Encryption

The quantum internet is closer than it seems

The University of Pennsylvania’s engineering team has made a breakthrough that could bring the quantum internet much closer to practical use. Researchers have demonstrated that quantum and classical networks can share the same backbone by transmitting quantum signals over standard fibre optic infrastructure using the same Internet Protocol (IP) that powers today’s web.

Their silicon photonics ‘Q-Chip’ achieved over 97% fidelity in real-world field tests, showing that the quantum internet does not necessarily require building entirely new networks from scratch.

That result, while highly technical, has far-reaching implications. Beyond physics and computer science, it raises urgent questions for governance, national infrastructures, and the future of digital societies.

What the breakthrough shows

At its core, the Penn experiment achieved three things.

Integration with today’s internet

Quantum signals were transmitted as packets with classical headers readable by conventional routers, while the quantum information itself remained intact.

Noise management

The chip corrected disturbances by analysing the classical header without disturbing the quantum payload. An interesting fact is that the test ran on a Verizon fibre link between two buildings, not just in a controlled lab.

That fact makes the experiment different from earlier advances focusing mainly on quantum key distribution (QKD) or specialised lab setups. It points toward a future in which quantum networking and classical internet coexist and are managed through similar protocols.

Implications for governance and society

Government administration

Governments increasingly rely on digital infrastructure to deliver services, store sensitive records, and conduct diplomacy. The quantum internet could provide secure e-government services resistant to espionage or tampering, protected digital IDs and voting systems, reinforcing democratic integrity, and classified communication channels that even future quantum computers cannot decrypt.

That positions quantum networking as a sovereignty tool, not just a scientific advance.

Healthcare

Health systems are frequent targets of cyberattacks. Quantum-secured communication could protect patient records and telemedicine platforms, enable safe data sharing between hospitals and research centres, support quantum-assisted drug discovery and personalised medicine via distributed quantum computing.

Here, the technology directly impacts citizens’ trust in digital health.

Critical infrastructure and IT systems

National infrastructures, such as energy grids, financial networks, and transport systems, could gain resilience from quantum-secured communication layers.

In addition, quantum-enhanced sensing could provide more reliable navigation independent of GPS, enable early-warning systems for earthquakes or natural disasters, and strengthen resilience against cyber-sabotage of strategic assets.

Citizens and everyday services

For ordinary users, the quantum internet will first be invisible. Their emails, bank transactions, and medical consultations will simply become harder to hack.

Over time, however, quantum-secured platforms may become a market differentiator for banks, telecoms, and healthcare providers.

Citizens and universities may gain remote access to quantum computing resources, democratising advanced research and innovation.

Building a quantum-ready society

The Penn experiment matters because it shows that quantum internet infrastructure can evolve on top of existing systems. For policymakers, this raises several urgent points.

Standardisation

International bodies (IETF, ITU-T, ETSI) will need to define packet structures, error correction, and interoperability rules for quantum-classical networks.

Strategic investment

Countries face a decision whether to invest early in pilot testbeds (urban campuses, healthcare systems, or government services).

Cybersecurity planning

Quantum internet deployment should be aligned with the post-quantum cryptography transition, ensuring coherence between classical and quantum security measures.

Public trust

As with any critical infrastructure, clear communication will be needed to explain how quantum-secured systems benefit citizens and why governments are investing in them.

Key takeaways for policymakers

Quantum internet is governance, not just science. The Penn breakthrough shows that quantum signals can run on today’s networks, shifting the conversation from pure research to infrastructure and policy planning.

Governments should treat the quantum internet as a strategic asset, protecting national administrations, elections, and critical services from future cyber threats.

Early adoption in health systems could secure patient data, telemedicine, and medical research, strengthening public trust in digital services.

International cooperation (IETF, ITU-T, ETSI) will be needed to define protocols, interoperability, and security frameworks before large-scale rollouts.

Policymakers should align quantum network deployment with the global transition to post-quantum encryption, ensuring coherence across digital security strategies.

Governments could start with small-scale testbeds (smart cities, e-government nodes, or healthcare networks) to build expertise and shape standards from within.

Why does it matter?

The University of Pennsylvania’s ‘Q-Chip’ is a proof-of-concept that quantum and classical networks can speak the same language. While technical challenges remain, especially around scaling and quantum repeaters, the political and societal questions can no longer be postponed.

