Cyber Europe 2026 tests EU response to large-scale cyber crises

The EU Agency for Cybersecurity has led Cyber Europe 2026, a two-day exercise testing Europe’s response to large-scale cyberattacks on rail and maritime transport networks.

The exercise, held on 10 and 11 June, brought together more than 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sector organisations, the EU entities and industry. It was designed to strengthen cyber preparedness and test the continuity of essential services during a major crisis affecting interconnected transport systems.

The scenario simulated coordinated attacks on critical maritime and railway infrastructure across Europe. Port logistics and navigation systems were compromised, cargo movements were halted, and safety risks emerged. Railway networks were also disrupted, with cross-border trains frozen and passengers and supplies delayed.

Participants also had to respond to ransomware attacks affecting transport authorities and ticketing services, as well as exposure of sensitive passenger and emergency information. ENISA said the scenario required information-sharing and coordination at technical, operational and political levels.

Cyber Europe 2026 also tested the EU Cybersecurity Blueprint, revised in 2025 to strengthen crisis management for large-scale incidents. For the first time, the EU Cybersecurity Reserve was tested under Cyber Europe, using a scenario that required participants to follow ENISA procedures for activating incident response support under the mechanism.

ENISA said findings from the exercise will be analysed in after-action reports to identify weaknesses and improve Europe’s preparedness and response processes.

Why does it matter?

The exercise shows how cyber incidents affecting transport infrastructure can quickly move beyond technical disruption into broader economic, safety and crisis-management risks. Ports, railways, logistics systems, ticketing platforms and navigation tools are increasingly interconnected, often combining legacy operational technology with modern digital systems. Testing EU-level coordination matters because attacks on transport networks can affect trade, military mobility, emergency response and public trust across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EU tests cyber crisis response for rail and maritime networks

The European Commission has carried out Cyber Europe 2026, a large-scale cybersecurity exercise testing how Europe would respond to attacks on rail and maritime transport networks.

Organised by the EU Agency for Cybersecurity, the exercise took place on 10 and 11 June and involved around 5,000 experts from across the EU, industry and partner countries. Participants included cybersecurity specialists from the public and private sectors, policymakers, the EU institutions and representatives from the UK, Norway, Switzerland and Ukraine.

The scenario simulated cyberattacks on Europe’s rail and maritime networks, causing severe operational disruption and escalating into a wider cybersecurity crisis. The exercise was designed to test coordination between authorities, industry and institutions during a major cross-border incident affecting critical transport infrastructure.

Cyber Europe 2026 was also the first EU-wide test of the 2025 EU Cyber Blueprint, which clarifies roles and responsibilities during a cyber crisis. The exercise also tested the Cybersecurity Reserve, created under the Cyber Solidarity Act to provide support during significant cybersecurity incidents.

The Commission said lessons from the exercise will help consolidate the Cyber Blueprint and embed cyber crisis management more firmly into the EU’s wider emergency preparedness and response frameworks.

Why does it matter?

Transport networks are critical infrastructure, and cyber incidents affecting ports, railways or logistics systems can disrupt trade, supply chains, military mobility and emergency response across borders. Cyber Europe 2026 is important because it tests not only technical response, but also EU-level coordination, crisis decision-making and support mechanisms under newer cyber resilience tools such as the Cyber Blueprint and Cybersecurity Reserve.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU publishes the final Code for labelling AI-generated content

The European Commission has published the final Code of Practice on marking and labelling AI-generated content, offering practical guidance for providers and deployers preparing to comply with transparency obligations under the EU AI Act.

The code is voluntary, but the underlying transparency obligations in Article 50 of the AI Act will apply from 2 August 2026. The Commission said the code is intended to help organisations implement those obligations in a consistent, practical and proportionate way.

The framework covers two main areas. Providers of generative AI systems are guided on marking and detecting AI-generated or manipulated audio, image, video and text content, including through machine-readable solutions where technically feasible. Deployers are guided on labelling deepfakes and AI-generated or manipulated text published to inform the public on matters of public interest.

