Internet of things

Shadow AI becomes a new governance challenge for European organisations

Employees are adopting generative tools at work faster than organisations can approve or secure them, giving rise to what is increasingly described as ‘shadow AI‘. Unlike earlier forms of shadow IT, these tools can transform data, infer sensitive insights, and trigger automated actions beyond established controls.

For European organisations, the issue is no longer whether AI should be used, but how to regain visibility and control without undermining productivity, as shadow AI increasingly appears inside approved platforms, browser extensions, and developer tools, expanding risks beyond data leakage.

Security experts warn that blanket bans often push AI use further underground, reducing transparency and trust. Instead, guidance from EU cybersecurity bodies increasingly promotes responsible enablement through clear policies, staff awareness, and targeted technical controls.

Key mitigation measures include mapping AI use across approved and informal tools, defining safe prompt data, and offering sanctioned alternatives, with logging, least-privilege access, and approval steps becoming essential as AI acts across workflows.

With the EU AI Act introducing clearer accountability across the AI value chain, unmanaged shadow AI is also emerging as a compliance risk. As AI becomes embedded across enterprise software, organisations face growing pressure to make safe use the default rather than the exception.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Global leaders turn to AI adoption as Davos priorities evolve

AI dominated this year’s World Economic Forum, with debate shifting from experimentation to execution. Leaders focused on scaling AI adoption, delivering economic impact, and ensuring benefits extend beyond a small group of advanced economies and firms.

Concerns centred on the risk that AI could deepen global inequality if access to computing, data, power, and financing remains uneven. Without affordable deployment in health, education, and public services, support for AI’s rising energy and infrastructure demands could erode quickly.

Geopolitics has become inseparable from AI adoption. Trade restrictions, export controls, and diverging regulatory models are reshaping access to semiconductors, data centres, and critical minerals, making sovereignty and partnerships as important as innovation.

For developing economies, widespread AI adoption is now a development priority rather than a technological luxury. Blended finance and targeted investment are increasingly seen as essential to fund infrastructure and direct AI toward productivity, resilience, and inclusion.

Discussions under the ‘Blue Davos‘ theme highlighted how AI is embedded in physical and environmental systems, from energy grids to oceans. Choices on governance, financing, and deployment will shape whether AI supports sustainable development or widens existing divides.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Fake DeepSeek and ChatGPT services draw penalties in China

China’s market regulator has fined several companies for impersonating AI services such as DeepSeek and OpenAI’s ChatGPT, citing unfair competition and consumer fraud. The cases form part of a broader crackdown on deceptive practices in the country’s rapidly expanding AI sector.

The State Administration for Market Regulation penalised Shanghai Shangyun Internet Technology for running a fraudulent ChatGPT service on Tencent’s WeChat platform. Regulators said the service falsely presented itself as an official Chinese version of ChatGPT and charged users for AI conversations.

In a separate case, Hangzhou Boheng Culture Media was fined for operating an unauthorised website offering so-called ‘DeepSeek local deployment’. The site closely replicated DeepSeek’s branding and interface, misleading users into paying for imitation services.

Authorities said knock-off DeepSeek mini-programmes and websites surged in early 2025, involving trademark infringement, brand confusion, and false advertising. Regulators described the enforcement actions as a deterrent aimed at restoring order in the AI marketplace.

The regulator also disclosed penalties in other AI-related cases, including unauthorised access to proprietary algorithms and the use of AI calling software for scams. China is simultaneously updating antitrust rules to address emerging risks linked to algorithm-driven market manipulation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Cyber Startup Programme unveiled as Infosecurity Europe boosts early innovation

Infosecurity Europe has launched a new Cyber Startup Programme to support early-stage cybersecurity innovation and strengthen ecosystem resilience. The initiative will debut at Infosecurity Europe 2026, offering founders and investors a dedicated experience focused on emerging technologies and growth.

The programme centres on a new Cyber Startups Zone, an exhibition area showcasing young companies and novel security solutions. Founders will gain industry visibility, along with tailored ticket access and curated networking.

Delivery will take place in partnership with UK Cyber Flywheel, featuring a dedicated founder- and investor-focused day on Tuesday 2 June. Sessions will cover scaling strategies, go-to-market planning, funding, and live pitching opportunities.

Infosecurity Europe will also introduce the Cyber Startup Award 2026, recognising early-stage firms with live products and growth potential. Finalists will pitch on stage, with winners receiving exhibition space, PR support, and a future-brand workshop.

Alongside the programme, the Cyber Innovation Zone, delivered with the UK Department for Science, Innovation and Technology, will spotlight innovative UK cybersecurity businesses and emerging technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Social engineering breach exposes 1.4 million Betterment customer records

Betterment has confirmed a data breach affecting around 1.4 million customers after a January 2026 social engineering attack on a third-party platform. Attackers used the access to send fraudulent crypto scam messages posing as official promotions.

The breach occurred after an employee was tricked into sharing login credentials, allowing unauthorised access to internal messaging systems rather than core investment infrastructure. Attackers used the access to send messages promising to multiply cryptocurrency deposits sent to external wallets.

Subsequent forensic analysis and breach monitoring services confirmed that more than 1.4 million unique records were exposed. Betterment said investment accounts and login credentials were not compromised during the incident.

Exposed information included names, email addresses, phone numbers, physical addresses, dates of birth, job titles, location data, and device metadata. Security experts warn that such datasets can enable targeted phishing, identity fraud, and follow-on social engineering campaigns.

