Consumer protection

LMArena tightens rules after Llama 4 incident

Meta has come under scrutiny after submitting a specially tuned version of its Llama 4 AI model to the LMArena leaderboard, sparking concerns about fair competition.

The ‘experimental’ version, dubbed Llama-4-Maverick-03-26-Experimental, ranked second in popularity, trailing only Google’s Gemini-2.5-Pro.

While Meta openly labelled the model as experimental, many users assumed it reflected the public release. Once the official version became available, users quickly noticed it lacked the expressive, emoji-filled responses seen in the leaderboard battles.

LMArena, a crowdsourced platform where users vote on chatbot responses, said Meta’s custom variant appeared optimised for human approval, possibly skewing the results.

The group released over 2,000 head-to-head matchups to back its claims, showing the experimental Llama 4 consistently offered longer, more engaging answers than the more concise public build.

In response, LMArena updated its policies to ensure greater transparency and stated that Meta’s use of the experimental model did not align with expectations for leaderboard submissions.

Meta defended its approach, stating the experimental model was designed to explore chat optimisation and was never hidden. While company executives denied any misconduct, including speculation around training on test data, they acknowledged inconsistent performance across platforms.

Meta’s GenAI chief Ahmad Al-Dahle said it would take time for all public implementations to stabilise and improve. Meanwhile, LMArena plans to upload the official Llama 4 release to its leaderboard for more accurate evaluation going forward.

For more information on these topics, visit diplomacy.edu.

Adaptive Security raises millions to fight AI scams

OpenAI has made its first move into the cybersecurity space by co-leading a US$43 million Series A funding round for New York-based startup Adaptive Security.

The round was also backed by venture capital firm Andreessen Horowitz, highlighting growing investor interest in solutions aimed at tackling AI-driven threats.

Adaptive Security specialises in simulating social engineering attacks powered by AI, such as fake phone calls, text messages, and emails. These simulations are designed to train employees and identify weak points within an organisation’s defences.

With over 100 customers already on board, the platform is proving to be a timely solution as generative AI continues to fuel increasingly convincing cyber scams.

The funding will be used to scale up the company’s engineering team and enhance its platform to meet growing demand.

As AI-powered threats evolve, Adaptive Security aims to stay ahead of the curve by helping organisations better prepare their staff to recognise and respond to sophisticated digital deception.

For more information on these topics, visit diplomacy.edu.

Dutch researchers to face new security screenings

The Dutch government has proposed new legislation requiring background checks for thousands of researchers working with sensitive technologies. The plan, announced by Education Minister Eppo Bruins, aims to block foreign intelligence from accessing high-risk scientific work.

Around 8,000 people a year, including Dutch citizens, would undergo screenings involving criminal records, work history, and possible links to hostile regimes.

Intelligence services would support the process, which targets sectors like AI, quantum computing, and biotech.

Universities worry the checks may deter global talent due to delays and bureaucracy. Critics also highlight a loophole: screenings occur only once, meaning researchers could still be approached by foreign governments after being cleared.

While other countries are introducing similar measures, the Netherlands will attempt to avoid unnecessary delays. Officials admit, however, that no system can eliminate all risks.

For more information on these topics, visit diplomacy.edu.

Neptune RAT malware targeting Windows users

A highly advanced malware known as Neptune RAT is making waves in the cybersecurity world, posing a major threat to Windows PC users. Labelled by experts as the ‘most advanced RAT ever,’ it is capable of hijacking systems, stealing cryptocurrency, extracting passwords, and even launching ransomware attacks.

According to cybersecurity firm CYFIRMA, Neptune RAT is being distributed via platforms like GitHub, Telegram and YouTube, and is available as malware-as-a-service, allowing virtually anyone to deploy it for a fee.

Neptune RAT’s feature set is alarmingly broad. It includes a crypto clipper that silently redirects cryptocurrency transactions by replacing wallet addresses with those controlled by the attackers.

It also comes with a password-stealing tool that can extract credentials from over 270 applications, including popular browsers like Chrome. Beyond theft, the malware can spy on users in real-time, disable antivirus tools including Windows Defender, and encrypt files for ransom, making it a formidable threat.

Cybersecurity experts are urging users to avoid clicking on unknown links or downloading suspicious files from platforms where the malware is circulating. In extreme cases, Neptune RAT even includes a data-wiping feature, allowing attackers to destroy all data on a compromised system.

Users are advised to stay cautious online and consider identity theft protection plans that offer financial recovery and insurance should a system replacement become necessary.

For more information on these topics, visit diplomacy.edu.

Dangerous WhatsApp desktop bug prompts update

A critical vulnerability has been discovered in WhatsApp Desktop for Windows, potentially allowing attackers to execute malicious code through deceptive file attachments.

Tracked as CVE-2025-30401, the flaw affects all versions prior to 2.2450.6 and poses a high security risk. The issue arises from a mismatch between how WhatsApp displays attachments and how the system opens them, enabling attackers to disguise executable files as harmless media.

When a user opens an attachment from within WhatsApp, the app displays the file based on its MIME type, such as an image. However, Windows opens the file using its extension, which could be malicious, like .exe.

The inconsistency could lead users to unknowingly launch harmful programs by trusting the attachment’s appearance. Security experts warn the exploit is especially dangerous in group chats, where a single malicious file could target several people at once.

Meta, WhatsApp’s parent company, has released version 2.2450.6 to fix the issue and is urging all users to update immediately.

Security researchers have likened the threat to previous vulnerabilities in the app, including one in 2024 that allowed silent execution of scripts. Given the high severity rating and ease of exploitation, users are advised not to delay updating their software.

For more information on these topics, visit diplomacy.edu.