Under the AI Act, users must also be informed when they are interacting with interactive AI systems, such as chatbots. The transparency requirements are intended to help people recognise when content has been generated or altered by AI and to reduce the risk of deception and manipulation.

The Commission has also published a set of the EU icons that deployers may use to label certain AI-generated content. The code does not replace the AI Act or future Commission guidelines on Article 50, which are expected before the transparency obligations begin to apply.

The Commission and the AI Board will now assess the code’s adequacy. If assessed positively, providers and deployers who sign the code may use its measures to help demonstrate compliance with the AI Act’s transparency rules.

Why does it matter?

The code is an important step in turning the AI Act’s transparency provisions into operational practice. Labelling and machine-readable marking rules could shape how platforms, AI providers, media organisations and other deployers handle synthetic text, images, audio and video. The measures are especially relevant for public-interest information, where undisclosed AI-generated or manipulated content can affect trust, elections, journalism and public debate.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

CISA updates vulnerability remediation rules

The US Cybersecurity and Infrastructure Security Agency has issued a binding directive requiring federal civilian agencies to prioritise vulnerability remediation based on risk.

Binding Operational Directive 26-04 directs agencies to align their vulnerability management policies around four criteria: whether an affected asset is exposed, whether a vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalogue, whether exploitation can be automated and the likely technical impact after exploitation.

CISA said the directive consolidates and updates earlier requirements for internet-accessible systems and known exploited vulnerabilities. The agency said the approach is intended to help federal civilian agencies focus remediation on the vulnerabilities most likely to cause serious harm.

The directive comes as threat actors continue to exploit unpatched vulnerabilities, with CISA warning that AI software services could help attackers identify and exploit weaknesses more quickly. The agency said AI-enabled exploitation may further reduce the time defenders have between a patch release and attempted compromise.

The directive also requires agencies to consider whether a system may already be compromised before applying a patch. CISA said applying a patch generally does not remove an attacker who already has access to a system, making compromise checks important for risk management.

CISA will monitor agency compliance and provide implementation support. Although the directive is binding only for federal civilian agencies, CISA encouraged other organisations to adopt similar risk-based vulnerability management practices.

Why does it matter?

The directive reflects a shift in federal cybersecurity from treating vulnerability remediation as a fixed checklist to prioritising flaws based on exploitation risk, exposure, and potential impact. That matters because attackers increasingly move quickly from disclosure to exploitation, and AI tools may further shorten that window. For governments and critical organisations, vulnerability management is becoming a continuous risk-management process rather than a periodic patching exercise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New NIST study reveals inherent weaknesses in AI defences 

A new study by a researcher at the US National Institute of Standards and Technology suggests that fixed AI guardrails cannot provide complete protection against adaptive adversarial prompts.

The paper, published in IEEE Security & Privacy by NIST senior scientist Apostol Vassilev, uses logic linked to Kurt Gödel’s incompleteness theorems to argue that a finite set of AI safety rules cannot be universally robust against every possible prompt-based attack.

According to NIST, the finding does not mean AI systems cannot be hardened. Instead, it supports moving away from a ‘one and done’ security model towards continuous monitoring, testing and updating.

The recommended approach includes ongoing red-team work to identify adversarial prompts before attackers exploit them, continuous updates to strengthen guardrails and operational resilience measures that limit the impact of successful attacks and enable quick recovery.

NIST said the goal is not to eliminate all vulnerabilities, but to make exploitation more difficult and costly. As AI systems are deployed more widely, organisations should treat AI security as a permanent operational process rather than a problem that can be solved through a fixed set of controls.

Why does it matter?

The study reinforces a central challenge in AI governance: security controls for AI systems cannot be treated as static compliance measures. As AI tools are integrated into business operations, public services and security-sensitive environments, organisations may need continuous red-teaming, guardrail updates, monitoring and incident response. The policy relevance lies in shifting AI risk management from one-time assurance towards ongoing operational resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Ofcom confirms platform crisis protocols under UK Online Safety Act

UK communications regulator Ofcom has set out new crisis response measures aimed at helping online platforms respond when illegal content and content harmful to children spreads rapidly during emergencies.