Betterment revoked access the same day, notified customers, and launched an external investigation. The breach was formally added to public exposure databases in early February, highlighting the growing risk of human-focused attacks against financial platforms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

User emails and phone numbers leaked in Substack security incident

Substack confirmed a data breach that exposed user email addresses and phone numbers. The company said passwords and financial information were not affected. The incident occurred in October and was later investigated.

Chief executive Chris Best told users the vulnerability was identified in February and has since been fixed, with an internal investigation now underway. The company has not disclosed the technical cause of the breach or why the intrusion went undetected for several months.

Substack also did not confirm how many users were affected or provide evidence showing whether the exposed data has been misused. Users were advised to remain cautious about unexpected emails and text messages following the incident.

The breach was first reported by TechCrunch, which said the company declined to provide further operational details. Questions remain around potential ransom demands or broader system access.

Substack reports more than 50 million active subscriptions, including 5 million paid users, and raised $100 million in Series C funding in 2025, led by BOND and The Chernin Group, with participation from Andreessen Horowitz and other investors.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New multi-stage scams use PDF files to harvest corporate credentials

Phishing continues to succeed despite increasingly sophisticated AI-driven threats, with attackers relying on familiar tools such as PDFs and cloud services. Researchers have identified a new campaign using legitimate-looking documents to redirect victims to credential-harvesting pages impersonating Dropbox.

The attack starts with professional emails framed as procurement or tender requests. When recipients open the attached PDF, they are quietly redirected through trusted cloud infrastructure before reaching a fake Dropbox login page designed to steal corporate credentials.

Each stage appears legitimate in isolation, allowing the campaign to bypass standard filters and authentication checks. Business-style language, reputable hosting platforms, and realistic branding reduce suspicion while exploiting everyday workplace routines.

Security specialists warn that long-standing trust in PDFs and mainstream cloud services has lowered user vigilance. Employees have been conditioned to view these formats as safe, creating opportunities for attackers to weaponise familiar business tools.

Experts say phishing awareness must evolve beyond basic link warnings to reflect modern multi-stage attacks. Alongside training, layered defences such as multi-factor authentication and anomaly detection remain essential for limiting damage.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

User activity stabilises as TikTok recovers from transition disruption

TikTok has largely recovered from a brief decline in daily active users following its US ownership change, when a group of American investors assumed control of domestic operations. Usage fell temporarily as uncertainty spread among users. Competing video apps saw short-term gains during the disruption.

Data from Similarweb shows TikTok’s US daily active users dropped to between 86 and 88 million after the transition, compared with a typical average of around 92 million. Activity has since rebounded to more than 90 million. Many users who experimented with alternatives have returned.

Platforms rivalling TikTok, including UpScrolled and Skylight Social, experienced rapid but limited growth. UpScrolled peaked at 138,500 daily users before falling back to roughly 68,000. Skylight Social reached 81,200 daily users, then declined to around 56,300.

User concerns were driven less by ownership itself and more by fears around platform changes. An updated privacy policy allowing precise GPS tracking triggered backlash, alongside confusion over language referencing sensitive personal data. Some interpreted the changes as increased surveillance.

A multi-day data centre outage disrupted search, likes, and in-app messaging, resulting in user frustration. Some users attributed the glitches to possible censorship or platform instability. Once services were restored, activity stabilised, and concerns eased.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hybrid offices evolve as Zoom Spaces introduces agentic AI tools

Zoom is repositioning hybrid offices as intelligent work environments through Zoom Spaces, its AI-first workplace platform for collaboration and space management that gives IT teams centralised oversight while providing employees with consistent tools for meetings, scheduling, and in-office coordination.

New agentic AI features extend Zoom Spaces beyond room booking into proactive workplace assistance. Workspace Reservation now recommends optimal meeting spaces during overlaps, while upcoming voice commands for Zoom Rooms will enable hands-free meeting control and task capture.

Zoom says intelligent offices reduce friction caused by inconsistent technology, double bookings, and disconnected tools. By unifying scheduling and collaboration experiences, the platform aims to streamline movement between remote and in-person work.

The company is also expanding its ecosystem, allowing organisations to run Zoom Meetings on Cisco Rooms and integrate professional production tools through partners such as Vizrt. The strategy focuses on flexibility while maintaining consistent user experiences.

Additional upgrades include premium media capabilities for high-frame-rate video and improved mobile Workspace Reservation features. Zoom says these enhancements position Zoom Spaces as a next-generation hybrid workplace platform built around adaptive AI collaboration.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI becomes optional in Firefox 148 as Mozilla launches new control system

Mozilla has confirmed that Firefox will include a built-in ‘AI kill switch‘ from version 148, allowing users to disable all AI features across the browser. The update follows earlier commitments that AI tools would remain optional as Firefox evolves into what the company describes as an AI-enabled browser.

The new controls will appear in the desktop release scheduled to begin rolling out on 24 February. A dedicated AI Controls section will allow users to turn off every AI feature at once or manage each tool individually, reflecting Mozilla’s aim to balance innovation with user choice.

At launch, Firefox 148 will introduce AI-powered translations, automatic alt text for images in PDFs, tab grouping suggestions, link previews, and an optional sidebar chatbot supporting services such as ChatGPT, Claude, Copilot, Gemini, and Le Chat Mistral.

All of these tools can be disabled through a single ‘Block AI enhancements’ toggle, which removes prompts and prevents new AI features from appearing. Mozilla has said preferences will remain in place across updates, with users able to adjust settings at any time.

The organisation said the approach is intended to give people full control over how AI appears in their browsing experience, while continuing development for those who choose to use it. Early access to the controls will also be available through Firefox Nightly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!