OpenAI says a security incident at Mixpanel exposed limited metadata linked to the API interface. Mixpanel’s systems, not OpenAI’s, were compromised during the intrusion. No chat content, passwords, API keys, or payment information was affected.
Mixpanel told OpenAI that an attacker exported a dataset containing basic user profile fields. The information includes names, email addresses, coarse location data, and browser details. OpenAI has removed Mixpanel from production and is notifying impacted users.
OpenAI maintains that its internal infrastructure remains secure with no evidence of unauthorised access. Wider reviews across the vendor ecosystem are underway to assess potential risks. The company has raised security requirements for partners and continues to monitor for misuse.
Security teams warn that the leaked data could fuel phishing or social-engineering attempts. Users are urged to treat unsolicited messages with caution and verify communications sent under the OpenAI name. Multi-factor authentication remains strongly recommended for all accounts as an added safeguard.
OpenAI reiterates that trust and privacy remain core to its products and operations. The organisation has ended its use of Mixpanel and is reviewing supporting services to prevent similar issues. Impacted organisations will receive direct notifications as the investigation continues.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A major provider of three widely used nudify services has cut off Australian access after enforcement action from eSafety.
The company received an official warning in September for allowing its tools to be used to produce AI-generated material that harmed children.
A withdrawal that follows concerns about incidents involving school students and repeated reminders that online services must meet Australia’s mandatory safety standards.
eSafety stated that Australia’s codes and standards are encouraging companies to adopt stronger safeguards.
The Commissioner noted that preventing the misuse of consumer tools remains central to reducing the risk of harm and that more precise boundaries can lower the likelihood of abuse affecting young people.
Attention has also turned to underlying models and the hosting platforms that distribute them.
Hugging Face has updated its terms to require users to take steps to mitigate the risks associated with uploaded models, including preventing misuse for generating harmful content. The company is required to act when reports or internal checks reveal breaches of its policies.
eSafety indicated that failure to comply with industry codes or standards can lead to enforcement measures, including significant financial penalties.
The agency is working with the government on further reforms intended to restrict access to nudify tools and strengthen protections across the technology stack.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Coinbase Ventures has shared the ideas its team is most excited about for 2026, highlighting areas with high potential for innovation in crypto and blockchain. Key sectors include asset tokenisation, specialised exchanges, next-generation DeFi, and AI-driven robotics.
The firm is actively seeking teams to invest in these emerging opportunities.
Perpetual contracts on real-world assets are set to expand, enabling synthetic exposure to private companies, commodities, and macroeconomic data. Specialised exchanges and trading terminals aim to consolidate liquidity, protect market makers, and improve the prediction market user experience.
Next-gen DeFi will expand with composable perpetual markets, unsecured lending, and privacy-focused applications. These developments could redefine capital efficiency, financial infrastructure, and user confidentiality across the ecosystem.
AI and robotics are also a focus, with projects targeting advanced robotic data collection, proof-of-humanity solutions, and AI-driven innovative contract development. Coinbase Ventures emphasises the potential for these technologies to accelerate on-chain adoption and innovation.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Security researchers have uncovered a malicious Chrome extension that secretly diverts SOL from users conducting swaps on the Solana blockchain. The extension, called Crypto Copilot, injects an undisclosed transfer into every Raydium transaction, quietly routing funds to a hardcoded attacker wallet.
The tool presents itself as a convenience app that enables Solana swaps directly from X posts, connecting to wallets such as Phantom and Solflare. Behind the interface, the code appends a hidden SystemProgram.transfer instruction to each transaction.
The fee is set at either 0.0013 SOL or 0.05% of the trade amount, whichever is higher, and remains invisible unless the user inspects the complete instruction list.
External services lend the app legitimacy, utilising DexScreener data, Helius RPC calls, and a backend dashboard that provides no actual functionality. Researchers warn that the disposable infrastructure, misspelt domains, and obfuscated code point to clear malicious intent, not an unfinished product.
On-chain analysis indicates limited gains for attackers so far, likely due to the low distribution. The mechanism, however, scales directly with swap volume, placing high-frequency and large-volume traders at the most significant risk.
Security teams are urging users to avoid closed-source trading extensions and to scrutinise Solana transactions before signing.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
EU regulators are preparing for a significant shift in crypto oversight as new rules take effect on 1 January 2026. Crypto providers must report all customer transactions and holdings in a uniform digital format, giving tax authorities broader visibility across the bloc.
The DAC8 framework brings mandatory cross-border data sharing, a centralised operator register and unique ID numbers for each reporting entity. These measures aim to streamline supervision and enhance transparency, even though data on delisted firms must be preserved for up to twelve months.
Privacy concerns are rising as the new rules expand the travel rule for transfers above €1,000 and introduce possible ownership checks on private wallets. Combined with MiCA and upcoming AML rules, regulators gain deeper insight into user behaviour, wallet flows and platform operations.