The quantum internet is not just a scientific project. It is emerging as a strategic infrastructure for the digital state of the future. Governments, regulators, and international organisations must begin preparing today so that tomorrow’s networks deliver speed and efficiency, trust, sovereignty, and resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Gen Z most vulnerable to phishing scams

A global survey commissioned by Yubico suggests that younger workers are more vulnerable to phishing scams than older generations. Gen Z respondents reported the highest level of interaction with phishing messages, with 62 percent admitting they engaged with a scam in the past year.

The study gathered responses from 18,000 employed adults in nine countries, including the UK, US, France, and Japan. In the past twelve months, 44 percent of participants admitted to clicking on or replying to a phishing message.

AI is raising the stakes for cybersecurity. Seventy percent of those surveyed believe phishing has become more effective due to AI, and 78 percent said the attacks seem more sophisticated. More than half could not confidently identify a phishing email when shown one.

Despite growing risks, cyber defences remain patchy. Only 48 percent said their workplace used multi-factor authentication across all services, and 40 percent reported never receiving cybersecurity training from their employer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers exploit flaw in two million Cisco devices

Hackers have targeted up to two million Cisco devices using a newly disclosed vulnerability in the company’s networking software. The flaw, tracked as CVE-2025-20352, affects all supported versions of Cisco IOS and IOS XE, which power many routers and switches.

Cisco confirmed that attackers have exploited the weakness in the wild, crashing systems, implanting malware, and potentially extracting sensitive data. The campaign builds on previous activity by the same threat group, which has also exploited Cisco Adaptive Security Appliance devices.

Attackers gained access after local administrator credentials were compromised, allowing them to implant malware and execute commands. The company’s Product Security Incident Response Team urged customers to upgrade immediately to fixed software releases to secure their systems.

The Canadian Centre for Cyber Security has warned organisations about sophisticated malware exploiting flaws in outdated Cisco ASA devices, urging immediate patching and stronger defences to protect critical systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI SHIELD unveiled to protect financial AI systems

Ant International has introduced AI SHIELD, a security framework to protect AI systems used in financial services. The toolkit aims to reduce risks such as fraud, bias, and misuse in AI applications like fraud detection, payment authorisation, and customer chatbots.

At the centre of AI SHIELD is the AI Security Docker, which applies safeguards throughout development and deployment. The framework includes authentication of AI agents, continuous monitoring to block threats in real time, and ongoing adversarial testing.

Ant said the system will support over 100 million merchants and 1.8 billion users worldwide across services like Alipay+, Antom, Bettr, and WorldFirst. It will also defend against deepfake attacks and account takeovers, with the firm claiming its EasySafePay 360 tool can cut such incidents by 90%.

The initiative is part of Ant’s wider role in setting industry standards, including its work with Google on the Agent Payments Protocol, which defines how AI agents transact securely with user approval.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK to introduce mandatory digital ID for work

The UK government has announced plans to make digital ID mandatory for proving the right to work by the end of the current Parliament, expected no later than 2029. Prime Minister Sir Keir Starmer said the scheme would tighten controls on illegal employment while offering wider benefits for citizens.

The digital ID will be stored on smartphones in a format similar to contactless payment cards or the NHS app. It is expected to include core details such as name, date of birth, nationality or residency status, and a photo.

The system aims to provide a more consistent and secure alternative to paper-based checks, reducing the risk of forged documents and streamlining verification for employers.

Officials believe the scheme could extend beyond employment, potentially simplifying access to driving licences, welfare, childcare, and tax records.

A consultation later in the year will decide whether additional data, such as residential addresses, should be integrated. The government has also pledged accessibility for citizens unable to use smartphones.

The proposal has faced political opposition, with critics warning of privacy risks, administrative burdens, and fears of creating a de facto compulsory ID card system.

Despite these objections, the government argues that digital ID will strengthen border controls, counter the shadow economy, and modernise public service access.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack on Jaguar Land Rover exposes UK supply chain risks

The UK’s ministers are considering an unprecedented intervention after a cyberattack forced Jaguar Land Rover to halt production, leaving thousands of suppliers exposed to collapse.

A late August hack shut down JLR’s IT networks and forced the suspension of its UK factories. Industry experts estimate losses of more than £50m a week, with full operations unlikely to restart until October or later.

JLR, owned by India’s Tata Motors, had not finalised cyber insurance before the breach, which left it particularly vulnerable.