The measures will be added to Ofcom’s Illegal Content Codes of Practice and Protection of Children Codes of Practice under the UK’s Online Safety Act. However, they must still complete the parliamentary process before taking effect.

Ofcom said ordinary content moderation systems may not be sufficient during exceptional events, such as public disorder, terrorist attacks, or other crises that lead to a sudden increase in harmful or illegal online activity. The regulator pointed to the violent riots that followed the 2024 Southport murders and the risk of terrorist attacks being livestreamed as examples of crises where online content can threaten public safety.

Under the measures, service providers should prepare and apply crisis protocols to manage significant increases in relevant illegal content or content harmful to children. Ofcom expects providers to deploy temporary response teams as soon as possible during a crisis, record key decisions and conduct post-crisis reviews to assess whether their response was effective.

Large platforms should also maintain dedicated communication channels for law enforcement agencies to share crisis-related information. Ofcom said the measures are intended to support faster and more coordinated public safety efforts during exceptional events.

The regulator consulted on crisis response protocols in 2025 and said further decisions on additional online safety measures are expected in autumn 2026.

Why does it matter?

The measures show how online safety regulation is moving from general content moderation duties towards operational crisis governance. In emergencies, platforms may face sudden spikes in illegal content, livestreamed harm or coordinated activity that ordinary moderation systems cannot manage quickly enough. Ofcom’s approach also formalises closer crisis-time coordination between large platforms and law enforcement, raising important questions about public safety, platform accountability, due process and safeguards under the UK Online Safety Act.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Study warns of self-replicating AI malware using real-time reasoning

Cybersecurity researchers have demonstrated an AI-powered computer worm capable of identifying vulnerabilities, generating attack strategies and spreading autonomously across networks. The study suggests that advances in AI agents could enable a new class of adaptive cyber threats capable of operating with minimal or no direct human intervention.

The research, conducted by teams from the University of Toronto, Vector Institute, University of Cambridge, and ServiceNow, describes malware that uses large language models to tailor its behaviour to each target. Unlike traditional worms, the system can adapt its attack methods in real time instead of relying solely on pre-programmed exploits.

Testing in a controlled virtual environment showed the system could successfully compromise multiple machines and replicate across a simulated network over several days. The worm also operated without relying on cloud infrastructure, running AI models locally on infected systems and using those resources to support its operations.

Researchers warned that such capabilities could signal a shift towards what they describe as ‘autonomous generative adversaries’ and stressed the need for stronger detection systems, evaluation frameworks and governance mechanisms. While details were limited to reduce misuse risks, the authors said the findings reflect how rapidly AI-enabled cyber capabilities are evolving.

Why does it matter? 

The research signals a shift in cyber risk from static, signature-based malware to autonomous systems capable of reasoning, adapting, and scaling attacks without human input.

As AI models become more capable and widely deployed, the line between tool and autonomous threat blurs, increasing pressure on cybersecurity systems, patching cycles, and regulation to keep up with real-time, evolving attacks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Canada warns of cyber threats targeting FIFA World Cup 2026

Canada’s Cyber Centre has warned that the FIFA World Cup 2026 will almost certainly attract cyber threat activity from cybercriminals, non-state actors and state-sponsored actors.

The tournament will run from 11 June to 19 July 2026 across Canada, the US and Mexico, with 104 matches in 16 cities. The Cyber Centre said the event’s global visibility, complex supporting infrastructure and broad ecosystem of suppliers and services create a large attack surface.

According to the bulletin, cybercriminals are expected to exploit public interest in the tournament through phishing, social engineering, ticket scams, fraudulent travel offers, fake livestreaming services, malicious apps and other forms of online fraud. The Cyber Centre cited research identifying more than 4,300 likely fraudulent domain registrations linked to the tournament as of August 2025.

Organisations connected to the event, including travel, hospitality, ticketing, broadcasting, telecommunications, utilities and transport providers, could also face ransomware, distributed denial-of-service attacks and website defacement. The Cyber Centre said attackers may target entities in the wider tournament ecosystem to maximise publicity, even when their targets are not part of the core World Cup infrastructure.

