Privacy and data protection

OpenAI backs Adaptive Security in the battle against AI threats

AI-driven cyber threats are on the rise, making it easier than ever for hackers to deceive employees through deepfake scams and phishing attacks.

OpenAI, a leader in generative AI, has recognised the growing risk and made its first cybersecurity investment in New York-based startup Adaptive Security. The company has secured $43 million in Series A funding, co-led by OpenAI’s startup fund and Andreessen Horowitz.

Adaptive Security helps companies prepare for AI-driven cyberattacks by simulating deepfake calls, texts, and emails. Employees may receive a phone call that sounds like their CTO, asking for sensitive information, but in reality, it is an AI-generated test.

The platform identifies weak points in a company’s security and trains staff to recognise potential threats. Social engineering scams, which trick employees into revealing sensitive data, have already led to massive financial losses, such as the $600 million Axie Infinity hack in 2022.

CEO Brian Long, a seasoned entrepreneur, says the funding will go towards hiring engineers and improving the platform to keep pace with evolving AI threats.

The investment comes amid a surge in cybersecurity funding, with companies like Cyberhaven, Snyk, and GetReal also securing major investments.

As cyber risks become more advanced, Long advises employees to take simple precautions, including deleting voicemails to prevent hackers from cloning their voices.

For more information on these topics, visit diplomacy.edu.

Deutsche Telekom expands partnership with Google Cloud

Deutsche Telekom has strengthened its collaboration with Google, moving more of its services to the Google Cloud platform as part of its transformation into an ‘AI-first company.’ The expanded partnership aims to improve the agility and efficiency of Deutsche Telekom’s operations through AI-driven solutions.

Stefan Schloter, Chief Infrastructure Officer for Europe at Deutsche Telekom, highlighted how leveraging data and AI will enhance digital solutions across business entities, software engineering, and customer interfaces.

The MyMagenta app, for example, will integrate Google’s AI-powered Gemini assistant, further improving customer experience.

Google Cloud will also serve as the technical foundation of Deutsche Telekom’s new AI platform, the ‘One Data Ecosystem.’ However, this platform consolidates data systems and enhances data processing speed while ensuring compliance with privacy and data-sharing regulations.

Marianne Janik, Vice President of Google Cloud for Northern Europe, expressed excitement about the partnership, noting how cloud technology is pivotal for communications providers in driving innovation, flexibility, and growth for enhanced user experiences.

For more information on these topics, visit diplomacy.edu.

National Crime Agency responds to AI crime warning

The National Crime Agency (NCA) has pledged to ‘closely examine’ recommendations from the Alan Turing Institute after a recent report highlighted the UK’s insufficient preparedness for AI-enabled crime.

The report, from the Centre for Emerging Technology and Security (CETaS), urges the NCA to create a task force to address AI crime within the next five years.

Despite AI-enabled crime being in its early stages, the report warns that criminals are rapidly advancing their use of AI, outpacing law enforcement’s ability to respond.

CETaS claims that UK police forces have been slow to adopt AI themselves, which could leave them vulnerable to increasingly sophisticated crimes, such as child sexual abuse, cybercrime, and fraud.

The Alan Turing Institute emphasises that although AI-specific legislation may be needed eventually, the immediate priority is for law enforcement to integrate AI into their crime-fighting efforts.

An initiative like this would involve using AI tools to combat AI-enabled crimes effectively, as fraudsters and criminals exploit AI’s potential to deceive.

While AI crime remains a relatively new phenomenon, recent examples such as the $25 million Deepfake CFO fraud show the growing threat.

The report also highlights the role of AI in phishing scams, romance fraud, and other deceptive practices, warning that future AI-driven crimes may become harder to detect as technology evolves.

For more information on these topics, visit diplomacy.edu.

New Jersey criminalises the harmful use of AI deepfakes

New Jersey has become one of several US states to criminalise the creation and distribution of deceptive AI-generated media, commonly known as deepfakes. Governor Phil Murphy signed the legislation on Wednesday, introducing civil and criminal penalties for those who produce or share such media.

If deepfakes are used to commit further crimes like harassment, they may now be treated as a third-degree offence, punishable by fines up to $30,000 or up to five years in prison.

The bill was inspired by a disturbing incident at a New Jersey school where students shared explicit AI-generated images of a classmate.

Governor Murphy had initially vetoed the legislation in March, calling for changes to reduce the risk of constitutional challenges. Lawmakers later amended the bill, which passed with overwhelming support in both chambers.

Instead of ignoring the threat posed by deepfakes, the law aims to deter their misuse while preserving legitimate applications of AI.

‘This legislation takes a proactive approach,’ said Representative Lou Greenwald, one of the bill’s sponsors. ‘We are safeguarding New Jersey residents and offering justice to victims of digital abuse.’

A growing number of US states are taking similar action, particularly around election integrity and online harassment. While 27 states now target AI-generated sexual content, others have introduced measures to limit political deepfakes.

States like Texas and Minnesota have banned deceptive political media outright, while Florida and Wisconsin require clear disclosures. New Jersey’s move reflects a broader push to keep pace with rapidly evolving technology and its impact on public trust and safety.

For more information on these topics, visit diplomacy.edu.

AppLovin joins TikTok takeover frenzy

As the 5 April deadline approaches for TikTok to secure a non-Chinese buyer or face a US ban, the list of potential acquirers continues to grow.

Marketing platform AppLovin has submitted a preliminary bid to acquire TikTok’s operations outside of China, aiming to expand its footprint in the global digital advertising arena.

AppLovin’s move adds to the mounting interest in TikTok, with Amazon and a consortium led by OnlyFans founder Tim Stokely also entering the fray.

These developments come amid US government concerns over TikTok’s Chinese ownership, which officials argue poses national security risks, a claim that TikTok and its parent company, ByteDance, have consistently denied.

The White House has taken an unusually active role in facilitating the sale.

President Donald Trump indicates openness to a deal wherein China approves the transaction in exchange for relief from US tariffs on Chinese imports.

This intertwining of trade negotiations and tech acquisitions underscores the complex geopolitical landscape influencing the fate of TikTok in the US.

Private equity firm Blackstone is also evaluating a minority investment in TikTok’s US operations, potentially joining non-Chinese shareholders like Susquehanna International Group and General Atlantic in contributing fresh capital.

The future of TikTok, an app used by nearly half of all Americans, remains uncertain as the deadline looms and negotiations continue.

For more information on these topics, visit diplomacy.edu.

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.

UK government announces new cyber bill to strengthen national defences and protect critical infrastructure

The UK government has unveiled plans for a new Cyber Security and Resilience Bill aimed at enhancing the country’s ability to defend against the growing risk of cyber threats. Scheduled to be introduced later this year, the Bill forms a key part of the government’s broader strategy to protect critical national infrastructure (CNI), support economic growth, and ensure the resilience of the UK’s digital landscape.

The forthcoming legislation will focus on bolstering the cyber resilience of essential services—such as healthcare, energy, and IT providers—that underpin the economy and daily life. Around 1,000 vital service providers will be required to meet strengthened cyber security standards under the new rules. These measures are designed to safeguard supply chains and key national functions from increasingly sophisticated cyber attacks affecting both public and private sectors.

In addition, the government is considering extending cyber security regulations to over 200 data centres across the country. These centres are integral to the functioning of modern finance, e-commerce, and digital communication. By improving their security, the government hopes to safeguard services that rely heavily on data, such as online banking, shopping platforms, and social media.

If adopted, the government’s proposals include:

  • Expanding the scope of the NIS Regulations. The scope of the Network and Information Systems (NIS) Regulations would be broadened to include a wider range of organisations and suppliers. This expansion would bring data centres, Managed Service Providers (MSPs), and other critical suppliers under the regulatory framework, ensuring that more entities are held to high standards of cyber security and resilience.
  • Enhanced regulatory powers. Regulators would be equipped with additional tools to strengthen cyber resilience within the sectors they oversee. This includes new obligations for organisations to report a broader range of significant cyber incidents, enabling faster and more informed responses to emerging threats.
  • Greater Flexibility to Adapt. The government would gain increased flexibility to update the framework in line with the evolving threat landscape. This means regulations could be swiftly extended to cover new and emerging sectors, ensuring the UK remains agile in the face of dynamic cyber risks.
  • New Executive Powers for National Security. In circumstances where national security is at stake, the government would be granted new executive powers to act decisively in response to serious cyber threats.

For more information on these topics, visit diplomacy.edu.

TikTok bidding war intensifies as Amazon enters the fray

The roster of potential acquirers is expanding as the deadline for TikTok to secure a non-Chinese buyer approaches.

Amazon and a consortium led by OnlyFans founder Tim Stokely have recently expressed interest in purchasing the popular short-video platform.

The US government has set a 5 April deadline for TikTok to divest from its Chinese parent company, ByteDance, or face a ban due to national security concerns.

Stokely’s new venture, Zoop, in collaboration with the Hbar Foundation, which manages the Hedera cryptocurrency network, has submitted a late-stage bid to acquire TikTok.

Their proposal emphasises a novel ownership model to benefit creators and their communities directly.

Zoop positions itself as a mainstream, family-friendly platform, distinct from the adult-content focus of OnlyFans.

The consortium has partnered with undisclosed investors to support their bid.

Amazon has also entered the fray, confirming its interest in TikTok through a letter addressed to Vice President JD Vance and Commerce Secretary Howard Lutnick.

While Amazon has not publicly commented on the specifics, this move aligns with its longstanding ambition to establish a foothold in social media.

The tech giant previously acquired live-streaming platform Twitch and book review site Goodreads and has experimented with short-form video features akin to TikTok.

Other contenders include a group led by Oracle, with participation from venture capital firms such as Andreessen Horowitz and private equity firm Blackstone, all exploring potential investments in TikTok’s US operations.

The White House oversees negotiations, aiming to restructure TikTok into a US-based entity with Chinese ownership reduced below 20% to comply with legal requirements.

The urgency surrounding TikTok’s sale stems from a 2024 law mandating ByteDance to divest the app by 19 January, citing national security risks.

US officials have expressed concerns that ByteDance’s ownership could enable the Chinese government to conduct influence operations and collect data on American users.

As the deadline looms, TikTok’s future in the US remains uncertain, with multiple parties vying for platform control. ​

For more information on these topics, visit diplomacy.edu.

Gemini AI for kids: A new era of safe, smart learning

Google appears to be working on a child-friendly version of its Gemini AI, offering young users a safer and more controlled experience. A recent teardown of the Google app (version 16.12.39) uncovered strings referencing ‘kid users,’ hinting at an upcoming feature tailored specifically for children.

While Gemini already assists users with creating stories, answering questions, and helping with homework, this kid-friendly version is expected to include stricter content policies and additional safeguards.

Google’s existing safety measures for teens suggest that Gemini for Kids may offer even tighter restrictions and enhanced content moderation.

It remains unclear how Google plans to implement this feature, but it is likely that Gemini for Kids will be automatically enabled for Google accounts registered under a child’s name.

Given global regulations on data collection for minors, Google will reportedly process children’s data in accordance with its privacy policies and the Gemini Apps Privacy Notice.

As AI increasingly integrates into education and daily life, a safer, child-focused version of Gemini could provide a more secure way for kids to engage with technology while ensuring parental peace of mind.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.