Australia’s regulator targets AI-nudify platform over child safety and deepfake risks

Australia’s eSafety Commissioner has begun enforcement action against another AI-powered ‘nudify’ service accused of failing to protect children from exposure to sexually explicit deepfake images.

The regulator issued a formal Direction to Comply to one of the most visited nudify services in Australia, giving the provider 14 days to implement stronger protections preventing children from accessing the platform. eSafety said the service allows users to upload images of real people and generate sexually explicit deepfake content on demand.

The regulator warned that such technologies can facilitate non-consensual exploitation, cyberbullying, sexual extortion, image-based sexual abuse, misogynistic harassment and exploitation of minors. The service had attracted nearly 40,000 Australian visits per month as of March 2026, following a sharp increase in traffic over the previous six months.

The enforcement action was taken under Australia’s Age-Restricted Material Codes, which came into force in March 2026. The codes are designed to prevent children from accessing or being exposed to age-restricted material, including pornography, high-impact violence, self-harm, suicide or disordered eating content.

eSafety said the Argentina-based provider failed to respond to earlier engagement after the codes took effect and had not committed to improving protections for children. The regulator chose not to name the service to avoid inadvertently promoting it.

If the service does not meet the requirements within the 14-day timeframe, eSafety may pursue further action, including civil penalties of up to AU$49.5 million and delisting notices to search engine providers that help facilitate access to the site.

The action follows earlier enforcement in late 2025 that led three widely used nudify services, which had reportedly been used to generate child sexual exploitation material in schools, to withdraw from Australia. Those services have since relaunched under new ownership with additional safety measures, including mandatory age assurance.

Why does it matter?

The case shows how online safety regulators are beginning to apply age-assurance and child protection rules directly to generative AI services. Nudify platforms are treated as high-risk because they can enable non-consensual sexualised deepfakes, image-based abuse and exploitation involving minors at scale. Australia’s enforcement approach also signals that regulators may target foreign-based AI services when they are accessible to local users and fail to implement safeguards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

eSafety Commissioner and Sport Integrity Australia focus on online harms in sport

Australia’s eSafety Commissioner and Sport Integrity Australia have launched a joint initiative focused on online safety in sport.

The Online Safety in Sport Summit brought together representatives from sporting organisations, government agencies, researchers, law enforcement, and technology companies. The discussions focused on cyberbullying, online harassment, and harmful digital behaviour affecting athletes and sporting communities.

During the summit, Australia’s eSafety Commissioner Julie Inman Grant said harmful behaviour linked to sport increasingly occurs across social media, messaging applications, and online communities.

Research presented during the summit, titled ‘The Digital Sideline’, found that nearly one in five children participating in organised sport reported experiencing cyberbullying related to sporting activities.

Officials in Australia said that many reported online harms involved peers, including teammates and competitors, and occurred through private messages and group chats.

Participants highlighted the importance of prevention measures, early intervention, and cooperation between sporting organisations, regulators, and technology companies.

Why does it matter?

Online abuse within sport is becoming an increasingly significant policy and governance issue as digital platforms reshape athlete visibility, fan interaction, and youth participation. Cyberbullying, online harassment, and hate speech can affect mental health, athlete safety, participation rates, and broader social cohesion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

OpenAI expands verification tools as AI slop blurs digital trust

OpenAI has announced new measures to strengthen the provenance and verification of AI-generated content as synthetic media becomes more widespread across digital platforms.

The company said it is expanding support for Content Credentials and compliance with the Coalition for Content Provenance and Authenticity (C2PA) standard. The standard uses metadata and cryptographic signatures to help ensure that information about a piece of media travels securely with the content, including details on where it came from and how it may have been created or edited.

OpenAI also plans to integrate Google DeepMind’s SynthID watermarking into images generated through ChatGPT, Codex and the OpenAI API. The company said SynthID will add an invisible watermarking layer that complements C2PA metadata, particularly when metadata is removed, lost, or altered during file conversions, resizing, screenshots, or other transformations.

The company said it is adopting a multi-layered provenance approach that combines metadata, watermarking and public verification tools rather than relying on a single detection method. According to OpenAI, C2PA can provide richer contextual information, while SynthID can help preserve a signal when metadata does not survive.