The bulletin also warned that threat actors are very likely to use the event for disinformation and influence activity, including campaigns involving AI-generated articles, images, videos and deepfakes. It found that there is roughly an even chance of disruptive state-sponsored cyber activity, depending on geopolitical tensions involving host nations or participating countries.

Canadian authorities urged fans, attendees, athletes, government officials and organisations linked to the tournament to strengthen cybersecurity practices and prepare for scams, disruptive attacks and information manipulation during the event.

Why does it matter?

The bulletin treats the World Cup as more than a sports event. It frames major tournaments as digitally dependent public safety environments involving ticketing systems, broadcasters, transport networks, hotels, mobile communications, local authorities and critical infrastructure. Cyber incidents during such events can cause financial loss, service disruption, data exposure, emergency communication risks and information manipulation, making cybersecurity part of event resilience and public trust.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ofcom warns platforms over online abuse ahead of FIFA World Cup 2026

Ofcom has urged online platforms to strengthen protections against illegal hate speech, abuse, threats and harassment ahead of the FIFA World Cup 2026. The UK regulator reminded technology companies that they have legal responsibilities under the Online Safety Act to reduce the risk of users encountering criminal content on their services.

The intervention follows concerns about abuse directed at players, coaches, officials and commentators during previous international tournaments. According to Ofcom, online attacks have frequently targeted individuals based on race, ethnicity, perceived sexual orientation and disability, causing significant personal and professional harm.

Under the UK’s Online Safety Act, platforms are required to operate effective reporting systems, maintain adequately resourced moderation teams and remove illegal content without undue delay. Ofcom stated that evidence of failures to meet these obligations during the tournament could be considered as part of its ongoing compliance assessments.

The regulator also highlighted a partnership established earlier this year with the UK Football Policing Unit, the Football Association, the Premier League, the English Football League, the Women’s Super League, the Professional Footballers’ Association and anti-discrimination organisation Kick It Out.

The initiative aims to strengthen information sharing and support preventative measures against online abuse targeting individuals across the football ecosystem.

Why does it matter?

Major sporting events often lead to spikes in online abuse, particularly against athletes, officials and other high-profile figures. The scale and visibility of these events can amplify harmful behaviour and place additional pressure on platforms to enforce their content moderation policies effectively.

Ofcom’s intervention highlights how online safety regulation is increasingly being tested during major public events. The regulator’s warning also signals that compliance with the Online Safety Act will be assessed not only through policies on paper but through how platforms respond to real-world surges in harmful content.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK’s IWF backs on-device nudity detection to protect children online

The Internet Watch Foundation (IWF) has welcomed a UK government proposal that would require technology companies to introduce on-device nudity detection and blocking features for children’s internet-connected devices used by children. The charity argues that preventing explicit images from being created or shared could significantly reduce the circulation of child sexual abuse material online.

The proposal follows growing concern over the increasing volume of so-called ‘self-generated’ child sexual abuse material, in which children are manipulated or coerced into creating explicit content.

According to IWF data, 311,610 reports containing child sexual abuse material were actioned during 2025, the highest number recorded by the organisation. Of those reports, 266,397 contained at least one self-generated image or video, underscoring the scale of the issue.

According to the IWF, children are frequently groomed, manipulated or coerced into producing sexual images that are subsequently distributed online. During 2025, analysts assessed more than 111,000 criminal images and almost 29,000 videos involving self-generated abuse material. More than 25,000 of those files were classified as Category A, the most severe category under UK law.

While supporting device-level protections, the organisation emphasised that no single intervention can address the problem on its own. It argues that effective child protection requires a combination of device safeguards, platform responsibility, law enforcement action and broader online safety policies.

Why does it matter?

The proposal reflects a growing shift towards preventative online safety measures that seek to stop harmful content from being created and shared, rather than relying solely on detection and removal after distribution.

The debate also highlights increasing concern about self-generated child sexual abuse material, which has become one of the fastest-growing categories of online abuse. If implemented effectively, device-level safeguards could become an important component of broader child protection strategies that also include platform responsibility, education initiatives and law enforcement action.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!