Human rights principles

Cloudflare adds LLM layer to client-side security detection pipeline

Cloudflare has announced two changes to its client-side security offering, making Client-Side Security Advanced available to self-serve customers and offering domain-based threat intelligence at no extra cost to all users on the free Client-Side Security bundle. The update is focused on browser-based attacks that can steal data via malicious scripts without visibly disrupting a website’s normal operation.

Cloudflare says its client-side security system assesses 3.5 billion scripts per day and monitors an average of 2,200 scripts per enterprise zone. According to the company, the product relies on browser reporting, including Content Security Policy signals, rather than scanners or application instrumentation, and requires only that traffic be proxied through Cloudflare.

A central part of the announcement is a new detection pipeline combining a Graph Neural Network (GNN) with a Large Language Model (LLM). Cloudflare says the GNN analyses the Abstract Syntax Tree of JavaScript code to identify malicious intent even when scripts are minified or obfuscated. Scripts flagged as suspicious are then passed to an open-source LLM running on Workers AI for a second-stage semantic assessment intended to reduce false positives.

Cloudflare says the GNN is tuned for high recall to identify novel and zero-day threats, but that false alarms remain a challenge at internet scale. Internal evaluation results cited by the company show that the secondary LLM layer reduced false positives in the JS Integrity threat category by nearly three times across the total analysed traffic, lowering the rate from about 0.3% to about 0.1%. On unique scripts, Cloudflare says the false-positive rate fell from about 1.39% to 0.007%.

The company also describes a recent case involving a heavily obfuscated malicious script named core.js. According to Cloudflare, the payload targeted Xiaomi OpenWrt-based home routers, altered DNS settings, and attempted to change admin passwords. Cloudflare says the script was injected through compromised browser extensions rather than by directly compromising a website, and adds that its GNN detected the malicious structure while the LLM confirmed the intent.

Cloudflare argues that the two-stage design provides structural detection via the GNN and broader semantic filtering via the LLM, enabling the company to lower the GNN decision threshold without sharply increasing alert volume. Every script flagged by the GNN is also logged to Cloudflare R2 for later auditing, which the company says helps it review cases where the LLM overrode the initial verdict.

Domain-based threat intelligence is now being made available to all Client-Side Security customers, including those not using the Advanced tier. Cloudflare says the move is partly a response to attacks seen in 2025 against smaller online shops, especially on Magento, where client-side compromises continued for days or weeks after public disclosure. By extending domain-based signals more broadly, the company says site owners can more quickly identify malicious JavaScript or suspicious connections and investigate possible compromises.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Funding boost for UK cities innovation sector

The UK government has pledged up to £20 million to boost the creative technology sector in the Tay Cities Region. The investment aims to support innovation in areas such as video games and virtual reality while driving economic growth.

Funding will help develop local talent and accelerate projects from early research to commercial products. The initiative focuses on strengthening collaboration between businesses, researchers and public bodies to expand opportunities across the region.

Centred around Dundee and the surrounding areas, the programme will build on an established reputation in digital industries. Universities and industry partners are expected to play a key role in delivering research, training and access to investment networks.

UK officials say the move will create jobs and open new markets, while supporting emerging applications in sectors including healthcare and education. The funding forms part of a wider national strategy to strengthen innovation and regional economies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Technology reshapes pensions engagement

New technology is reshaping how people engage with pensions, according to Financial Conduct Authority chief executive Nikhil Rathi. Speaking in London, he highlighted the growing role of AI and digital tools in helping savers better understand their retirement finances.

Pensions dashboards are expected to give millions a clearer view of their savings, potentially driving greater engagement and behavioural change. Increased visibility may encourage actions such as consolidating pension pots or adjusting contributions.

London officials warn that stronger engagement brings risks as well as opportunities, with many consumers still lacking clear retirement plans. Policymakers aim to balance protection with flexibility, promoting informed decisions while avoiding overly restrictive systems.

Advances in AI are also enabling more personalised financial guidance, making it easier for users to explore retirement scenarios. Experts say the future of pensions will depend on integrating savings, housing and wider financial planning into a more connected system.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Italy fines major bank over data protection failures

The Italian Data Protection Authority has imposed a €31.8 million fine on Intesa Sanpaolo following serious shortcomings in its handling of personal data.

