Network security

Claude can now read your Gmail and Docs

Anthropic has introduced a new integration that allows its AI chatbot, Claude, to connect directly with Google Workspace.

The feature, now in beta for premium subscribers, enables Claude to reference content from Gmail, Google Calendar, and Google Docs to deliver more personalised and context-aware responses.

Users can expect in-line citations showing where specific information originated from within their Google account.

This integration is available for subscribers on the Max, Team, Enterprise, and Pro plans, though multi-user accounts require administrator approval.

While Claude can read emails and review documents, it cannot send emails or schedule events. Anthropic insists the system uses strict access controls and does not train its models on user data by default.

The update arrives as part of Anthropic’s broader efforts to enhance Claude’s appeal in a competitive AI landscape.

Alongside the Workspace integration, the company launched Claude Research, a tool that performs real-time web searches to provide fast, in-depth answers.

Although still smaller than ChatGPT’s user base, Claude is steadily growing, reaching 3.3 million web users in March 2025.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NATO allies strengthen cyber defenses against critical infrastructure threats

Between 7 and 11 April, representatives from 20 allied governments and national agencies participated in a NATO-led exercise designed to strengthen mutual support in the cyber domain.

The activity aimed to improve coordination and collective response mechanisms for cyber incidents affecting critical national infrastructure. Through simulated threat scenarios, participants practised real-time information exchange, joint decision-making, and coordinated response planning.

According to NATO, cyber activities targeting critical infrastructure, industrial control systems, and public sector services have increased in frequency.

Such activities are considered to serve various objectives, including information gathering and operational disruption.

The role of cyber operations in modern conflict gained increased attention following Russia’s actions in Ukraine in 2022, where cyber activity was observed alongside traditional military operations.

Hosted by Czechia, the exercise served to test NATO’s Virtual Cyber Incident Support Capability (VCISC), a coordination platform introduced at the 2023 Vilnius Summit.

VCISC enables nations to request and receive cyber assistance from designated counterparts across the Alliance.

The support offered includes services such as malware analysis, cyber threat intelligence, and digital forensics. However, the initiative is voluntary, with allies contributing national resources and expertise to mitigate the impact of significant cyber incidents and support recovery.

Separately, in January 2025, the US officials met with her Nordic-Baltic counterparts from Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden.

Discussions centred on enhancing regional cooperation to safeguard undersea cable infrastructure—critical to communications and energy systems. Participants noted the broadening spectrum of threats to these assets.

In parallel, NATO launched the Baltic Sentry to reinforce the protection of critical infrastructure in the Baltic Sea region. The initiative is intended to bolster NATO’s posture and improve its capacity to respond promptly to destabilising activities.

In July 2024, NATO also announced the expansion of the role of its Integrated Cyber Defence Centre (NICC).

The Centre is tasked with enhancing the protection of NATO and allied networks, as well as supporting the operational use of cyberspace. It provides commanders with insights into potential cyber threats and vulnerabilities, including those related to civilian infrastructure essential to military operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI updates safety rules amid AI race

OpenAI has updated its Preparedness Framework, the internal system used to assess AI model safety and determine necessary safeguards during development.

The company now says it may adjust its safety standards if a rival AI lab releases a ‘high-risk’ system without similar protections, a move that reflects growing competitive pressure in the AI industry.

Instead of outright dismissing such flexibility, OpenAI insists that any changes would be made cautiously and with public transparency.

Critics argue OpenAI is already lowering its standards for the sake of faster deployment. Twelve former employees recently supported a legal case against the company, warning that a planned corporate restructure might encourage further shortcuts.

OpenAI denies these claims, but reports suggest compressed safety testing timelines and increasing reliance on automated evaluations instead of human-led reviews. According to sources, some safety checks are also run on earlier versions of models, not the final ones released to users.

The refreshed framework also changes how OpenAI defines and manages risk. Models are now classified as having either ‘high’ or ‘critical’ capability, the former referring to systems that could amplify harm, the latter to those introducing entirely new risks.

Instead of deploying models first and assessing risk later, OpenAI says it will apply safeguards during both development and release, particularly for models capable of evading shutdown, hiding their abilities, or self-replicating.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hertz customer data stolen in vendor cyberattack

Hertz has disclosed a significant data breach involving sensitive customer information, including credit card and driver’s licence details, following a cyberattack on one of its service providers.

The breach stemmed from vulnerabilities in the Cleo Communications file transfer platform, exploited in October and December 2024.

Hertz confirmed the unauthorised access on 10 February, with further investigations revealing a range of exposed data, including names, birth dates, contact details, and in some cases, Social Security and passport numbers.

While the company has not confirmed how many individuals were affected, notifications have been issued in the US, UK, Canada, Australia, and across the EU.

Hertz stressed that no misuse of customer data has been identified so far, and that the breach has been reported to law enforcement and regulators. Cleo has since patched the exploited vulnerabilities.

The identity of the attackers remains unknown. However, Cleo was previously targeted in a broader cyber campaign last October, with the Clop ransomware group later claiming responsibility.

The gang published Cleo’s company data online and listed dozens of breached organisations, suggesting the incident was part of a wider, coordinated effort.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

KiloEX loses $7.5 million in oracle hack

A hacker has exploited decentralised exchange KiloEX, draining approximately US$7.5 million by manipulating its price oracle mechanism. The breach led to an immediate suspension of the platform and sparked a cross-industry investigation involving cybersecurity firms and blockchain networks.

The vulnerability centred on KiloEX’s price feed system, which allowed the attacker to manipulate the ETH/USD feed by inputting an artificial entry price of 100 and closing it at 10,000.

