Google researchers have unveiled CodeMender, an AI-powered agent designed to automatically detect and fix software vulnerabilities.
The tool aims to improve code security by generating and applying patches that address critical flaws, allowing developers to focus on building reliable software instead of manually locating and repairing weaknesses.
Built on the Gemini Deep Think models, CodeMender operates autonomously, identifying vulnerabilities, reasoning about the underlying code, and validating patches to ensure they are correct and do not introduce regressions.
Over the past six months, it has contributed 72 security fixes to open source projects, including those with millions of lines of code.
The system combines advanced program analysis with multi-agent collaboration to strengthen its decision-making. It employs techniques such as static and dynamic analysis, fuzzing and differential testing to trace the root causes of vulnerabilities.
Each proposed fix undergoes rigorous validation before being reviewed by human developers to guarantee quality and compliance with coding standards.
According to Google, CodeMender’s dual approach (reactively patching new flaws and proactively rewriting code to eliminate entire vulnerability classes) represents a major step forward in AI-driven cybersecurity.
The company says the tool’s success demonstrates how AI can transform the maintenance and protection of modern software systems.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Despite privacy concerns and parliamentary criticism, the Dutch Tax Administration will move much of its digital workplace to Microsoft’s cloud. State Secretary Eugène Heijnen told lawmakers that no suitable European alternatives met the technical, legal, and functional requirements.
Privacy advocates warn that using a US-based provider could put compliance with GDPR at risk, especially when data may leave the EU. Concerns about long-term dependency on a single cloud vendor have also been raised, making future transitions costly and complex.
Heijnen said sensitive documents would remain on internal servers, while cloud services would handle workplace functions. Employees had complained that the current system was inefficient and difficult to use.
The Court of Audit reported earlier this year that nearly two-thirds of the Dutch government’s public cloud services had not been properly risk-assessed. Despite this, Heijnen insisted that Microsoft offered the most viable option.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US National Institute of Standards and Technology (NIST) has updated its password guidelines, urging organisations to drop strict complexity rules. NIST states that requirements such as mandatory symbols and frequent resets often harm usability without significantly improving security.
Instead, the agency recommends using blocklists for breached or commonly used passwords, implementing hashed storage, and rate limiting to resist brute-force attacks. Multi-factor authentication and password managers are encouraged as additional safeguards.
Password length remains essential. Short strings are easily cracked, but users should be allowed to create longer passphrases. NIST recommends limiting only extremely long passwords that slow down hashing.
The new approach replaces mandatory resets with changes triggered only after suspected compromise, such as a data breach. NIST argues this method reduces fatigue while improving overall account protection.
Businesses adopting these guidelines must audit their existing policies, reconfigure authentication systems, deploy blocklists, and train employees to adapt accordingly. Clear communication of the changes will be key to ensuring compliance.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The University of Pennsylvania’s engineering team has made a breakthrough that could bring the quantum internet much closer to practical use. Researchers have demonstrated that quantum and classical networks can share the same backbone by transmitting quantum signals over standard fibre optic infrastructure using the same Internet Protocol (IP) that powers today’s web.
Their silicon photonics ‘Q-Chip’ achieved over 97% fidelity in real-world field tests, showing that the quantum internet does not necessarily require building entirely new networks from scratch.
That result, while highly technical, has far-reaching implications. Beyond physics and computer science, it raises urgent questions for governance, national infrastructures, and the future of digital societies.
Quantum signals were transmitted as packets with classical headers readable by conventional routers, while the quantum information itself remained intact.
Noise management
The chip corrected disturbances by analysing the classical header without disturbing the quantum payload. An interesting fact is that the test ran on a Verizon fibre link between two buildings, not just in a controlled lab.
That fact makes the experiment different from earlier advances focusing mainly on quantum key distribution (QKD) or specialised lab setups. It points toward a future in which quantum networking and classical internet coexist and are managed through similar protocols.
Implications for governance and society
Government administration
Governments increasingly rely on digital infrastructure to deliver services, store sensitive records, and conduct diplomacy. The quantum internet could provide secure e-government services resistant to espionage or tampering, protected digital IDs and voting systems, reinforcing democratic integrity, and classified communication channels that even future quantum computers cannot decrypt.
