Users of popular AI chatbots are generating bikini deepfakes by manipulating photos of fully clothed women, often without consent. Online discussions show how generative AI tools can be misused to create sexually suggestive deepfakes from ordinary images, raising concerns about image-based abuse.
A now-deleted Reddit thread shared prompts for using Google’s Gemini to alter clothing in photographs. One post asked for a woman’s traditional dress to be changed to a bikini. Reddit removed the content and later banned the subreddit over deepfake-related harassment.
Researchers and digital rights advocates warn that nonconsensual deepfakes remain a persistent form of online harassment. Millions of users have visited AI-powered websites designed to undress people in photos. The trend reflects growing harm enabled by increasingly realistic image generation tools.
Most mainstream AI chatbots prohibit the creation of explicit images and apply safeguards to prevent abuse. However, recent advances in image-editing models have made it easier for users to bypass guardrails using simple prompts, according to limited testing and expert assessments.
Technology companies say their policies ban altering a person’s likeness without consent, with penalties including account suspensions. Legal experts argue that deepfakes involving sexualised imagery represent a core risk of generative AI and that accountability must extend to both users and platforms.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
AI-powered tools are adding new features to long-running Santa Tracker services used by families on Christmas Eve. Platforms run by NORAD and Google allow users to follow Father Christmas’s journey through their Santa Tracker tools, which also introduce interactive and personalised digital experiences.
NORAD’s Santa Tracker, first launched in 1955, now features games, videos, music, and stories in addition to its live tracking map. This year, the service introduced AI-powered features that generate elf-style avatars, create toy ideas, and produce personalised holiday stories for families.
The Santa Tracker presents Santa’s journey on a 3D globe built using open-source mapping technology and satellite imagery. Users can also watch short videos on Santa Cam, featuring Santa travelling to destinations around the world.
Google’s rendition offers similar features, including a live map, estimated arrival times, and interactive activities available throughout December. Santa’s Village includes games, animations, and beginner-friendly coding activities designed for children.
Google Assistant introduces a voice-based experience to its service, enabling users to ask about Santa’s location or receive updates from the North Pole. Both platforms aim to blend tradition with digital tools to create a seamless and engaging holiday experience.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
US insurance firm Aflac has confirmed that a cyberattack disclosed in June affected around 22.65 million people. The breach involved the theft of sensitive personal and health information; however, the company initially did not specify the number of individuals affected.
In filings with the Texas attorney general, Aflac said the compromised data includes names, dates of birth, home addresses, government-issued identification numbers, driving licence details, and Social Security numbers. Medical and health insurance information was also accessed during the incident.
A separate filing with the Iowa attorney general suggested the attackers may be linked to a known cybercriminal organisation. Federal law enforcement and external cybersecurity specialists indicated the group had been targeting the insurance sector more broadly.
Security researchers have linked a wave of recent insurance-sector breaches to Scattered Spider, a loosely organised group of predominantly young, English-speaking hackers. The timing and targeting of the Aflac incident align with the group’s activity.
The US company stated that it has begun notifying the affected individuals. The company, which reports having around 50 million customers, did not respond to requests for comment. Other insurers, including Erie Insurance and Philadelphia Insurance Companies, reported breaches during the same period.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
TikTok removed fake adverts for weight loss drugs after a company impersonating UK retailer Boots used AI-generated videos. The clips falsely showed healthcare professionals promoting prescription-only medicines.
Boots said it contacted TikTok after becoming aware of the misleading adverts circulating on the platform. TikTok confirmed the videos were removed for breaching its rules on deceptive and harmful advertising.
BBC reporting found the account was briefly able to repost the same videos before being taken down. The account appeared to be based in Hong Kong and directed users to a website selling the drugs.
UK health regulators warned that prescription-only weight loss medicines must only be supplied by registered pharmacies. TikTok stated that it continues to strengthen its detection systems and bans the promotion of controlled substances.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
ChatGPT Atlas has introduced an agent mode that allows an AI browser agent to view webpages and perform actions directly. The feature supports everyday workflows using the same context as a human user. Expanded capability also increases security exposure.
Prompt injection has emerged as a key threat to browser-based agents, targeting AI behaviour rather than software flaws. Malicious instructions embedded in content can redirect an agent from the user’s intended action. Successful attacks may trigger unauthorised actions.
To address the risk, OpenAI has deployed a security update to Atlas. The update includes an adversarially trained model and strengthened safeguards. It followed internal automated red teaming.
Automated red teaming uses reinforcement learning to train AI attackers that search for complex exploits. Simulations test how agents respond to injected prompts. Findings are used to harden models and system-level defences.
Prompt injection is expected to remain a long-term security challenge for AI agents. Continued investment in testing, training, and rapid mitigation aims to reduce real-world risk. The goal is to achieve reliable and secure AI assistance.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
AI is becoming central to Vietnam’s urban development as major cities adopt data-led systems. Leaders at the Vietnam–Asia Smart City Summit said AI now shapes planning, service delivery and daily operations nationwide.
Experts noted rising pressure on cities, with congestion, pollution and population growth driving demand for more innovative governance. AI is helping authorities shift towards proactive management, using forecasting tools, shared data platforms and real-time supervision.
Speakers highlighted deployments across transport control, environmental monitoring, disaster alerts and administrative oversight. Hanoi and Da Nang presented advanced models, with Da Nang recognised again for achievements in green development and digital operations.
Delegates agreed that long-term progress depends on strong data foundations, closer coordination and clear strategic roadmaps in Vietnam. Many stressed that technology must prioritise public benefit, with citizens placed at the centre of smart-city design.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
TikTok Shop has introduced digital gift cards as part of its wider push into e-commerce. Users can purchase cards for $10 to $500 and choose animated designs for occasions such as birthdays or weddings. Availability is currently limited to the United States.
Recipients must have a TikTok account to redeem a gift card, and the balance is added to their TikTok Wallet instantly. Users can reply with a thank-you message or send a gift card as a return gesture. The approach reinforces TikTok’s focus on social interaction alongside transactions.
The feature puts the digital shop in more direct competition with established e-commerce platforms such as Amazon and eBay, which have long offered digital gift cards. Moves into higher-end retail to broaden its ambitions. The social media powerhouse is positioning itself as a full-scale online marketplace.
Momentum has continued to build, with US sales exceeding $500 million during the Black Friday and Cyber Monday period. The results highlight rising consumer confidence in the platform’s ability to drive purchases. Engagement is increasingly translating into measurable commerce.
Further developments are planned, including video messages and an interactive unboxing experience, which are expected to be released in early 2026. Expansion continues despite uncertainty around the platform’s future in the US. Negotiations over a potential sale remain unresolved ahead of January 2026.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Cybersecurity researchers have identified a large Android-based botnet capable of more than distributed denial-of-service attacks, highlighting growing risks from compromised consumer devices. The botnet, dubbed Kimwolf, is estimated to control close to two million infected systems worldwide.
The findings come from QiAnXin XLab, which said Kimwolf has infected around 1.8 million devices, mainly smart TVs, set-top boxes and tablets. Most infections were observed in Brazil, India, the US, Argentina, South Africa and the Philippines.
XLab said the infection vector remains unclear, but affected devices were linked to low-cost Android-based brands used for media streaming. Researchers noted repeated attempts to disrupt the Kimwolf, with its command-and-control infrastructure taken down several times before re-emerging.
According to the report, Kimwolf has adapted by shifting to decentralised infrastructure, including the use of Ethereum Name Service domains. Analysts also identified overlaps in code and infrastructure with AISURU, a botnet linked to record-scale DDoS attacks.
Cloudflare recently described AISURU as one of the largest robot networks observed, capable of attacks exceeding 29 terabits per second. XLab said shared infrastructure suggests both botnets are operated by the same threat group.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Apple has announced changes to how iOS apps are distributed and monetised in Japan, bringing its platform into compliance with the country’s Mobile Software Competition Act. The updates introduce new options for alternative app marketplaces and payment methods for digital goods.
Under the revised framework, developers in Japan can distribute apps outside the App Store and offer alternative payment processing alongside the In-App Purchase. Apple said the changes aim to meet legal requirements while limiting new risks linked to fraud, malware, and data misuse.
Safeguards include app notarisation, authorisation rules for alternative marketplaces, and baseline security checks for all iOS apps. The measures are aimed at protecting users, including children, even as apps outside the App Store receive fewer protections.
Safeguards include app notarisation, authorisation rules for alternative marketplaces, and baseline security checks for all iOS apps. Apple said the measures aim to protect users, including children, even as apps outside the App Store receive fewer protections.
Additional controls are being rolled out with iOS 26.2, including browser and search engine choice screens, new default app settings, and expanded developer APIs. Apple said it will continue engaging with Japanese regulators as the new framework takes effect.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Russia has reported a sharp decline in cyber fraud following the introduction of new regulatory measures in 2025. Officials say legislative action targeting telephone and online scams has begun to deliver measurable results.
State Secretary and Deputy Minister of Digital Development Ivan Lebedev told the State Duma that crimes covered by the first package of reforms, known as ‘Cyberbez 1.0’, have fallen by 40%, according to confirmed statistics.
Earlier this year, Lebedev said Russia records roughly 677,000 cases of phone and online fraud annually, with incidents rising by more than 35% since 2022, highlighting the scale of the challenge faced by authorities.
In April, President Vladimir Putin signed a law introducing a range of countermeasures, including a state information system to combat fraud, limits on unsolicited marketing calls, stricter SIM card issuance rules, and new compliance obligations for banks.
Further steps are now under discussion. Officials say a second package is being prepared, while a third set of initiatives was announced in December as Russia continues to strengthen its digital security framework.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