The move also connects to wider concerns about AI slop, as synthetic media and low-quality AI-generated content become harder to distinguish from authentic images. Provenance tools cannot solve the problem alone, but they can provide clearer signals about how digital media was created or modified.

OpenAI also previewed a public verification tool that will allow users to check whether ChatGPT, Codex or the OpenAI API generated an uploaded image. The tool will look for provenance signals, including Content Credentials and SynthID watermarks. Still, OpenAI said it will not make a definitive judgement when no signal is detected, because provenance signals can sometimes be removed.

At launch, the verification tool is limited to OpenAI-generated content. The company said it aims to support wider cross-platform verification efforts in the coming months and eventually expand support to more types of online content.

Why does it matter?

AI-generated content is becoming harder to distinguish from authentic media, fuelling concerns around AI slop, deepfakes and manipulated information. Provenance systems such as Content Credentials, watermarking and verification tools can help people understand where media came from and whether it was generated or modified by AI. However, OpenAI’s approach also shows the limits of technical detection: metadata can be stripped, watermarks may not survive every transformation, and no single method can provide complete certainty.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK authorities issue guidance on frontier AI cyber risks in finance

The Bank of England, the Financial Conduct Authority (FCA), and HM Treasury published a joint statement on cybersecurity and operational resilience risks linked to frontier AI models.

According to the statement, current frontier AI models can perform certain cyber-related tasks at high speed and scale, potentially increasing operational and security risks if misused.

UK authorities said regulated firms should strengthen governance, vulnerability management, third-party risk oversight, and recovery capabilities. The statement also referred to the use of automated and AI-supported defensive measures in cybersecurity operations.

The guidance highlighted risks associated with third-party services, open-source software, and legacy systems. According to the statement, boards and senior management should maintain awareness of frontier AI-related operational and cyber risks.

The authorities said they will continue monitoring frontier AI developments and engage with industry through the Cross Market Operational Resilience Group (CMORG). The statement also references guidance published by the UK National Cyber Security Centre (NCSC) on vulnerability management and AI-related cyber risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WEF highlights cybersecurity as a strategic economic priority in the AI era

The World Economic Forum said cybersecurity is rapidly evolving into a strategic economic and national security priority as AI systems, geopolitical tensions, and increasingly interconnected digital ecosystems reshape global cyber risks.

During the Annual Meeting on Cybersecurity 2026 held in Geneva, participants discussed how cyber threats are increasingly affecting economic activity, supply chains, financial systems, and critical infrastructure.

The forum said large-scale cyber incidents can disrupt national economies and critical infrastructure. The report referenced a major 2025 cyberattack that disrupted UK automotive production and reportedly contributed to weaker GDP growth, with estimated economic losses reaching approximately £1.9 billion.

WEF argued that organisations are increasingly abandoning compliance-driven cybersecurity models in favour of measurable resilience strategies focused on rapid recovery, operational continuity, incident response readiness, and stronger governance structures.

AI featured heavily throughout the discussions. The forum warned that attackers are using AI almost universally, allowing cyber operations to become faster, more autonomous, and more scalable. Leaders also highlighted emerging risks linked to agentic AI systems, software supply chain vulnerabilities, and quantum computing developments.

Participants stressed that cyber resilience now requires far broader coordination between governments, regulators, businesses, insurers, and infrastructure operators. Public-private cooperation, information-sharing systems, interoperable intelligence frameworks, and cross-border regulatory coordination were described as increasingly necessary to manage systemic cyber risks.

The discussions also focused on cyber-enabled fraud, scams, and online criminal operations that increasingly target both institutions and ordinary citizens across digital ecosystems. Experts argued that cybersecurity strategies must combine technological protection, digital literacy, public awareness, and platform-level safeguards instead of relying solely on reactive responses.

WEF concluded that cybersecurity is becoming inseparable from economic security and strategic stability in the AI era, with future resilience depending heavily on how effectively governments and industries align incentives, quantify cyber risk, and strengthen cooperation across interconnected systems.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK’s Ofcom accepts X commitments on illegal hate and terror content moderation

Ofcom has accepted a series of public commitments from X aimed at strengthening protections for UK users against illegal hate speech and terrorist content under the Online Safety Act framework.