The case stems from unauthorised access by an employee to thousands of customer accounts, raising concerns about internal oversight and data protection safeguards.

Investigations revealed that monitoring systems failed to detect repeated unjustified access to sensitive financial information over an extended period. The breach also involved high-risk individuals, highlighting weaknesses in risk-based controls instead of robust, targeted protection measures.

Authorities in Italy identified violations of core data protection principles, including integrity, confidentiality and accountability. Additional concerns arose from delays in notifying both regulators and affected individuals, limiting the ability to respond effectively to the incident.

The case of Intesa Sanpaolo underscores increasing regulatory scrutiny of data governance practices in the financial sector. Strengthening internal controls and ensuring timely breach reporting remain essential for maintaining trust and compliance in data-driven banking environments.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK-Philippines partnership advances digital education and EdTech

The British Embassy in Manila and the Philippines’ Department of Education have expanded cooperation to advance EdTech and digital learning, focusing on inclusive and evidence-based approaches instead of fragmented implementation.

A partnership that aims to strengthen foundational learning while supporting long-term resilience in the education system.

Support is being delivered through EdTech Hub, with initiatives centred on developing a National EdTech Policy, improving responses to climate-related disruptions, and expanding the use of AI in education administration.

The programme includes pilot projects and evaluation frameworks designed to ensure technology adoption remains effective, scalable, and responsive to local needs.

A key component involves participation in global AI initiatives, including an observatory and challenge programme to build institutional capacity and encourage experimentation.

These efforts seek to enhance efficiency in education systems while supporting innovation in teaching and learning environments, particularly in areas affected by environmental and structural challenges.

The collaboration between the UK and the Philippines reflects a broader commitment to digital transformation in education across Southeast Asia, aiming to ensure equitable access to learning opportunities.

By combining research, policy development, and technological innovation, both sides seek to prepare students and institutions for evolving demands while maintaining a focus on inclusion and long-term sustainability.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Brazil study maps age assurance practices across 25 digital services

A new study by CGI.br and NIC.br examines how digital services in Brazil implement age assurance measures. Presented in Brasília during an event on the Digital Child and Adolescent Statute (ECA Digital), the study reviewed 25 popular online services used by children and adolescents.

The study found that most of the services analysed do not apply age checks at the point of registration, including some platforms aimed at adults. According to the release, age assurance usually appears later, when users try to access specific features such as livestreaming or monetisation.

Titled ‘Age assurance practices in 25 digital services used by children in Brazil’, the study analysed governance documents published before the ECA Digital entered into force. From 18 March, the law requires information-society services aimed at children and adolescents in Brazil, or likely to be accessed by them, to adopt effective age-assurance measures and parental supervision.

The study found that 11 of the 25 platforms relied on third-party age-assurance services, particularly social media and generative AI platforms. Official identity document submission was the most common verification method, while selfie-based checks were the most common age-estimation tool. Differences were also found between the minimum ages stated by services and those listed in app stores, and some adult-oriented platforms could still be accessed by younger users with parental consent.

Parental supervision tools were available in 15 of the 25 services, but activation was usually optional and depended on parents or guardians. Transparency also emerged as a weakness: only six services published Brazil-specific reports, and only one explained how its minimum-age policy was applied. Policies were often spread across multiple pages, averaging 22 pages per service, and around 40% of the services provided related information in other languages.

Fábio Senne, General Research Coordinator at Cetic.br | NIC.br, said: ‘One of the study’s central aims was to verify the integrity of the information made available by digital services in Brazil. It is essential that data on age protection be communicated clearly and accessibly, allowing more informed and effective parental supervision.’

Juliana Cunha, manager of the Digital Public Policy Advisory Office at CGI.br | NIC.br, said: ‘This survey was developed to support the debate on implementation of the ECA Digital and to offer a clear understanding of the current landscape. This initiative forms part of a broader set of actions by CGI.br and NIC.br aimed at providing technical evidence to support effective enforcement of the law. Our commitment is to foster a safer and more responsible digital ecosystem for children and adolescents in Brazil.’

