Privacy and data protection

Microsoft launches Copilot Cowork to automate tasks across Microsoft 365

AI is moving from assistance to execution as Microsoft introduces Copilot Cowork, a system designed to perform tasks across the Microsoft 365 environment.

Instead of simply generating text or suggestions, the feature allows users to delegate real work by describing a desired outcome.

Copilot Cowork converts requests into structured plans that run in the background. The system analyses signals from workplace tools such as Microsoft Outlook, Microsoft Teams and Microsoft Excel to understand schedules, documents and ongoing projects.

Users can approve or modify each step while the AI coordinates actions across meetings, files and messages.

Several enterprise scenarios illustrate the system’s capabilities. Cowork can reorganise calendars by analysing meetings and automatically proposing schedule changes.

It can also prepare complete briefing materials for customer meetings by collecting relevant emails, files and data before generating presentations and research summaries.

The technology also supports deeper analysis tasks. Users can request company research and receive structured outputs that include summaries, financial data and supporting documents.

In product launch planning, Cowork can compile competitive intelligence, build presentations and outline project milestones, creating a coordinated workflow for teams.

Microsoft emphasises that the system operates within enterprise security boundaries. Identity, compliance policies and data permissions remain enforced while tasks execute in a protected cloud environment.

The platform also reflects a multi-model strategy, combining Microsoft AI capabilities with Anthropic technology through the integration of the model behind Claude.

Copilot Cowork is currently available to a limited group of customers through a research preview.

Wider availability is expected later in 2026 through Microsoft’s Frontier programme as the company expands AI-driven workplace automation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Malaysia expands AI learning across universities with Google tools

AI tools from Google are now available across all public universities in Malaysia after the nationwide deployment of Gemini for Education.

An initiative that integrates AI capabilities into university systems, providing digital research and learning support to nearly 600,000 students and 75,000 faculty members.

The rollout is coordinated with the Ministry of Higher Education Malaysia as part of the country’s broader strategy to become an AI-driven economy by 2030. Universities already using Google Workspace for

Education can now access advanced tools, including NotebookLM and the reasoning model Gemini 3.1 Pro, which are designed to support research, writing and personalised learning.

Several universities are already experimenting with AI-assisted teaching. At Universiti Malaysia Perlis, lecturers have created customised AI assistants to guide students through specialised engineering courses.

Meanwhile, researchers and students at Universiti Putra Malaysia are using AI tools to improve literature reviews and academic research workflows.

Other institutions are focusing on digital literacy and AI skills.

At Universiti Malaysia Sarawak, hundreds of lecturers and students are receiving AI certifications, while training programmes are expanding across campuses.

Officials believe the combination of AI tools, training and research support will strengthen the education system of Malaysia and prepare graduates for an increasingly AI-driven economy.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Blockchain and AI security central to US cyber framework

The US National Cyber Strategy emphasises support for emerging technologies, including blockchain, cryptocurrencies, AI, and post-quantum cryptography. The strategy highlights the importance of securing digital infrastructure while advancing technological leadership.

The strategy rests on six pillars, including modernising federal networks, protecting critical infrastructure, and advancing secure technology. Specific sections reference cryptocurrencies and blockchain, noting the need to safeguard digital systems from design to deployment.

Financial systems, data centres, and telecommunications networks are identified as key components of the broader cybersecurity framework. The strategy also stresses collaboration with private-sector technology companies and research institutions to foster innovation and strengthen protections.

AI plays a central role, with measures to secure AI data centres and deploy AI-driven tools for network defence. The plan avoids direct crypto rules but signals greater integration of blockchain and cryptography into national digital infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI security risks grow as companies integrate AI into daily workflows

AI is rapidly transforming workplaces as companies automate tasks and boost productivity. From writing code to analysing documents, AI tools help employees work faster, but also introduce new AI security and compliance risks.

One of the main concerns is the handling of sensitive information. Employees may upload confidential documents, proprietary code, or customer data into AI chatbots without realising the consequences. Doing so could violate privacy regulations such as the EU’s GDPR or breach internal non-disclosure agreements, making AI security an important priority for organisations.