Plans for ESMA to oversee major exchanges are facing pushback from smaller financial hubs, which are concerned about higher compliance costs and reduced competitiveness. Supporters argue that unified supervision is necessary to prevent regulatory gaps and reinforce market integrity across the EU.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Researchers have uncovered a large phishing operation, known as Quantum Route Redirect (QRR), that creates fake Microsoft 365 login pages across nearly 1,000 domains. The campaign uses convincing email lures, including DocuSign notices and payment alerts, to steal user credentials.
QRR operations have reached 90 countries, with US users hit hardest. Analysts say the platform evades scanners by sending bots to safe pages while directing real individuals to credential-harvesting sites on compromised domains.
The kit emerged shortly after Microsoft disrupted the RaccoonO365 network, which had stolen thousands of accounts. Similar tools, such as VoidProxy and Darcula, have appeared; yet, QRR stands out for its automation and ease of use, which enable rapid, large-scale attacks.
Cybersecurity experts warn that URL scanning alone can no longer stop such operations. Organisations are urged to adopt layered protection, stronger sign-in controls and behavioural monitoring to detect scams that increasingly mimic genuine Microsoft systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Trials at a stadium in Milton Keynes demonstrated that thousands of spectators can stream high-quality live video feeds directly to their mobile devices.
Developed collaboratively by the University of Bristol, AI specialists Madevo, and network experts Weaver Labs, the system also delivers live player statistics, exclusive behind-the-scenes content, and real-time queue navigation. Traditional mobile networks often struggle to cope with peak demand at large venues, leaving fans frustrated.
The innovation offers clubs an opportunity to transform their stadiums into fully smart-enabled venues. University researchers said the successful trial represents a major step forward for Bristol’s Smart Internet Lab as it celebrates a decade of pioneering connectivity solutions.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Qualcomm has introduced the Snapdragon 8 Gen 5 Mobile Platform, positioning it as a premium upgrade that elevates performance, AI capability, and gaming. The company says the new chipset responds to growing demand for more advanced features in flagship smartphones.
Snapdragon 8 Gen 5 includes an enhanced sensing hub that wakes an AI assistant when a user picks up their device. Qualcomm says the platform supports agentic AI functions through the updated AI Engine, enabling more context-aware interactions and personalised assistance directly on the device.
The system is powered by the custom Oryon CPU, reaching speeds up to 3.8 GHz and delivering notable improvements in responsiveness and web performance. Qualcomm reports a 36% increase in overall processing power and an 11% boost to graphics output through its updated Adreno GPU architecture.
Qualcomm executives say the refreshed platform will bring high-end performance to more markets. Chris Patrick, senior vice-president for mobile handsets, says Snapdragon 8 Gen 5 is built to meet rising demands for speed, efficiency, and intelligent features.
Qualcomm confirmed that the chipset will appear in upcoming flagship devices from manufacturers including iQOO, Honor, Meizu, Motorola, OnePlus, and vivo. The company expects the platform to anchor next-generation models entering global markets in the months ahead.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
South Africa is betting on green technology to drive development while cutting emissions. Overlapping laws and strategies create a complex, sometimes conflicting environment for investors and innovators. Analysts warn that fragmentation slows both climate action and the just transition.
Flagship measures, such as the Climate Change Act and the Just Energy Transition Investment Plan, anchor long-term goals. The government aims to mobilise around R1.5 trillion, including an initial R8.5 billion in catalytic finance.
Funding targets power generation, new energy vehicles and green hydrogen, with private capital expected to follow. Renewable Energy Independent Power Producer projects showcase successful public-private partnerships that attracted significant foreign and domestic investment.
Localisation rules, special economic zones and tariff tweaks seek to build manufacturing capacity and transfer skills. Critics argue that strict content quotas and data localisation can delay projects and deter prospective investors.
Observers say harmonised policies, clearer incentives and stronger coordination across sectors are essential for effective green technology transfer. Greater collaboration between the South African government, businesses, and universities could translate promising pilots into climate-resilient industries.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The EU member states have endorsed a position for new rules to counter child sexual abuse online. The plan introduces duties for digital services to prevent the spread of abusive material. It also creates an EU Centre to coordinate enforcement and support national authorities.
Service providers must assess how their platforms could be misused and apply mitigation measures. These may include reporting tools, stronger privacy defaults for minors, and controls over shared content. National authorities will review these steps and can order additional action where needed.
A three-tier risk system will categorise services as high, medium, or low risk. High-risk platforms may be required to help develop protective technologies. Providers that fail to comply with obligations could face financial penalties under the regulation.
Victims will be able to request the removal or disabling of abusive material depicting them. The EU Centre will verify provider responses and maintain a database to manage reports. It will also share relevant information with Europol and law enforcement bodies.
The Council supports extending voluntary scanning for abusive content beyond its current expiry. Negotiations with the European Parliament will now begin on the final text. The Parliament adopted its position in 2023 and will help decide the Centre’s location.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