The release says the study used as a methodological reference the OECD technical paper ‘Age assurance practices of 50 online services used by children’, published in 2025. Information was collected between 10 and 30 January 2026 from public documents made available by the services in Brazil, totalling 550 pages analysed. The event also marked the launch of TIC Kids Online Brazil 2025, a publication on internet use by children and adolescents aged 9 to 17 in Brazil.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ILO and World Bank paper says GenAI may deepen labour-market divides

A joint working paper by the International Labour Organization (ILO) and the World Bank says generative AI is likely to reshape labour markets globally, but not in the same way across countries.

The paper finds that advanced economies face greater overall exposure, while developing economies may see disruption arrive faster than productivity gains due to weaker digital infrastructure and differences in how work is organised.

Prepared as a background study for the World Development Report 2026, the paper examines labour-market exposure to GenAI across 135 countries, covering about two-thirds of global employment. According to the study, digital infrastructure and job-task composition are among the main factors shaping the distribution of risks and opportunities between advanced and developing economies.

Exposure is highest in advanced economies, especially in clerical and professional occupations. Lower-income countries are less exposed overall, but the paper says structural constraints reduce their ability to benefit from the technology. A central concern is that workers in jobs vulnerable to automation are often already online, even in poorer settings, meaning displacement could happen relatively quickly.

The paper also says many of the jobs most exposed to automation in developing economies are relatively higher-quality roles, including clerical and administrative work that has often provided a route into decent employment, especially for women and young workers. AI-driven automation, the study warns, could narrow those pathways.

Potential gains are also uneven. Many workers in jobs that could benefit from GenAI lack reliable internet access in lower-income settings. The paper adds that the same occupation title can involve different tasks depending on the country, with workers in poorer economies often carrying out fewer non-routine analytical tasks, relying less on computers, and doing more routine or manual work. Such differences reduce the scope for productivity gains from GenAI deployment.

ILO and the World Bank conclude in the paper that GenAI’s labour-market effects will depend not only on the technology itself, but also on digital connectivity, skills, task organisation, labour-market institutions, and social protection. Expanded digital access, stronger skills policies, and better labour protections are presented as necessary if the gains from GenAI are to be shared more broadly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

South Korea sets ambition to become AI leader

South Korea has unveiled a national strategy to become one of the world’s top three AI powers by 2028. The plan combines investment in digital infrastructure, data systems and next-generation connectivity.

Authorities aim to expand networks by advancing 5G capabilities and preparing for the commercial deployment of 6G by 2030. Cybersecurity and data integration are also key priorities to support a stronger digital ecosystem.

The strategy includes developing talent across education levels and investing in core technologies such as semiconductors and quantum computing. AI adoption is expected to expand across sectors, including manufacturing, healthcare and agriculture.

The South Korean officials also plan to promote digital inclusion through learning centres and assistive technologies. Coordination between ministries will be strengthened to ensure effective delivery of the long-term roadmap.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft expands cloud footprint in Denmark

Microsoft has opened a new data centre region in Denmark, marking a major investment in cloud infrastructure and digital resilience. The Denmark East region spans multiple sites and aims to support secure, local data processing.

The project is expected to boost economic activity, with billions of dollars in projected spending and strong spillover effects for local technology firms. Organisations adopting cloud services are likely to rely on domestic partners across IT, cybersecurity, and software development.

Businesses and public sector users will gain access to advanced cloud and AI tools, alongside improved data sovereignty under the EU rules. Local data storage and low-latency services are designed to strengthen compliance and operational efficiency.

Sustainability also plays a central role, with renewable energy use, zero-water-cooling systems, and waste-heat recovery supporting local Danish communities. Broader ambitions include reinforcing digital sovereignty while enabling innovation across industries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Boston schools expand AI learning initiative

A new partnership led by the City of Boston aims to expand AI literacy across public schools, supported by funding from tech entrepreneur Paul English. The initiative brings together government, academia and industry to strengthen digital skills.

The programme will introduce AI-focused learning in high schools, alongside teacher training and the development of industry-informed curricula. Plans include creating student ambassador roles and offering access to advanced courses.

University of Massachusetts Boston in the US will help design educational content and provide resources through its applied AI institute. The collaboration aims to prepare students for changing job markets shaped by emerging technologies.

Officials say the effort will support responsible and ethical use of AI while opening career pathways. An advisory board of industry experts will guide the programme and connect schools with the wider technology sector.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.