Officials are weighing whether to buy and stockpile car parts from smaller firms that depend on JLR, though logistical difficulties make the plan complex. Government-backed loans are also under discussion.

Cybersecurity agencies, including the National Cyber Security Centre and the National Crime Agency, are now supporting the investigation.

The attack is part of a wider pattern of major breaches targeting UK institutions and retailers, with a group calling itself Scattered Lapsus$ Hunters claiming responsibility.

A growing threat that highlights how the country’s critical industries remain exposed to sophisticated cybercriminals, raising questions about resilience and the need for stronger digital defences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA highlights failures after US agency cyber breach

The US Cybersecurity and Infrastructure Security Agency (CISA) has published lessons from its response to a federal agency breach.

Hackers exploited an unpatched vulnerability in GeoServer software, gaining access to multiple systems. CISA noted that the flaw had been disclosed weeks earlier and added to its Known Exploited Vulnerabilities catalogue, but the agency had not patched it in time.

Investigators also found that incident response plans were outdated and had not been tested. The lack of clear procedures delayed third-party support and restricted access to vital security tools during the investigation.

CISA added that endpoint detection alerts were not continuously reviewed and some US public-facing systems had no protection, leaving attackers free to install web shells and move laterally through the network.

The agency urged all organisations to prioritise patching, maintain and rehearse incident response plans, and ensure comprehensive logging to strengthen resilience against future cybersecurity attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Secrets sprawl flagged as top software supply chain risk in Australia

Avocado Consulting urges Australian organisations to boost software supply chain security after a high-alert warning from the Australian Cyber Security Centre (ACSC). The alert flagged threats, including social engineering, stolen tokens, and manipulated software packages.

Dennis Baltazar of Avocado Consulting said attackers combine social engineering with living-off-the-land techniques, making attacks appear routine. He warned that secrets left across systems can turn small slips into major breaches.

Baltazar advised immediate audits to find unmanaged privileged accounts and non-human identities. He urged embedding security into workflows by using short-lived credentials, policy-as-code, and default secret detection to reduce incidents and increase development speed for users in Australia.

Avocado Consulting advises organisations to eliminate secrets from code and pipelines, rotate tokens frequently, and validate every software dependency by default using version pinning, integrity checks, and provenance verification. Monitoring CI/CD activity for anomalies can also help detect attacks early.

Failing to act could expose cryptographic keys, facilitate privilege escalation, and result in reputational and operational damage. Avocado Consulting states that secure development practices must become the default, with automated scanning and push protection integrated into the software development lifecycle.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK government AI tool recovers £500m lost to fraud

A new AI system developed by the UK Cabinet Office has helped reclaim nearly £500m in fraudulent payments, marking the government’s most significant recovery of public funds in a single year.

The Fraud Risk Assessment Accelerator analyses data across government departments to identify weaknesses and prevent scams before they occur.

It uncovered unlawful council tax claims, social housing subletting, and pandemic-related fraud, including £186m linked to Covid support schemes. Ministers stated the savings would be redirected to fund nurses, teachers, and police officers.

Officials confirmed the tool will be licensed internationally, with the US, Canada, Australia, and New Zealand among the first partners expected to adopt it.

The UK announced the initiative at an anti-fraud summit with these countries, describing it as a step toward global cooperation in securing public finances through AI.

However, civil liberties groups have raised concerns about bias and oversight. Previous government AI systems used to detect welfare fraud were found to produce disparities based on age, disability, and nationality.

Campaigners warned that the expanded use of AI in fraud detection risks embedding unfair outcomes if left unchecked.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Stellantis hit by breach affecting millions of customers

Stellantis, the parent company of Jeep, Chrysler and Dodge, has disclosed a data breach affecting its North American customer service operations.

The company said it recently discovered unauthorised access to a third-party service platform and confirmed that customer contact details were exposed. Stellantis stressed that no financial information was compromised and that affected customers and regulators are being notified.

Cybercriminal group ShinyHunters has claimed responsibility, telling tech site BleepingComputer it had stolen over 18 million Salesforce records from the automaker, including names and contact information. Stellantis has not confirmed the number of records involved.

ShinyHunters has targeted several global firms this year, including Google, Louis Vuitton and Allianz Life, often using voice phishing to trick employees into downloading malicious software. The group claims to have stolen 1.5 billion Salesforce records from more than 700 companies worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot