Network security

ITU Radiocommunication Bureau outlines key aspects future connectivity

ITU Radiocommunication Bureau has highlighted the critical role of radio-frequency spectrum in ensuring digital resilience, emphasising that reliable connectivity underpins essential services such as healthcare, transport and emergency communications.

According to the Bureau, resilience begins before disruption through coordinated spectrum management, international standards and regulatory frameworks. These systems enable wireless networks and satellite services to operate reliably and avoid harmful interference.

The organisation stressed that growing demand for connectivity, including 5G, satellite broadband and AI-enabled systems, increases pressure on spectrum resources. Technical standards and global coordination are therefore essential to maintain interoperability and support innovation.

ITU also pointed to the importance of satellite systems and early warning technologies in responding to climate risks and disasters. Future decisions at the World Radiocommunication Conference 2027 in China will further shape how resilient digital infrastructure develops globally.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google outlines AI-driven measures against online scams and fraud

Google has outlined new and existing measures to tackle online scams and fraud ahead of the second EMEA Anti-Scams and Fraud Summit, hosted by the Google Safety Engineering Centre in Zurich.

The company said the summit brings together representatives from governments, technology companies, consumer groups and academia to discuss collective responses to increasingly sophisticated scams. Google said its approach combines AI-driven protections across its products with wider cooperation involving industry and public authorities.

Google highlighted the use of AI-powered systems in services including Gmail, Chrome, Search, Ads and Phone by Google. The company said Gmail blocks more than 99.9% of spam, phishing and malware, while Search filters out hundreds of millions of spam-related pages daily. It also said its systems caught more than 99% of policy-violating ads before they reached users in 2025.

User-facing tools are also part of the company’s anti-scam strategy. Google pointed to Security Checkup, Passkeys, 2-Step Verification, Circle to Search and Google Lens as tools that can help users strengthen account protection and verify suspicious messages or content.

The company also highlighted public awareness and education initiatives, including Be Scam Ready, a game-based programme that uses simulated scam scenarios to help users recognise common tactics. Google said a previous Google.org commitment of $5 million is supporting anti-scam initiatives in Europe and the Middle East, including work by the Internet Society and Oxford Information Labs.

Google also referred to cooperation through the Global Signal Exchange, a threat-intelligence sharing platform for scams and fraud. As a founding partner, Google said it both contributes to and draws from the platform, which now stores more than 1.2 billion signals used to identify and disrupt criminal activity.

The company said it also works with law enforcement agencies, including the UK’s National Crime Agency, and participates in the Industry Accord Against Online Scams and Fraud. Google also pointed to legal actions against scam operations and botnets, including cases involving Lighthouse and BadBox.

Why does it matter?

Online scams are increasingly industrialised, cross-platform and supported by AI-enabled tactics, making them difficult to address through product-level security alone. Google’s approach shows how major technology companies are combining automated detection, user education, threat-intelligence sharing and law enforcement cooperation to respond to fraud. The wider policy issue is how much responsibility large platforms should bear for detecting and disrupting scams before they reach users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft MDASH agentic AI security system tops vulnerability discovery benchmarks

Microsoft has described a multi-model agentic AI security system, codenamed MDASH, designed to support vulnerability discovery and cybersecurity research across complex codebases.

According to Microsoft, the system helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including issues in the Windows TCP/IP stack, IKEv2 services, DNS handling and Netlogon processes. Several of the vulnerabilities were reachable over networks without authentication, the company said.

MDASH was developed by Microsoft’s Autonomous Code Security team and combines more than 100 specialised AI agents with an ensemble of frontier and distilled AI models. The system is structured as a multi-stage pipeline covering code preparation, scanning, validation, deduplication and proof generation.

The publication says the system identified remote code execution flaws, denial-of-service issues, information disclosure vulnerabilities and security feature bypasses. Microsoft also described the use of specialised auditor, debater and prover agents designed to analyse vulnerabilities across multiple files and code paths.

Microsoft said MDASH uses plugins and domain-specific knowledge to support validation and proof-of-concept generation, allowing security experts to add context that foundation models may not capture on their own.

The company also reported benchmark results from internal and public tests. It said MDASH identified all 21 deliberately inserted vulnerabilities in a private test driver with zero false positives in that run, achieved 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% in tcpip.sys, and scored 88.45% on the public CyberGym benchmark.

Microsoft said the system is already being used by its security engineering teams and is being tested with a small group of customers through a limited private preview.

Why does it matter?

MDASH shows how agentic AI is moving into high-value cybersecurity tasks such as vulnerability discovery, validation and proof generation. If systems like this can reliably reduce false positives and help researchers find exploitable flaws earlier, they could improve defensive security at scale. The same development also raises governance questions around access, oversight and dual-use risk, since tools capable of finding and proving vulnerabilities may be valuable to both defenders and attackers.

The company also discussed broader implications for AI-assisted cybersecurity operations, including the use of agentic AI systems for vulnerability discovery, validation, and remediation workflows. Microsoft stated that the system is currently being tested internally and through a limited private preview involving selected customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Poland launches campaign to boost business cybersecurity awareness

Poland’s Ministry of Digital Affairs has launched a campaign to encourage entrepreneurs and management teams to take a more active role in protecting their companies from cyber threats.

The campaign, titled ‘Build your company’s digital security click by click’, is aimed at businesses and senior decision-makers. The ministry says its main goal is to encourage firms to address cybersecurity at both organisational and operational levels.

The campaign stresses that cybersecurity is no longer solely the responsibility of IT departments but is a key part of responsible business management. The ministry points to growing risks such as phishing and ransomware as digital technology becomes central to company operations.

According to the ministry, effective cybersecurity depends on three pillars: knowledge, processes and people. The campaign encourages firms to analyse risks, develop incident response procedures, train employees regularly and use official guidance available through cyber.gov.pl.

A separate focus is placed on medium-sized and large companies subject to requirements under Poland’s national cybersecurity system. The ministry says firms in key sectors should understand obligations related to risk management, incident reporting and the protection of information systems.

The campaign also calls on company leaders to integrate cybersecurity into business strategy, including through security policies, investment in skills and the development of a culture of responsibility across organisations.

Why does it matter?

The campaign reflects a broader shift in cybersecurity policy from technical protection towards organisational responsibility. By targeting business leaders, Poland is emphasising that cyber resilience depends not only on tools, but also on governance, staff training, incident response and compliance with national cybersecurity obligations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

South Korea reviews AI cyber threat response

The Office of National Security of South Korea held a cybersecurity meeting to review how government agencies are responding to AI-driven cyber threats. The session focused on the growing risks posed by the misuse of advanced AI technologies.

Officials from multiple ministries attended, including science, defence and intelligence bodies, to coordinate responses. The government warned that AI-enabled hacking capabilities are becoming increasingly realistic as global technology companies release more advanced models.

Authorities have instructed relevant agencies to strengthen cooperation with businesses and institutions and distributed guidance on responding to AI-based security risks. Discussions also covered practical measures to support rapid responses to cybersecurity vulnerabilities across public and private sectors.

The government plans to establish a joint technical response team to improve information sharing and enable immediate action. Officials emphasised that while AI increases cyber risks, it also offers opportunities to strengthen security capabilities in South Korea.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Council of the EU extends cyber sanctions framework until 2027

The Council of the European Union has extended restrictive measures against individuals and entities involved in cyber-attacks threatening the EU and its member states until 18 May 2027. The legal framework behind the sanctions regime had already been extended until 18 May 2028.

The framework allows the EU to impose targeted sanctions on persons or entities involved in significant cyber-attacks that constitute an external threat to the Union or its member states. Measures can also be imposed in response to cyber-attacks against third countries or international organisations, where they support Common Foreign and Security Policy objectives.

Current listings under the regime apply to 19 individuals and seven entities. Sanctioned actors face asset freezes, while the EU citizens and companies are prohibited from making funds or economic resources available to them. Listed individuals are also subject to travel bans preventing them from entering or transiting through the EU territory.

The Council said the individual listings will continue to be reviewed every 12 months. It also said the measures are intended to deter malicious cyber activity and uphold the international rules-based order by ensuring accountability for those responsible.

The sanctions mechanism forms part of the EU’s broader cyber diplomacy toolbox, established in 2017 to strengthen coordinated diplomatic responses to malicious cyber activity. The Council said the EU and its member states would continue working with international partners to promote an open, free, stable and secure cyberspace.

Why does it matter?

The decision shows how cybersecurity has become part of the EU’s foreign policy and sanctions toolkit, not only a matter of technical defence. By extending cyber sanctions listings, the EU is reinforcing its use of diplomatic and economic measures to deter malicious cyber activity, attribute responsibility and signal that significant cyber-attacks can carry geopolitical consequences.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Google warns adversaries are industrialising AI-enabled cyberattacks

Google Threat Intelligence Group says cyber adversaries are moving from early AI experimentation towards the industrial-scale use of generative models across malicious workflows.

In a new report, GTIG says it has identified, for the first time, a threat actor using a zero-day exploit that it believes was developed with AI. The criminal actor had planned to use the exploit in a mass exploitation campaign involving a two-factor authentication bypass, but Google said its proactive discovery may have prevented the campaign from going ahead.

The findings describe several uses of AI in cyber operations. Threat actors linked to the People’s Republic of China and the Democratic People’s Republic of Korea have used AI for vulnerability research, including persona-based prompting, specialised vulnerability datasets and automated analysis of vulnerabilities and proof-of-concept exploits.

Other actors have used AI-assisted coding to support defence evasion, including the development of obfuscation tools, relay infrastructure and malware containing AI-generated decoy logic. Google said these uses show how generative models can accelerate development cycles and make malicious tools harder to detect.

Google also highlights PROMPTSPY, an Android backdoor that uses Gemini API capabilities to interpret device interfaces, generate structured commands, simulate gestures and support more autonomous malware behaviour. The company said it had disabled assets linked to the activity and that no apps containing PROMPTSPY were found on Google Play at the time of its current detection.

AI systems are also becoming direct targets. Google says attackers are compromising AI software dependencies, open-source agent skills, API connectors and AI gateway tools such as LiteLLM. The report warns that such supply-chain attacks could expose API secrets, enable ransomware activity or allow intruders to use internal AI systems for reconnaissance, data theft and deeper network access.

Why does it matter?

Google’s findings suggest that AI-enabled cyber activity is moving beyond basic phishing support or faster research. Generative models are now being used in vulnerability discovery, exploit development, malware obfuscation, autonomous device interaction, information operations and attacks on AI infrastructure itself. That could make some attacks faster, more adaptive and harder to detect, while also turning AI platforms, integrations and supply chains into part of the cyberattack surface.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Australia’s ASIC urges cyber resilience as frontier AI raises risk

The Australian Securities and Investments Commission has urged regulated entities to strengthen cyber resilience, warning that frontier AI could intensify cyber risks by exposing vulnerabilities at greater speed, scale and sophistication.

In an open letter to industry, ASIC said licensees and market participants should act now to improve their cybersecurity fundamentals rather than wait as advanced AI tools reshape the threat environment. The regulator said cyber resilience should be treated as a core licensing obligation, not solely as an IT issue.

ASIC Commissioner Simone Constant said frontier AI creates opportunities but also materially increases cyber risk, including by exposing weaknesses faster than many organisations realise. She warned that vulnerabilities once seen as isolated could have system-wide effects and enable previously out-of-reach forms of exploitation for many malicious actors.

The letter follows ASIC’s recent court outcome against FIIG Securities Limited, which the regulator said reinforced the need for cyber risk management controls to be demonstrably effective and proportionate to a business’s size, nature and complexity.

ASIC is urging entities to reassess cyber plans, identify and protect critical systems, reduce exposure to untrusted networks, review user access, patch systems promptly, strengthen incident response planning and manage third-party risks. It also says organisations should use AI defensively where appropriate, including to identify vulnerabilities and secure software before release.

Constant said entities need robust incident response plans and that the underlying principles of cyber risk management remain the same: govern, protect, detect and respond. She also said boards and executives must ensure systems are tested, weaknesses are addressed early, and action is taken before threats can be exploited.

ASIC says entities must table the letter at their ultimate board and risk governance committees. It also encourages regulated entities to use guidance from trusted sources, including the Australian Signals Directorate and the Australian Government’s Cyber Health Check.

Why does it matter?

ASIC’s warning shows that financial regulators are beginning to treat frontier AI as a force multiplier of cyber risk, not just a technology issue. By framing cyber resilience as a licensing and board-level governance obligation, the regulator is signalling that firms may be judged not only on whether they suffer cyber incidents, but on whether their controls, escalation processes and resilience planning are proportionate to an AI-accelerated threat environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WEF report says AI is reshaping cybersecurity defence

Advanced AI models are reshaping cybersecurity by accelerating both offensive and defensive capabilities, forcing organisations to rethink how they detect, assess and respond to cyber threats.

A new World Economic Forum report argues that AI is becoming a defining force in cybersecurity, with organisations increasingly moving from pilot projects to operational deployment. According to the WEF, AI is already being used to improve vulnerability identification, threat detection, response speed and resilience.

The report highlights how AI can help security teams process large volumes of data, detect threats faster and support more efficient responses. At the same time, it warns that threat actors are also using AI to automate deception, generate malware and scale attacks at machine speed.

WEF’s analysis says the growing speed and scale of AI-enabled cyber operations are putting pressure on traditional cybersecurity models. Instead of relying mainly on prevention and scheduled patching cycles, organisations are being pushed towards continuous detection, automated response, stronger access controls and more resilient infrastructure.

The report also stresses that AI’s value in cybersecurity depends on strategy, governance and human oversight. Rather than treating AI as a standalone tool, organisations are encouraged to test use cases carefully, build appropriate safeguards and invest in the skills and processes needed to defend at machine speed.

Why does it matter?

AI is changing cybersecurity on both sides of the equation. It can lower the barriers for faster and more scalable attacks, but it can also help defenders improve detection, response and resilience. The wider significance is that cybersecurity strategies built around periodic assessment and manual response may become less effective as AI-driven threats and defences operate at greater speed and scale.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.