Network security

Ofcom report highlights growing AI use among UK children online

The UK’s Ofcom has released new research indicating that children in the UK are using digital devices and online services at increasingly younger ages.

According to Ofcom’s Children’s Online Experiences report, screen use begins early in childhood, and smartphone ownership increases significantly during secondary school years. The report found that teenagers aged 15 to 17 spend a substantial amount of time online each week.

The report also noted declining use of traditional media formats such as live television, radio, and print among younger audiences. Live television, radio, and print media were described as increasingly absent from children’s routines, with social media, messaging platforms, and gaming dominating digital engagement.

Ofcom also warned that exposure to harmful content remains a significant issue despite the introduction of new online safety rules. Ofcom said many children reported exposure to harmful online content, including material surfaced through recommendation systems and personalised feeds.

The report also highlighted growing use of AI tools among children and teenagers. More than half of UK children aged 8 to 17 said they use AI tools, with some teenagers increasingly relying on AI systems for learning, creativity, communication, and companionship. Researchers said some children found it difficult to distinguish between AI-generated and human-created content.

The report suggested that passive content consumption plays an increasingly significant role in children’s online activity. Most younger users primarily scroll, watch, follow, or like content instead of actively creating or sharing material themselves.

Gaming remained one of the most important online social environments for children, with many users interacting regularly with people they had only met online through multiplayer gaming communities and communication platforms.

Why does it matter?

Ofcom’s findings highlight growing concerns surrounding children’s digital well-being, algorithmic exposure, AI literacy, and online safety regulation. Policymakers and regulators increasingly face pressure to address how recommendation systems, generative AI, and social platforms shape behaviour, attention, and trust among younger audiences.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Europol dismantles cybercriminal VPN linked to ransomware investigations

Europol has announced that international law enforcement agencies dismantled the cybercriminal VPN platform known as First VPN during a coordinated operation targeting ransomware infrastructure and wider cybercrime networks.

The operation, led by authorities in France and the Netherlands with support from Eurojust, targeted infrastructure allegedly used by cybercriminals to conceal ransomware attacks, fraud, data theft and other illegal online activities.

Europol described the service as deeply embedded in the cybercrime ecosystem and said it had featured in almost every major Europol-supported cybercrime investigation over the past few years. The platform was allegedly promoted as an anonymity service for criminal use, offering anonymous payments, concealed infrastructure and tools intended to help users evade law enforcement detection.

Coordinated action days took place on 19 and 20 May, during which authorities dismantled 33 servers connected to the service and shut down associated domain names. Investigators also interviewed the alleged administrator in Ukraine and carried out a residential search linked to the operation.

According to Europol, investigators gained access to the platform’s infrastructure and user database during the investigation, which began in December 2021. The agency said the data helped identify users allegedly connected to ransomware campaigns, fraud schemes and other cybercrime operations across several jurisdictions.

Intelligence generated through the operation led to 83 intelligence packages being distributed internationally, information linked to 506 users being shared with partner agencies, and 21 Europol-supported investigations advancing through newly obtained evidence.

The operation also received support from cybersecurity company Bitdefender, while a joint investigation team coordinated by Eurojust facilitated judicial cooperation and evidence sharing among participating countries.

Why does it matter?

The takedown shows how law enforcement is increasingly targeting the infrastructure that enables cybercrime, not only the attackers themselves. VPN services marketed for criminal use can help ransomware actors and fraud networks hide their identity, route attacks and evade detection. By dismantling First VPN and obtaining user data, investigators can disrupt multiple cybercrime operations at once and strengthen ongoing ransomware investigations.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK government launches cyber resilience measures amid AI-related risks

The UK Department for Science, Innovation and Technology has warned that cyber threats are becoming more frequent and complex, with AI contributing to faster and more scalable attacks. Digital Minister Baroness Lloyd of Effra said cyber resilience is increasingly important for national security and economic stability.

According to the government’s Cyber Security Breaches Survey, 43% of businesses reported experiencing a cyber breach or attack during the past year. The minister said AI tools are making some cyber capabilities more accessible by automating tasks such as vulnerability detection and reconnaissance.

The government also encouraged technology providers to adopt a ‘secure by design’ approach and referred to existing cybersecurity guidance frameworks.

The Department additionally announced a £90 million cyber resilience fund intended to support businesses, including SMEs and NHS suppliers. The government said a broader National Cyber Action Plan is expected later this summer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australia’s regulator targets AI-nudify platform over child safety and deepfake risks

Australia’s eSafety Commissioner has begun enforcement action against another AI-powered ‘nudify’ service accused of failing to protect children from exposure to sexually explicit deepfake images.

The regulator issued a formal Direction to Comply to one of the most visited nudify services in Australia, giving the provider 14 days to implement stronger protections preventing children from accessing the platform. eSafety said the service allows users to upload images of real people and generate sexually explicit deepfake content on demand.

The regulator warned that such technologies can facilitate non-consensual exploitation, cyberbullying, sexual extortion, image-based sexual abuse, misogynistic harassment and exploitation of minors. The service had attracted nearly 40,000 Australian visits per month as of March 2026, following a sharp increase in traffic over the previous six months.

The enforcement action was taken under Australia’s Age-Restricted Material Codes, which came into force in March 2026. The codes are designed to prevent children from accessing or being exposed to age-restricted material, including pornography, high-impact violence, self-harm, suicide or disordered eating content.

eSafety said the Argentina-based provider failed to respond to earlier engagement after the codes took effect and had not committed to improving protections for children. The regulator chose not to name the service to avoid inadvertently promoting it.

If the service does not meet the requirements within the 14-day timeframe, eSafety may pursue further action, including civil penalties of up to AU$49.5 million and delisting notices to search engine providers that help facilitate access to the site.

The action follows earlier enforcement in late 2025 that led three widely used nudify services, which had reportedly been used to generate child sexual exploitation material in schools, to withdraw from Australia. Those services have since relaunched under new ownership with additional safety measures, including mandatory age assurance.

Why does it matter?

The case shows how online safety regulators are beginning to apply age-assurance and child protection rules directly to generative AI services. Nudify platforms are treated as high-risk because they can enable non-consensual sexualised deepfakes, image-based abuse and exploitation involving minors at scale. Australia’s enforcement approach also signals that regulators may target foreign-based AI services when they are accessible to local users and fail to implement safeguards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

eSafety Commissioner and Sport Integrity Australia focus on online harms in sport

Australia’s eSafety Commissioner and Sport Integrity Australia have launched a joint initiative focused on online safety in sport.

The Online Safety in Sport Summit brought together representatives from sporting organisations, government agencies, researchers, law enforcement, and technology companies. The discussions focused on cyberbullying, online harassment, and harmful digital behaviour affecting athletes and sporting communities.

During the summit, Australia’s eSafety Commissioner Julie Inman Grant said harmful behaviour linked to sport increasingly occurs across social media, messaging applications, and online communities.

Research presented during the summit, titled ‘The Digital Sideline’, found that nearly one in five children participating in organised sport reported experiencing cyberbullying related to sporting activities.

Officials in Australia said that many reported online harms involved peers, including teammates and competitors, and occurred through private messages and group chats.

Participants highlighted the importance of prevention measures, early intervention, and cooperation between sporting organisations, regulators, and technology companies.

Why does it matter?

Online abuse within sport is becoming an increasingly significant policy and governance issue as digital platforms reshape athlete visibility, fan interaction, and youth participation. Cyberbullying, online harassment, and hate speech can affect mental health, athlete safety, participation rates, and broader social cohesion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI expands verification tools as AI slop blurs digital trust

OpenAI has announced new measures to strengthen the provenance and verification of AI-generated content as synthetic media becomes more widespread across digital platforms.

The company said it is expanding support for Content Credentials and compliance with the Coalition for Content Provenance and Authenticity (C2PA) standard. The standard uses metadata and cryptographic signatures to help ensure that information about a piece of media travels securely with the content, including details on where it came from and how it may have been created or edited.

OpenAI also plans to integrate Google DeepMind’s SynthID watermarking into images generated through ChatGPT, Codex and the OpenAI API. The company said SynthID will add an invisible watermarking layer that complements C2PA metadata, particularly when metadata is removed, lost, or altered during file conversions, resizing, screenshots, or other transformations.

The company said it is adopting a multi-layered provenance approach that combines metadata, watermarking and public verification tools rather than relying on a single detection method. According to OpenAI, C2PA can provide richer contextual information, while SynthID can help preserve a signal when metadata does not survive.

The move also connects to wider concerns about AI slop, as synthetic media and low-quality AI-generated content become harder to distinguish from authentic images. Provenance tools cannot solve the problem alone, but they can provide clearer signals about how digital media was created or modified.

OpenAI also previewed a public verification tool that will allow users to check whether ChatGPT, Codex or the OpenAI API generated an uploaded image. The tool will look for provenance signals, including Content Credentials and SynthID watermarks. Still, OpenAI said it will not make a definitive judgement when no signal is detected, because provenance signals can sometimes be removed.

At launch, the verification tool is limited to OpenAI-generated content. The company said it aims to support wider cross-platform verification efforts in the coming months and eventually expand support to more types of online content.

Why does it matter?

