Privacy and data protection

TikTok adds AI tool to animate photos with realistic effects

TikTok has launched a new feature called AI Alive, allowing users to turn still images into dynamic, short videos. Instead of needing advanced editing skills, creators can now use AI to generate movement and effects with a few taps.

By accessing the Story Camera and selecting a static photo, users can simply type how they want the image to change — such as making the subject smile, dance, or tilt forward. AI Alive then animates the photo, using creative effects to produce a more engaging story.

TikTok says its moderation systems review the original image, the AI prompt, and the final video before it’s shown to the user. A second check occurs before a post is shared publicly, and every video made with AI Alive will include an ‘AI-generated’ label and C2PA metadata to ensure transparency.

The feature stands out as one of the first built-in AI image-to-video tools on a major platform. Snapchat and Instagram already offer AI image generation from text, and Snapchat is reportedly developing a similar image-to-video feature.

Meanwhile, TikTok is also said to be working on adding support for sending photos and voice messages via direct message — something rival apps have long supported.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI hallucination at center of Anthropic copyright lawsuit

Anthropic, the AI company behind the Claude chatbot, has been ordered by a federal judge to respond to allegations that it submitted fabricated material—possibly generated by AI—as part of its defense in an ongoing copyright lawsuit.

The lawsuit, filed in October 2023 by music publishers Universal Music Group, Concord, and ABKCO, accuses Anthropic of unlawfully using lyrics from over 500 songs to train its chatbot. The publishers argue that Claude can produce copyrighted material when prompted, such as lyrics from Don McLean’s American Pie.

During a court hearing on Tuesday in California, the publishers’ attorney claimed that an Anthropic data scientist cited a nonexistent academic article from The American Statistician journal to support the argument that Claude rarely outputs copyrighted lyrics.

One of the article’s alleged authors later confirmed the paper was a ‘complete fabrication.’ The judge is now requiring Anthropic to formally address the incident in court.

The company, founded in 2021, is backed by major investors including Amazon, Google, and Sam Bankman-Fried, the disgraced crypto executive convicted of fraud in 2023.

The case marks a significant test of how AI companies handle copyrighted content, and how courts respond when AI-generated material is used in legal proceedings.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Valve denies Steam data breach

Valve has confirmed that a cache of old Steam two-factor authentication codes and phone numbers, recently circulated by a hacker known as ‘Machine1337’, is indeed real, but insists it did not suffer a data breach.

Instead of pointing to its own systems, Valve explained that the leak involves outdated SMS messages, which are typically sent unencrypted and routed through multiple providers. These codes, once valid for only 15 minutes, were not linked to specific Steam accounts, passwords, or payment information.

The leaked data sparked early speculation that third-party messaging provider Twilio was the source of the breach, especially after their name appeared in the dataset. However, both Valve and Twilio denied any direct involvement, with Valve stating it does not even use Twilio’s services.

The true origin of the breach remains uncertain, and Valve acknowledged that tracing it may be difficult, as SMS messages often pass through several intermediaries before reaching users.

While the leaked information may not immediately endanger Steam accounts, Valve advised users to remain cautious. Phone numbers, when combined with other data, could still be used for phishing attacks.

Instead of relying on SMS for security, users are encouraged to activate the Steam Mobile Authenticator, which offers a more secure alternative for account verification.

Despite the uncertainty surrounding the source of the breach, Valve reassured users there’s no need to change passwords or phone numbers. Still, it urged vigilance, recommending that users routinely review their security settings and remain wary of any unsolicited account notifications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use fake PayPal email to seize bank access

A man from Virginia fell victim to a sophisticated PayPal scam that allowed hackers to gain remote control of his computer and access his bank accounts.

After receiving a fake email about a laptop purchase, he called the number listed in the message, believing it to be legitimate. The person on the other end instructed him to enter a code into his browser, which unknowingly installed a program giving the scammer full access to his system.

Files were scanned, and money was transferred between his accounts—all while he was urged to stay on the line and visit the bank, without informing anyone.

The scam, known as a remote access attack, starts with a convincing email that appears to come from a trusted source. Instead of fixing any problem, the real aim is to deceive victims into granting hackers full control.

Once inside, scammers can steal personal data, access bank accounts, and install malware that remains even after the immediate threat ends. These attacks often unfold in minutes, using fear and urgency to manipulate targets into acting quickly and irrationally.

Quick action helped limit the damage in this case. The victim shut down his computer, contacted his bank and changed his passwords—steps that likely prevented more extensive losses. However, many people aren’t as fortunate.

Experts warn that scammers increasingly rely on psychological tricks instead of just technical ones, isolating their victims and urging secrecy during the attack.

To avoid falling for similar scams, it’s safer to verify emails by using official websites instead of clicking any embedded links or calling suspicious numbers.

Remote control should never be granted to unsolicited support calls, and all devices should have up-to-date antivirus protection and multifactor authentication enabled. Online safety now depends just as much on caution and awareness as it does on technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepMind unveils AlphaEvolve for scientific breakthroughs

Google DeepMind has unveiled AlphaEvolve, a new AI system designed to help solve complex scientific and mathematical problems by improving how algorithms are developed.