That positions quantum networking as a sovereignty tool, not just a scientific advance.
Healthcare
Health systems are frequent targets of cyberattacks. Quantum-secured communication could protect patient records and telemedicine platforms, enable safe data sharing between hospitals and research centres, support quantum-assisted drug discovery and personalised medicine via distributed quantum computing.
Here, the technology directly impacts citizens’ trust in digital health.
Critical infrastructure and IT systems
National infrastructures, such as energy grids, financial networks, and transport systems, could gain resilience from quantum-secured communication layers.
In addition, quantum-enhanced sensing could provide more reliable navigation independent of GPS, enable early-warning systems for earthquakes or natural disasters, and strengthen resilience against cyber-sabotage of strategic assets.
Citizens and everyday services
For ordinary users, the quantum internet will first be invisible. Their emails, bank transactions, and medical consultations will simply become harder to hack.
Over time, however, quantum-secured platforms may become a market differentiator for banks, telecoms, and healthcare providers.
Citizens and universities may gain remote access to quantum computing resources, democratising advanced research and innovation.
Building a quantum-ready society
The Penn experiment matters because it shows that quantum internet infrastructure can evolve on top of existing systems. For policymakers, this raises several urgent points.
Standardisation
International bodies (IETF, ITU-T, ETSI) will need to define packet structures, error correction, and interoperability rules for quantum-classical networks.
Strategic investment
Countries face a decision whether to invest early in pilot testbeds (urban campuses, healthcare systems, or government services).
Cybersecurity planning
Quantum internet deployment should be aligned with the post-quantum cryptography transition, ensuring coherence between classical and quantum security measures.
Public trust
As with any critical infrastructure, clear communication will be needed to explain how quantum-secured systems benefit citizens and why governments are investing in them.
Key takeaways for policymakers
Quantum internet is governance, not just science. The Penn breakthrough shows that quantum signals can run on today’s networks, shifting the conversation from pure research to infrastructure and policy planning.
Governments should treat the quantum internet as a strategic asset, protecting national administrations, elections, and critical services from future cyber threats.
Early adoption in health systems could secure patient data, telemedicine, and medical research, strengthening public trust in digital services.
International cooperation (IETF, ITU-T, ETSI) will be needed to define protocols, interoperability, and security frameworks before large-scale rollouts.
Policymakers should align quantum network deployment with the global transition to post-quantum encryption, ensuring coherence across digital security strategies.
Governments could start with small-scale testbeds (smart cities, e-government nodes, or healthcare networks) to build expertise and shape standards from within.
Why does it matter?
The University of Pennsylvania’s ‘Q-Chip’ is a proof-of-concept that quantum and classical networks can speak the same language. While technical challenges remain, especially around scaling and quantum repeaters, the political and societal questions can no longer be postponed.
The quantum internet is not just a scientific project. It is emerging as a strategic infrastructure for the digital state of the future. Governments, regulators, and international organisations must begin preparing today so that tomorrow’s networks deliver speed and efficiency, trust, sovereignty, and resilience.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
A global survey commissioned by Yubico suggests that younger workers are more vulnerable to phishing scams than older generations. Gen Z respondents reported the highest level of interaction with phishing messages, with 62 percent admitting they engaged with a scam in the past year.
The study gathered responses from 18,000 employed adults in nine countries, including the UK, US, France, and Japan. In the past twelve months, 44 percent of participants admitted to clicking on or replying to a phishing message.
AI is raising the stakes for cybersecurity. Seventy percent of those surveyed believe phishing has become more effective due to AI, and 78 percent said the attacks seem more sophisticated. More than half could not confidently identify a phishing email when shown one.
Despite growing risks, cyber defences remain patchy. Only 48 percent said their workplace used multi-factor authentication across all services, and 40 percent reported never receiving cybersecurity training from their employer.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Hackers have targeted up to two million Cisco devices using a newly disclosed vulnerability in the company’s networking software. The flaw, tracked as CVE-2025-20352, affects all supported versions of Cisco IOS and IOS XE, which power many routers and switches.
