Digital identities

Non-human identities gain importance in cloud and AI security

As organisations expand across cloud environments, non-human identities are becoming a critical component of modern cybersecurity strategies. Managing machine identities and their associated secrets is increasingly central to reducing risk and improving AI-driven threat detection.

As digital infrastructure grows, machine identities function as secure access credentials for applications, services, and automated processes. Effective governance can reduce vulnerabilities, improve compliance, and streamline operations across sectors such as finance and healthcare.

Integrating non-human identities into AI security frameworks enables more contextual anomaly detection and improved visibility into network behaviour. Rather than relying solely on static scanning, organisations can adopt adaptive models that enhance predictive threat response.

Challenges remain, particularly around coordination between security, DevOps, and research teams. Gaps in collaboration and limited awareness of identity lifecycle management can create blind spots that weaken overall cyber resilience.

Automation is increasingly seen as essential for scaling non-human identity management. By automating secrets rotation, certificate renewal, and access reviews, organisations can strengthen governance while enabling security teams to focus on higher-value strategic priorities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

A new bill aims to formalise crypto taxation in Turkey

Turkey’s ruling AK Party has introduced a bill in parliament to formalise cryptocurrency taxation and revise key tax and spending rules. The legislation links crypto taxation to Turkey’s Capital Markets Law and sets a clear framework for digital assets.

Under the proposal, regulated crypto platforms would withhold a 10% tax on gains quarterly, applicable to both individuals and companies, residents and non-residents. Transaction service providers are subject to a 0.03% tax, and investors on unlicensed platforms must declare gains annually.

The president would have the authority to adjust the withholding tax between 0% and 20%, depending on factors such as token type, holding period, issuer, or wallet type. Exemptions include VAT-free crypto deliveries and corporate tax changes for foundation university hospitals from 2027.

If approved, the crypto taxation provisions would take effect two months after publication, signalling Turkey’s first formal steps to regulate digital assets and integrate them into the national tax system.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft reveals OAuth redirection abuse powering new phishing attempts

Researchers at Microsoft have identified phishing activity that abuses legitimate OAuth redirection behaviour instead of relying on credential theft.

Threat actors create malicious applications within attacker-controlled tenants and configure redirect pages that lead victims from trusted authentication domains to malware-delivery sites.

A technique that has been used against government and public-sector organisations and is designed to bypass email and browser defences by embedding URLs that appear genuine.

The attack begins with lures themed around documents, financial matters or meeting requests, each containing OAuth URLs crafted to trigger silent authentication.

Validation errors, session checks and Conditional Access evaluations provide attackers with information about session status without granting access to tokens, yet still deliver the victim to a malicious landing page.

Once redirected, victims encounter phishing frameworks or are served ZIP files containing shortcut files and HTML-based loaders. These PowerShell commands launch system discovery and extract files used for DLL side-loading.

Executing a legitimate process allows a malicious DLL to load unseen, decrypt the final payload and establish a connection to a remote command-and-control server for hands-on keyboard activity.

Microsoft Entra has removed identified malicious OAuth applications, although related activity continues to appear.

Microsoft emphasises that OAuth redirection follows standards such as RFC 6749 and RFC 9700, meaning attackers cannot exploit normal protocol behaviour instead of software vulnerabilities.

Stronger governance of OAuth applications, tighter consent controls and cross-domain monitoring are required to prevent trusted authentication flows from being turned into delivery paths for phishing and malware.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Deutsche Telekom and Nokia advance open and AI-native RAN

Nokia and Deutsche Telekom have expanded their collaboration to advance cloud-based, disaggregated, and AI-native RAN technologies. The strengthened Innovation Cooperation Program deepens joint work in Cloud RAN, open interfaces, and next-generation solutions.

The partnership builds on years of cooperation focused on open and flexible architectures. Both companies said the expanded effort aims to improve network efficiency, programmability, and long-term operational value for service providers.

Work on Open Fronthaul integration is being intensified following earlier multivendor deployments in Germany linking Nokia baseband units with O-RAN-compliant radios. Additional integrations covering Open Fronthaul and Cloud RAN are progressing within confidential development programmes.

The companies are also advancing O-RAN-aligned management capabilities through open O1 interfaces and deeper integration of configuration management. A vendor-independent Service Management and Orchestration platform remains central to Deutsche Telekom’s multivendor RAN strategy.

Nokia will act as Deutsche Telekom’s strategic co-creation partner for AI-native RAN development. Joint efforts will focus on AI-powered receivers, adaptive beamforming, predictive optimisation, and lab and field validation to support intelligent, autonomous mobile networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Claude AI experiences temporary global outage

Anthropic’s AI chatbot, Claude, experienced a global outage, leaving users unable to access the platform. Visitors reported error messages indicating the system had broken down, though the company said it was working to resolve the issue.

The Claude API, used by other websites to integrate the chatbot, remained operational. Anthropic confirmed that the outage was limited to the Claude web interface and did not affect other integrations, emphasising that engineers were actively resolving the issue.

The outage, tracked by Down Detector, began around noon in the UK and affected users worldwide. Messages on the platform reassured users that Claude would return soon and that the problem had been identified and was being fixed.

The interruption comes at a sensitive time for Anthropic, as the company navigates heightened attention surrounding access to its Claude AI system. The situation unfolds amid broader discussions about the role of advanced AI tools in defence contexts, with industry players facing increasing scrutiny over their policies and partnerships.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU pressures Meta over alleged smart glasses privacy breaches

Lawmakers in the European Parliament are pressing the European Commission for clarity after reports that Meta’s smart glasses recorded people in intimate moments without their knowledge.