Under the commitments, X will review suspected illegal terrorist and hate content reported through its dedicated UK illegal content reporting tool within an average of 24 hours. As a backstop, the platform will review at least 85% of such reports within 48 hours. Ofcom said the targets, if met, would give UK users some of the strongest protections on X globally.

X is also committed to engaging external experts on reporting systems for illegal hate and terror content, following concerns from organisations that reports submitted to the platform were not always clearly acknowledged or acted on. The company also said it would withhold access to accounts reported for posting illegal terrorist content in the UK if it determines they are operated by or on behalf of a terrorist organisation proscribed in the UK.

Ofcom said X will submit quarterly performance data over the next 12 months so the regulator can monitor whether the platform is meeting its commitments. The regulator added that its broader compliance programme examining how major social media services handle illegal hate and terrorist material remains ongoing.

The announcement comes amid wider scrutiny of illegal hate content on major social media platforms. Ofcom said evidence gathered from civil society and expert organisations, including the Antisemitism Policy Trust, Tech Against Terrorism and Tell MAMA, indicates that such content persists on some of the largest social media sites.

Ofcom also noted that its investigation into X’s Grok remains ongoing, focusing on the company’s compliance with duties to deal with illegal content and the systems it has in place to do so.

Why does it matter?

The commitments show how the UK’s Online Safety Act is beginning to translate into concrete performance expectations for major platforms. Review-time targets, expert engagement and regular reporting to Ofcom could make illegal hate and terrorist content moderation more measurable. Still, the wider test will be whether X delivers these protections in practice and whether similar pressure is applied across other large platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

ITU Radiocommunication Bureau outlines key aspects future connectivity

ITU Radiocommunication Bureau has highlighted the critical role of radio-frequency spectrum in ensuring digital resilience, emphasising that reliable connectivity underpins essential services such as healthcare, transport and emergency communications.

According to the Bureau, resilience begins before disruption through coordinated spectrum management, international standards and regulatory frameworks. These systems enable wireless networks and satellite services to operate reliably and avoid harmful interference.

The organisation stressed that growing demand for connectivity, including 5G, satellite broadband and AI-enabled systems, increases pressure on spectrum resources. Technical standards and global coordination are therefore essential to maintain interoperability and support innovation.

ITU also pointed to the importance of satellite systems and early warning technologies in responding to climate risks and disasters. Future decisions at the World Radiocommunication Conference 2027 in China will further shape how resilient digital infrastructure develops globally.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

ICO warns organisations about growing AI cyber threats

The UK Information Commissioner’s Office has warned that AI is enabling faster, more advanced and harder-to-detect cyberattacks, urging organisations to strengthen their defences against emerging threats.

In a blog post, the regulator highlighted risks such as AI-generated phishing emails, deepfake social engineering, automated vulnerability scanning, AI-powered malware, credential attacks, data poisoning and indirect prompt injection. The ICO said cybersecurity must be treated as a shared responsibility, with organisations expected to take proactive steps to protect the personal data they hold.

The ICO said strong foundational security measures remain essential, but should be reinforced with layered defences to counter AI-powered threats. It pointed to practical steps such as patching systems, restricting access through multi-factor authentication, applying least-privilege principles and managing supplier risks.

The recommendations also include monitoring systems for unusual activity, carrying out vulnerability scanning and penetration testing, and maintaining regularly tested incident response plans. The ICO said AI can also support cyber defence, but should operate within a clear framework of human oversight and accountability.

Organisations are further advised to minimise data collection, conduct regular data audits and train staff to recognise AI-powered social engineering attacks. The ICO said AI tools processing high-risk personal data should be supported by data protection impact assessments and appropriate safeguards.

Why does it matter?

The ICO’s warning links AI-powered cyber threats directly to data protection obligations. As attackers use AI to scale phishing, exploit vulnerabilities and impersonate trusted contacts, organisations are expected not only to improve technical security, but also to limit the personal data they hold, strengthen governance and prepare for faster-moving incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Google outlines AI-driven measures against online scams and fraud

Google has outlined new and existing measures to tackle online scams and fraud ahead of the second EMEA Anti-Scams and Fraud Summit, hosted by the Google Safety Engineering Centre in Zurich.