AI-generated content is becoming harder to distinguish from authentic media, fuelling concerns around AI slop, deepfakes and manipulated information. Provenance systems such as Content Credentials, watermarking and verification tools can help people understand where media came from and whether it was generated or modified by AI. However, OpenAI’s approach also shows the limits of technical detection: metadata can be stripped, watermarks may not survive every transformation, and no single method can provide complete certainty.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK authorities issue guidance on frontier AI cyber risks in finance

The Bank of England, the Financial Conduct Authority (FCA), and HM Treasury published a joint statement on cybersecurity and operational resilience risks linked to frontier AI models.

According to the statement, current frontier AI models can perform certain cyber-related tasks at high speed and scale, potentially increasing operational and security risks if misused.

UK authorities said regulated firms should strengthen governance, vulnerability management, third-party risk oversight, and recovery capabilities. The statement also referred to the use of automated and AI-supported defensive measures in cybersecurity operations.

The guidance highlighted risks associated with third-party services, open-source software, and legacy systems. According to the statement, boards and senior management should maintain awareness of frontier AI-related operational and cyber risks.

The authorities said they will continue monitoring frontier AI developments and engage with industry through the Cross Market Operational Resilience Group (CMORG). The statement also references guidance published by the UK National Cyber Security Centre (NCSC) on vulnerability management and AI-related cyber risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WEF highlights cybersecurity as a strategic economic priority in the AI era

The World Economic Forum said cybersecurity is rapidly evolving into a strategic economic and national security priority as AI systems, geopolitical tensions, and increasingly interconnected digital ecosystems reshape global cyber risks.

During the Annual Meeting on Cybersecurity 2026 held in Geneva, participants discussed how cyber threats are increasingly affecting economic activity, supply chains, financial systems, and critical infrastructure.

The forum said large-scale cyber incidents can disrupt national economies and critical infrastructure. The report referenced a major 2025 cyberattack that disrupted UK automotive production and reportedly contributed to weaker GDP growth, with estimated economic losses reaching approximately £1.9 billion.

WEF argued that organisations are increasingly abandoning compliance-driven cybersecurity models in favour of measurable resilience strategies focused on rapid recovery, operational continuity, incident response readiness, and stronger governance structures.

AI featured heavily throughout the discussions. The forum warned that attackers are using AI almost universally, allowing cyber operations to become faster, more autonomous, and more scalable. Leaders also highlighted emerging risks linked to agentic AI systems, software supply chain vulnerabilities, and quantum computing developments.

Participants stressed that cyber resilience now requires far broader coordination between governments, regulators, businesses, insurers, and infrastructure operators. Public-private cooperation, information-sharing systems, interoperable intelligence frameworks, and cross-border regulatory coordination were described as increasingly necessary to manage systemic cyber risks.

The discussions also focused on cyber-enabled fraud, scams, and online criminal operations that increasingly target both institutions and ordinary citizens across digital ecosystems. Experts argued that cybersecurity strategies must combine technological protection, digital literacy, public awareness, and platform-level safeguards instead of relying solely on reactive responses.

WEF concluded that cybersecurity is becoming inseparable from economic security and strategic stability in the AI era, with future resilience depending heavily on how effectively governments and industries align incentives, quantify cyber risk, and strengthen cooperation across interconnected systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK’s Ofcom accepts X commitments on illegal hate and terror content moderation

Ofcom has accepted a series of public commitments from X aimed at strengthening protections for UK users against illegal hate speech and terrorist content under the Online Safety Act framework.

Under the commitments, X will review suspected illegal terrorist and hate content reported through its dedicated UK illegal content reporting tool within an average of 24 hours. As a backstop, the platform will review at least 85% of such reports within 48 hours. Ofcom said the targets, if met, would give UK users some of the strongest protections on X globally.

X is also committed to engaging external experts on reporting systems for illegal hate and terror content, following concerns from organisations that reports submitted to the platform were not always clearly acknowledged or acted on. The company also said it would withhold access to accounts reported for posting illegal terrorist content in the UK if it determines they are operated by or on behalf of a terrorist organisation proscribed in the UK.

Ofcom said X will submit quarterly performance data over the next 12 months so the regulator can monitor whether the platform is meeting its commitments. The regulator added that its broader compliance programme examining how major social media services handle illegal hate and terrorist material remains ongoing.

The announcement comes amid wider scrutiny of illegal hate content on major social media platforms. Ofcom said evidence gathered from civil society and expert organisations, including the Antisemitism Policy Trust, Tech Against Terrorism and Tell MAMA, indicates that such content persists on some of the largest social media sites.

Ofcom also noted that its investigation into X’s Grok remains ongoing, focusing on the company’s compliance with duties to deal with illegal content and the systems it has in place to do so.

Why does it matter?

The commitments show how the UK’s Online Safety Act is beginning to translate into concrete performance expectations for major platforms. Review-time targets, expert engagement and regular reporting to Ofcom could make illegal hate and terrorist content moderation more measurable. Still, the wider test will be whether X delivers these protections in practice and whether similar pressure is applied across other large platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.