Concerns intensified when Swedish outlets reported that Ray-Ban AI glasses captured and uploaded sensitive footage in violation of strict consent requirements under the EU’s General Data Protection Regulation.

The reports indicate that personal data from EU users was sent to Sama, a third-party contractor, in Kenya for human review. Annotators working there said they viewed images of individuals changing clothes and believed the recordings were taken without consent.

They added that Meta’s attempts to blur faces or apply other safeguards failed often enough to expose identifiable material instead of ensuring proper anonymisation.

EU privacy law requires clear information and consent before collecting and processing personal data, and additional safeguards when exporting data to countries without recognised adequacy status.

Kenya is still negotiating such recognition with the Commission, meaning contractual protections would be necessary.

The Irish Data Protection Commission, responsible for Meta’s GDPR oversight, has been contacted amid questions about whether Meta complied with EU requirements.

Lawmakers also want the Commission to examine whether proposed changes in the Digital Omnibus package could dilute privacy protections rather than strengthen them.

Critics argue the reforms might ease data-use rules for AI training at a moment when allegations about Meta’s smart glasses have intensified scrutiny of the EU’s broader digital policy agenda.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Amazon commits €33.7 billion to expand Spain cloud footprint

A €33.7 billion investment in Spain to expand cloud and AI infrastructure marks the most significant technology commitment in the country’s history, as Amazon confirms its major expansion plan.

Announced at MWC26 Barcelona, the package adds €18 billion to funding revealed in 2024 and strengthens the Amazon Web Services (AWS) Europe region based in Aragón.

Total investment in the AWS Europe (Spain) Region is expected to add €31.7 billion to GDP by 2035 and support around 29,900 jobs annually. About 6,700 direct roles stem from Amazon operations, with additional jobs created in construction, logistics, and supply chains.

New manufacturing and fulfilment facilities in Aragón are expected to create about 1,800 additional jobs, including a dedicated AI and machine learning server plant.

Since entering Spain in 2011, Amazon has invested more than €20 billion across retail, logistics, and cloud services. The Amazon Web Services region, launched in 2022, is accelerating AI adoption across Europe, including among Telefónica and BBVA.

A further €30 million will be allocated to community initiatives through 2035, focused on education, sustainability, and local development. Renewable energy projects, including 100 solar and wind sites, support operations and a net-zero carbon goal by 2040, establishing Aragón as a growing European digital hub.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Does politeness improve AI responses

Research suggests that being polite to AI chatbots such as ChatGPT does not reliably improve accuracy, despite widespread belief to the contrary. Experiments testing flattery, encouragement and even insults found inconsistent results across different large language models.

Experts in the US say many prominent engineering myths have faded as AI systems have improved. Minor wording changes, such as adding ‘please’ or ‘thank you’, are unlikely to influence mainstream generative AI tools consistently.

Computer scientists argue that users should treat AI as a tool rather than a person. Techniques that do work include asking for multiple options, providing concrete examples and requesting step-by-step clarification before generating a final response.

Researchers also warn that role playing can reduce accuracy when a question has one correct answer, potentially increasing hallucinations. For creative tasks, however, role play and iterative questioning can still be effective when used carefully.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Claws become the new trend in local agentic AI

A new expression has entered the AI vocabulary, with ‘claws’ becoming the latest term to capture the industry’s imagination.

The term refers to a growing family of open-source personal assistants designed to run locally on consumer hardware, often on Apple’s compact Mac mini rather than on cloud-based servers.

These assistants can access calendars, email accounts, coding tools, browsers and external model APIs, enabling them to carry out complex digital tasks autonomously.

Interest increased after AI researcher Andrej Karpathy described his experiments with claws, prompting broader attention across online communities.

Many users have begun adopting the tools as lightweight agentic systems capable of handling real work, from scheduling meetings to writing software overnight by linking to models from providers such as OpenAI.

The name originated with Clawdbot, which was recently rebranded as OpenClaw and became a prominent example in Silicon Valley.

A wave of variants, including NanoClaw, ZeroClaw and IronClaw, has followed, marking a surge in locally run assistants that appeal to users seeking greater autonomy, privacy and experimentation.

Growing enthusiasm for claws highlights a wider shift towards agentic AI running directly on personal devices.

Whether these systems become mainstream or remain a niche developer trend, they show how quickly the AI landscape can evolve and how new concepts often spread long before they fully mature.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Quantum-safe security upgrades SIM and eSIM cards

Thales has successfully demonstrated a world-first capability that prepares 5G networks for the era of quantum computing. The test proved that SIM and eSIM cards can be remotely upgraded to support post-quantum cryptography, boosting security without disrupting services or user experience.

The breakthrough highlights the potential of crypto-agile networks to evolve securely as quantum threats emerge.

Replacing millions of devices is impractical, so Thales enables operators to deploy quantum-safe algorithms directly to existing devices. Remote upgrades preserve data and connectivity while instantly boosting security, keeping 5G networks resilient and trusted.

The demonstration reinforces Thales’ leadership in post-quantum cryptography, with dedicated research teams developing quantum-resistant methods and contributing to international standards, including NIST initiatives.

Operators can now protect long-term investments, secure critical services, and prepare for the next generation of quantum computing without operational disruptions.

Thales’ approach offers a practical roadmap for telecoms to adopt quantum-safe security today, ensuring continuity, trust, and resilience across mobile networks as digital threats evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.