According to cybersecurity firm PeckShield, this simple flaw enabled the attacker to steal millions across multiple chains, including $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Smart Chain.

KiloEX is working with various security experts and blockchain networks such as BNB Chain and Manta Network to recover the stolen assets.

Funds are reportedly being routed through cross-chain protocols like zkBridge and Meson. Co-founder of Fuzzland, Chaofan Shou, described the breach as stemming from a ‘very simple vulnerability’ in oracle verification, where only intermediaries were validated rather than the original transaction sender.

The attack caused KiloEX’s token price to plummet by over 29% and came just one day after the platform announced a strategic partnership with DWF Labs, aimed at fuelling growth. KiloEX has promised a full incident report and a bounty programme to encourage asset recovery.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beijing blames NSA for hacking Asian Games systems

Chinese authorities have accused three alleged US operatives of orchestrating cyberattacks on national infrastructure during the Asian Games in Harbin this February.

The individuals, identified by Harbin police as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, are said to have worked through the US National Security Agency (NSA).

The attacks reportedly targeted systems critical to the Games’ operations, including athlete registration, travel, and competition management, which held sensitive personal data.

Chinese state media further claimed that the cyber intrusions extended beyond the sporting event, affecting key infrastructure in Heilongjiang province. Targets allegedly included energy, transport, water, telecoms, defence research institutions, and technology giant Huawei.

Authorities said the NSA used encrypted data to compromise Microsoft Windows systems in the region, with the aim of disrupting services and undermining national security.

The Foreign Ministry of China denounced the alleged cyberattacks as ‘extremely malicious,’ urging the United States to halt what it called repeated intrusions and misinformation.

The UD Embassy in Beijing has yet to respond, and the allegations come amid ongoing tensions, with both nations frequently accusing each other of state-backed hacking.

Only last month, the US government named and charged 12 Chinese nationals in connection with cyberespionage efforts against American interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI voice hacks put fake Musk and Zuckerberg at crosswalks

Crosswalk buttons in several Californian cities have been hacked to play AI-generated voices impersonating tech moguls Elon Musk and Mark Zuckerberg, delivering bizarre and satirical messages to pedestrians.

The spoof messages, which mock the CEOs with lines like ‘Can we be friends?’ and ‘Cooking our grandparents’ brains with AI slop,’ have been heard in Palo Alto, Redwood City, and Menlo Park.

US Palo Alto officials confirmed that 12 intersections were affected and the audio systems have since been disabled.

While the crosswalk signals themselves remain operational, authorities are investigating how the hack was carried out. Similar issues are being addressed in nearby cities, with local governments moving quickly to secure the compromised systems.

The prank, which uses AI voice cloning, appears to layer these spoofed messages on top of the usual accessibility features rather than replacing them entirely.

Though clearly comedic in intent, the incident has raised concerns about the growing ease with which public systems can be manipulated using generative technologies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft users at risk from tax-themed cyberattack

As the US tax filing deadline of April 15 approaches, cybercriminals are ramping up phishing attacks designed to exploit the urgency many feel during this stressful period.

Windows users are particularly at risk, as attackers are targeting Microsoft account credentials by distributing emails disguised as tax-related reminders.

These emails include a PDF attachment titled ‘urgent reminder,’ which contains a malicious QR code. Once scanned, it leads users through fake bot protection and CAPTCHA checks before prompting them to enter their Microsoft login details, details that are then sent to a server controlled by criminals.

Security researchers, including Peter Arntz from Malwarebytes, warn that the email addresses in these fake login pages are already pre-filled, making it easier for unsuspecting victims to fall into the trap.

Entering your password at this stage could hand your credentials to malicious actors, possibly operating from Russia, who may exploit your account for maximum profit.

The form of attack takes advantage of both the ticking tax clock and the stress many feel trying to meet the deadline, encouraging impulsive and risky clicks.

Importantly, this threat is not limited to Windows users or those filing taxes by the April 15 deadline. As phishing techniques become more advanced through the use of AI and automated smartphone farms, similar scams are expected to persist well beyond tax season.

The IRS rarely contacts individuals via email and never to request sensitive information through links or attachments, so any such message should be treated with suspicion instead of trust.

To stay safe, users are urged to remain vigilant and avoid clicking on links or scanning codes from unsolicited emails. Instead of relying on emails for tax updates or returns, go directly to official websites.

The IRS offers resources to help recognise and report scams, and reviewing this guidance could be an essential step in protecting your personal information, not just today, but in the months ahead.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UAE experts warn on AI privacy risks in art apps

A surge in AI applications transforming selfies into Studio Ghibli-style artwork has captivated social media, but UAE cybersecurity experts are raising concerns over privacy and data misuse.

Dr Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, warned that engaging with unofficial apps could lead to breaches or leaks of personal data. He emphasised that while AI’s benefits are clear, users must understand how their personal data is handled by these platforms.

He called for strong cybersecurity standards across all digital platforms, urging individuals to be more cautious with their data.

Media professionals are also sounding alarms. Adel Al-Rashed, an Emirati journalist, cautioned that free apps often mimic trusted platforms but could exploit user data. He advised users to stick to verified applications, noting that paid services, like ChatGPT’s Pro edition, offer stronger privacy protections.

While acknowledging the risks, social media influencer Ibrahim Al-Thahli highlighted the excitement AI brings to creative expression. He urged users to focus on education and safe engagement with the technology, underscoring the UAE’s goal to build a resilient digital economy.

For more information on these topics, visit diplomacy.edu.