Rather than acting like a standard chatbot, AlphaEvolve blends large language models from the Gemini family with an evolutionary approach, enabling it to generate, assess, and refine multiple solutions at once.

Instead of relying on a single output, AlphaEvolve allows researchers to submit a problem and potential directions. The system then uses both Gemini Flash and Gemini Pro to create various solutions, which are automatically evaluated.

The best results are selected and enhanced through an iterative process, improving accuracy and reducing hallucinations—a common issue with AI-generated content.

Unlike earlier DeepMind tools such as AlphaFold, which focused on narrow domains, AlphaEvolve is a general-purpose AI for coding and algorithmic tasks.

It has already shown its value by optimising Google’s own Borg data centre management system, delivering a 0.7% efficiency gain—significant given Google’s global scale.

The AI also devised a new method for multiplying complex matrices, outperforming a decades-old technique and even beating DeepMind’s specialised AlphaTensor model.

AlphaEvolve has also contributed to improvements in Google’s hardware design by optimising Verilog code for upcoming Tensor chips.

Though not publicly available yet due to its complexity, AlphaEvolve’s evaluation-based framework could eventually be adapted for smaller AI tools used by researchers elsewhere.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Instagram calls for EU-wide teen protection rules

Instagram is calling on the European Union to introduce new regulations requiring app stores to implement age verification and parental approval systems.

The platform argues that such protections, applied consistently across all apps, are essential to safeguarding teenagers from harmful content online.

‘The EU needs consistent standards for all apps, to help keep teens safe, empower parents and preserve privacy,’ Instagram said in a blog post.

The company believes the most effective way to achieve this is by introducing protections at the source—before teenagers download apps from the Apple App Store or Google Play Store.

Instagram is proposing that app stores verify users’ ages and require parental approval for teen app downloads. The social media platform cites new research from Morning Consult showing that three in four parents support such legislation.

Most parents also view app stores, rather than individual apps, as the safer and more manageable point for controlling what their teens can access.

To reinforce its position, Instagram points to its own safety efforts, such as the introduction of Teen Accounts. These private-by-default profiles limit teen exposure to messages and content from unknown users, and apply stricter filters to reduce exposure to sensitive material.

Instagram says it is working with civil society groups, industry partners, and European policymakers to push for rules that protect young users across platforms. With teen safety a growing concern, the company insists that industry-wide, enforceable solutions are urgently needed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S breach linked to DragonForce hacking group

Marks & Spencer has confirmed that personal customer data was stolen in a recent cyberattack, including names, contact details, dates of birth, household information, and order histories. The company stressed that no useable payment details or account passwords were compromised.

The breach, which began over the Easter weekend, has disrupted online orders since April 25 and is reportedly costing M&S £43 million per week in lost sales.

Customers are being prompted to reset their passwords, and the retailer has warned users to be cautious of phishing emails or messages pretending to be from M&S.

The attack is linked to the DragonForce cybercrime group, known for double-extortion tactics—stealing and encrypting data while demanding ransom.

While no leaked M&S data has appeared online, experts say the risk of identity fraud remains high.

M&S has contacted website users, reported the breach to authorities, and is working with cybersecurity experts. The company has not disclosed how many of its 9.4 million online customers were affected.

Chief executive Stuart Machin said M&S is working ‘around the clock’ to restore services. Shares in the retailer have dropped 12% over the past month.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TikTok unveils AI video feature

TikTok has launched ‘AI Alive,’ its first image-to-video feature that allows users to transform static photos into animated short videos within TikTok Stories.

Accessible only through the Story Camera, the tool applies AI-driven movement and effects—like shifting skies, drifting clouds, or expressive animations—to bring photos to life.

Unlike text-to-image tools found on Instagram and Snapchat, TikTok’s latest feature takes visual storytelling further by enabling full video generation from single images. Although Snapchat plans to introduce a similar function, TikTok has moved ahead with this innovation.

All AI Alive videos will carry an AI-generated label and include C2PA metadata to ensure transparency, even when shared beyond the platform.

TikTok emphasises safety, noting that every AI Alive video undergoes several moderation checks before it appears to creators.

Uploaded photos, prompts, and generated videos are reviewed to prevent rule-breaking content. Users can report violations, and final safety reviews are conducted before public sharing.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S urges password reset after major cyber incident

Marks & Spencer has confirmed that hackers accessed personal customer information in a cyber-attack that began in late April. The retailer stated that no payment details or account passwords were compromised, and there is currently no evidence the stolen data has been shared.

Customers will be prompted to reset their passwords as a precaution. Chief executive Stuart Machin called the breach a result of a sophisticated attack and apologised for the disruption, which has impacted online orders, app functionality, and some in-store services.

Although stores remain open, the company has been unable to process online purchases since 25 April. A hacking group known as Scattered Spider is believed to be behind the incident.

M&S has contacted affected customers and provided guidance on online safety. The company said it is working ‘around the clock’ to resolve the issue and restore normal operations. Customers are thanked for their patience and continued support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.