New Jersey criminalises AI-generated nude deepfakes of minors

New Jersey has become the first US state to criminalise the creation and sharing of AI-generated nude images of minors, following a high-profile campaign led by 14-year-old Francesca Mani. The US legislation, signed into law on 2 April by Governor Phil Murphy, allows victims to sue perpetrators for up to $1,000 per image and includes criminal penalties of up to five years in prison and fines of up to $30,000.

Mani launched her campaign after discovering that boys at her school had used an AI “nudify” website to target her and other girls. Refusing to accept the school’s minimal disciplinary response, she called for lawmakers to take decisive action against such deepfake abuses. Her efforts gained national attention, including a feature on 60 Minutes, and helped drive the new legal protections.

The law defines deepfakes as media that convincingly depicts someone doing something they never actually did. It also prohibits the use of such technology for election interference or defamation. Although the law’s focus is on malicious misuse, questions remain about whether exemptions will be made for legitimate uses in film, tech, or education sectors.

For more information on these topics, visit diplomacy.edu.

Metro Bank teams up with Ask Silver to fight fraud

Metro Bank has introduced an AI-powered scam detection tool, becoming the first UK bank to offer customers instant scam checks through a simple WhatsApp service.

Developed in partnership with Ask Silver, the Scam Checker allows users to upload images or screenshots of suspicious emails, websites, or documents for rapid analysis and safety advice.

The tool is free for personal and business customers, who receive alerts if the communication is flagged as fraudulent. Ask Silver’s technology not only identifies potential scams but also automatically reports them to relevant authorities.

The company was founded after one of the co-founders’ family members lost £150,000 to a scam, fuelling its mission to prevent similar crimes.

The launch comes amid a surge in impersonation scams across the United Kingdom, with over £1 billion lost to fraud in 2023. Metro Bank’s head of fraud, Baz Thompson, said the tool helps counter tactics that rely on urgency and pressure.

Customers are also reminded that the bank will never request sensitive information or press them to act quickly via emails or texts.

For more information on these topics, visit diplomacy.edu.

Thailand strengthens cybersecurity with Google Cloud

Thailand’s National Cyber Security Agency (NCSA) has joined forces with Google Cloud to strengthen the country’s cyber resilience, using AI-based tools and shared threat intelligence instead of relying solely on traditional defences.

The collaboration aims to better protect public agencies and citizens against increasingly sophisticated cyber threats.

A key part of the initiative involves deploying Google Cloud Cybershield for centralised monitoring of security events across government bodies. Instead of having fragmented monitoring systems, this unified approach will help streamline incident detection and response.

The partnership also brings advanced training for cybersecurity personnel in the public sector, alongside regular threat intelligence sharing.

Google Cloud Web Risk will be integrated into government operations to automatically block websites hosting malware and phishing content, instead of relying on manual checks.

Google further noted the impact of its anti-scam technology in Google Play Protect, which has prevented over 6.6 million high-risk app installation attempts in Thailand since its 2024 launch—enhancing mobile safety for millions of users.

For more information on these topics, visit diplomacy.edu.

OpenAI backs Adaptive Security in the battle against AI threats

AI-driven cyber threats are on the rise, making it easier than ever for hackers to deceive employees through deepfake scams and phishing attacks.

OpenAI, a leader in generative AI, has recognised the growing risk and made its first cybersecurity investment in New York-based startup Adaptive Security. The company has secured $43 million in Series A funding, co-led by OpenAI’s startup fund and Andreessen Horowitz.

Adaptive Security helps companies prepare for AI-driven cyberattacks by simulating deepfake calls, texts, and emails. Employees may receive a phone call that sounds like their CTO, asking for sensitive information, but in reality, it is an AI-generated test.

The platform identifies weak points in a company’s security and trains staff to recognise potential threats. Social engineering scams, which trick employees into revealing sensitive data, have already led to massive financial losses, such as the $600 million Axie Infinity hack in 2022.

CEO Brian Long, a seasoned entrepreneur, says the funding will go towards hiring engineers and improving the platform to keep pace with evolving AI threats.

The investment comes amid a surge in cybersecurity funding, with companies like Cyberhaven, Snyk, and GetReal also securing major investments.

As cyber risks become more advanced, Long advises employees to take simple precautions, including deleting voicemails to prevent hackers from cloning their voices.

For more information on these topics, visit diplomacy.edu.

National Crime Agency responds to AI crime warning

The National Crime Agency (NCA) has pledged to ‘closely examine’ recommendations from the Alan Turing Institute after a recent report highlighted the UK’s insufficient preparedness for AI-enabled crime.

The report, from the Centre for Emerging Technology and Security (CETaS), urges the NCA to create a task force to address AI crime within the next five years.

Despite AI-enabled crime being in its early stages, the report warns that criminals are rapidly advancing their use of AI, outpacing law enforcement’s ability to respond.

CETaS claims that UK police forces have been slow to adopt AI themselves, which could leave them vulnerable to increasingly sophisticated crimes, such as child sexual abuse, cybercrime, and fraud.

The Alan Turing Institute emphasises that although AI-specific legislation may be needed eventually, the immediate priority is for law enforcement to integrate AI into their crime-fighting efforts.

An initiative like this would involve using AI tools to combat AI-enabled crimes effectively, as fraudsters and criminals exploit AI’s potential to deceive.

While AI crime remains a relatively new phenomenon, recent examples such as the $25 million Deepfake CFO fraud show the growing threat.

The report also highlights the role of AI in phishing scams, romance fraud, and other deceptive practices, warning that future AI-driven crimes may become harder to detect as technology evolves.

For more information on these topics, visit diplomacy.edu.