The company said the summit brings together representatives from governments, technology companies, consumer groups and academia to discuss collective responses to increasingly sophisticated scams. Google said its approach combines AI-driven protections across its products with wider cooperation involving industry and public authorities.

Google highlighted the use of AI-powered systems in services including Gmail, Chrome, Search, Ads and Phone by Google. The company said Gmail blocks more than 99.9% of spam, phishing and malware, while Search filters out hundreds of millions of spam-related pages daily. It also said its systems caught more than 99% of policy-violating ads before they reached users in 2025.

User-facing tools are also part of the company’s anti-scam strategy. Google pointed to Security Checkup, Passkeys, 2-Step Verification, Circle to Search and Google Lens as tools that can help users strengthen account protection and verify suspicious messages or content.

The company also highlighted public awareness and education initiatives, including Be Scam Ready, a game-based programme that uses simulated scam scenarios to help users recognise common tactics. Google said a previous Google.org commitment of $5 million is supporting anti-scam initiatives in Europe and the Middle East, including work by the Internet Society and Oxford Information Labs.

Google also referred to cooperation through the Global Signal Exchange, a threat-intelligence sharing platform for scams and fraud. As a founding partner, Google said it both contributes to and draws from the platform, which now stores more than 1.2 billion signals used to identify and disrupt criminal activity.

The company said it also works with law enforcement agencies, including the UK’s National Crime Agency, and participates in the Industry Accord Against Online Scams and Fraud. Google also pointed to legal actions against scam operations and botnets, including cases involving Lighthouse and BadBox.

Why does it matter?

Online scams are increasingly industrialised, cross-platform and supported by AI-enabled tactics, making them difficult to address through product-level security alone. Google’s approach shows how major technology companies are combining automated detection, user education, threat-intelligence sharing and law enforcement cooperation to respond to fraud. The wider policy issue is how much responsibility large platforms should bear for detecting and disrupting scams before they reach users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft MDASH agentic AI security system tops vulnerability discovery benchmarks

Microsoft has described a multi-model agentic AI security system, codenamed MDASH, designed to support vulnerability discovery and cybersecurity research across complex codebases.

According to Microsoft, the system helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including issues in the Windows TCP/IP stack, IKEv2 services, DNS handling and Netlogon processes. Several of the vulnerabilities were reachable over networks without authentication, the company said.

MDASH was developed by Microsoft’s Autonomous Code Security team and combines more than 100 specialised AI agents with an ensemble of frontier and distilled AI models. The system is structured as a multi-stage pipeline covering code preparation, scanning, validation, deduplication and proof generation.

The publication says the system identified remote code execution flaws, denial-of-service issues, information disclosure vulnerabilities and security feature bypasses. Microsoft also described the use of specialised auditor, debater and prover agents designed to analyse vulnerabilities across multiple files and code paths.

Microsoft said MDASH uses plugins and domain-specific knowledge to support validation and proof-of-concept generation, allowing security experts to add context that foundation models may not capture on their own.

The company also reported benchmark results from internal and public tests. It said MDASH identified all 21 deliberately inserted vulnerabilities in a private test driver with zero false positives in that run, achieved 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% in tcpip.sys, and scored 88.45% on the public CyberGym benchmark.

Microsoft said the system is already being used by its security engineering teams and is being tested with a small group of customers through a limited private preview.

Why does it matter?

MDASH shows how agentic AI is moving into high-value cybersecurity tasks such as vulnerability discovery, validation and proof generation. If systems like this can reliably reduce false positives and help researchers find exploitable flaws earlier, they could improve defensive security at scale. The same development also raises governance questions around access, oversight and dual-use risk, since tools capable of finding and proving vulnerabilities may be valuable to both defenders and attackers.

The company also discussed broader implications for AI-assisted cybersecurity operations, including the use of agentic AI systems for vulnerability discovery, validation, and remediation workflows. Microsoft stated that the system is currently being tested internally and through a limited private preview involving selected customers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot