather than reporting crimes. If keywords indicating risk or vulnerability are detected, the system will automatically route the call to a human operator.

Thames Valley Police is already using the technology and has given ‘very positive reports’, according to acting Chief Constable Becky Riggs.

The force’s current average wait for 101 calls is 3.3 minutes, a marked improvement on the previous 7.1-minute average. Abandonment rates have also fallen from 29.2% to 18.7%. However, Commissioner Ben Adams noted that around eight percent of callers still wait over an hour.

UK officers say they have been calling back those affected, both to apologise and to gather ‘significant intelligence’ that has strengthened public confidence in the system.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fragmented rules complicate South Africa green tech transfer

South Africa is betting on green technology to drive development while cutting emissions. Overlapping laws and strategies create a complex, sometimes conflicting environment for investors and innovators. Analysts warn that fragmentation slows both climate action and the just transition.

Flagship measures, such as the Climate Change Act and the Just Energy Transition Investment Plan, anchor long-term goals. The government aims to mobilise around R1.5 trillion, including an initial R8.5 billion in catalytic finance.

Funding targets power generation, new energy vehicles and green hydrogen, with private capital expected to follow. Renewable Energy Independent Power Producer projects showcase successful public-private partnerships that attracted significant foreign and domestic investment.

Localisation rules, special economic zones and tariff tweaks seek to build manufacturing capacity and transfer skills. Critics argue that strict content quotas and data localisation can delay projects and deter prospective investors.

Observers say harmonised policies, clearer incentives and stronger coordination across sectors are essential for effective green technology transfer. Greater collaboration between the South African government, businesses, and universities could translate promising pilots into climate-resilient industries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Online platforms face new EU duties on child protection

The EU member states have endorsed a position for new rules to counter child sexual abuse online. The plan introduces duties for digital services to prevent the spread of abusive material. It also creates an EU Centre to coordinate enforcement and support national authorities.

Service providers must assess how their platforms could be misused and apply mitigation measures. These may include reporting tools, stronger privacy defaults for minors, and controls over shared content. National authorities will review these steps and can order additional action where needed.

A three-tier risk system will categorise services as high, medium, or low risk. High-risk platforms may be required to help develop protective technologies. Providers that fail to comply with obligations could face financial penalties under the regulation.

Victims will be able to request the removal or disabling of abusive material depicting them. The EU Centre will verify provider responses and maintain a database to manage reports. It will also share relevant information with Europol and law enforcement bodies.

The Council supports extending voluntary scanning for abusive content beyond its current expiry. Negotiations with the European Parliament will now begin on the final text. The Parliament adopted its position in 2023 and will help decide the Centre’s location.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Australia strengthens parent support for new social media age rules

Yesterday, Australia entered a new phase of its online safety framework after the introduction of the Social Media Minimum Age policy.

eSafety has established a new Parent Advisory Group to support families as the country transitions to enhanced safeguards for young people. The group held its first meeting, with the Commissioner underlining the need for practical and accessible guidance for carers.

The initiative brings together twelve organisations representing a broad cross-section of communities in Australia, including First Nations families, culturally diverse groups, parents of children with disability and households in regional areas.

Their role is to help eSafety refine its approach, so parents can navigate social platforms with greater confidence, rather than feeling unsupported during rapid regulatory change.

A group that will advise on parent engagement, offer evidence-informed insights and test updated resources such as the redeveloped Online Safety Parent Guide.

Their advice will aim to ensure materials remain relevant, inclusive and able to reach priority communities that often miss out on official communications.

Members will serve voluntarily until June 2026 and will work with eSafety to improve distribution networks and strengthen the national conversation on digital literacy. Their collective expertise is expected to shape guidance that reflects real family experiences instead of abstract policy expectations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!