Cisco confirmed that attackers have exploited the weakness in the wild, crashing systems, implanting malware, and potentially extracting sensitive data. The campaign builds on previous activity by the same threat group, which has also exploited Cisco Adaptive Security Appliance devices.
Attackers gained access after local administrator credentials were compromised, allowing them to implant malware and execute commands. The company’s Product Security Incident Response Team urged customers to upgrade immediately to fixed software releases to secure their systems.
The Canadian Centre for Cyber Security has warned organisations about sophisticated malware exploiting flaws in outdated Cisco ASA devices, urging immediate patching and stronger defences to protect critical systems.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Ant International has introduced AI SHIELD, a security framework to protect AI systems used in financial services. The toolkit aims to reduce risks such as fraud, bias, and misuse in AI applications like fraud detection, payment authorisation, and customer chatbots.
At the centre of AI SHIELD is the AI Security Docker, which applies safeguards throughout development and deployment. The framework includes authentication of AI agents, continuous monitoring to block threats in real time, and ongoing adversarial testing.
Ant said the system will support over 100 million merchants and 1.8 billion users worldwide across services like Alipay+, Antom, Bettr, and WorldFirst. It will also defend against deepfake attacks and account takeovers, with the firm claiming its EasySafePay 360 tool can cut such incidents by 90%.
The initiative is part of Ant’s wider role in setting industry standards, including its work with Google on the Agent Payments Protocol, which defines how AI agents transact securely with user approval.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK government has announced plans to make digital ID mandatory for proving the right to work by the end of the current Parliament, expected no later than 2029. Prime Minister Sir Keir Starmer said the scheme would tighten controls on illegal employment while offering wider benefits for citizens.
The digital ID will be stored on smartphones in a format similar to contactless payment cards or the NHS app. It is expected to include core details such as name, date of birth, nationality or residency status, and a photo.
The system aims to provide a more consistent and secure alternative to paper-based checks, reducing the risk of forged documents and streamlining verification for employers.
Officials believe the scheme could extend beyond employment, potentially simplifying access to driving licences, welfare, childcare, and tax records.
A consultation later in the year will decide whether additional data, such as residential addresses, should be integrated. The government has also pledged accessibility for citizens unable to use smartphones.
The proposal has faced political opposition, with critics warning of privacy risks, administrative burdens, and fears of creating a de facto compulsory ID card system.
Despite these objections, the government argues that digital ID will strengthen border controls, counter the shadow economy, and modernise public service access.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK’s ministers are considering an unprecedented intervention after a cyberattack forced Jaguar Land Rover to halt production, leaving thousands of suppliers exposed to collapse.
A late August hack shut down JLR’s IT networks and forced the suspension of its UK factories. Industry experts estimate losses of more than £50m a week, with full operations unlikely to restart until October or later.
JLR, owned by India’s Tata Motors, had not finalised cyber insurance before the breach, which left it particularly vulnerable.
Officials are weighing whether to buy and stockpile car parts from smaller firms that depend on JLR, though logistical difficulties make the plan complex. Government-backed loans are also under discussion.
Cybersecurity agencies, including the National Cyber Security Centre and the National Crime Agency, are now supporting the investigation.
The attack is part of a wider pattern of major breaches targeting UK institutions and retailers, with a group calling itself Scattered Lapsus$ Hunters claiming responsibility.
A growing threat that highlights how the country’s critical industries remain exposed to sophisticated cybercriminals, raising questions about resilience and the need for stronger digital defences.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The US Cybersecurity and Infrastructure Security Agency (CISA) has published lessons from its response to a federal agency breach.
Hackers exploited an unpatched vulnerability in GeoServer software, gaining access to multiple systems. CISA noted that the flaw had been disclosed weeks earlier and added to its Known Exploited Vulnerabilities catalogue, but the agency had not patched it in time.
Investigators also found that incident response plans were outdated and had not been tested. The lack of clear procedures delayed third-party support and restricted access to vital security tools during the investigation.
CISA added that endpoint detection alerts were not continuously reviewed and some US public-facing systems had no protection, leaving attackers free to install web shells and move laterally through the network.
The agency urged all organisations to prioritise patching, maintain and rehearse incident response plans, and ensure comprehensive logging to strengthen resilience against future cybersecurity attacks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