Another challenge is the reliability of AI-generated content. While large language models can produce convincing responses, they sometimes generate false information, which is a phenomenon known as hallucination. High-profile cases have already shown professionals submitting work with fabricated references generated by AI. Such incidents highlight the need for rigorous AI security and oversight.

Cybersecurity risks are also growing. AI systems rely on complex infrastructure that can become targets for attackers through techniques such as prompt injection, which tricks the model into producing unintended responses, or data poisoning, which involves injecting malicious data into training sets to alter behaviour or outputs. Addressing these threats requires stronger AI security practices and careful monitoring.

When adopting AI, organisations must develop clear policies, strengthen cybersecurity measures, and maintain human oversight. Taking those steps is essential to ensuring that the technology is used safely and responsibly.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Online scams rise as Parkin urges Dubai residents to stay vigilant

Dubai’s parking provider, Parkin, has warned residents to stay alert as online scams targeting digital service users continue to rise, urging people to take immediate steps to protect their digital identities.

In an advisory, the company stressed that official entities will never ask users to log in or disclose sensitive information through unsolicited messages, emails, or phone calls. The warning comes amid growing concerns about phishing attempts and other online scams targeting users of digital platforms.

Parkin said residents should exercise caution if they receive unexpected requests for personal details, passwords, or verification codes. Users are strongly advised not to respond to suspicious links, attachments, or messages from unknown sources, which are commonly used in online scams.

The operator also urged the public to verify the authenticity of communications before taking any action. Residents who are unsure about the legitimacy of a message should check official websites or contact customer service channels directly. The advice applies to messages claiming to come from Parkin or other service providers.

Authorities and service providers across the UAE have repeatedly warned that cybercriminals often impersonate trusted organisations in online scams designed to steal sensitive information. Such attacks can lead to identity theft, financial losses, or unauthorised access to personal accounts.

Parkin encouraged residents who receive suspicious communications to report them through official channels so that appropriate action can be taken. The company added that staying vigilant and safeguarding personal data remain essential to preventing online scams.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI tools linked to rise in abuse disclosures

Support organisations in the UK report that some abuse survivors are turning to AI tools such as ChatGPT before contacting helplines. Charities in the UK say individuals increasingly use AI to explore experiences and seek guidance before approaching professional support services.

The National Association of People Abused in Childhood said callers in the UK have recently reported being referred to its helpline after conversations with ChatGPT. Staff say AI is being used as an informal step in processing trauma.

Law enforcement and support groups in the UK have also recorded a rise in disclosures involving ritualistic sexual abuse. Authorities in the UK say only 14 criminal cases since 1982 have formally recognised such practices.

Police and support organisations are responding by improving training and launching specialist working groups. Officials aim to strengthen the identification and investigation of complex cases of abuse.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Codex Security expands OpenAI’s push into cybersecurity tools

OpenAI has launched Codex Security, an AI-powered application security agent that detects hard-to-find software vulnerabilities and proposes fixes through advanced reasoning. By providing detailed context about a system’s architecture, the tool identifies security risks that are often missed by conventional automation.

The system uses advanced models to analyse repositories, construct project-specific threat models, and prioritise vulnerabilities based on their potential real-world impact. By combining automated validation with system-level context, Codex Security aims to reduce the number of false positives that security teams must review while highlighting high-confidence findings.

Initially developed under the name Aardvark, the tool has been tested in private deployments over the past year. During early use, OpenAI said it uncovered several critical vulnerabilities, including a cross-tenant authentication flaw and a server-side request forgery issue, allowing internal teams to quickly patch affected systems.

The company says improvements during the beta phase significantly reduced noise in vulnerability reports. In some repositories, unnecessary alerts fell by 84 percent, while over-reported severity dropped by more than 90 percent, and false positives declined by more than half.

Codex Security is now rolling out in research preview for ChatGPT Pro, Enterprise, Business, and Edu customers. OpenAI also plans to expand access to open-source maintainers through a dedicated programme that offers security scanning and support to help identify and remediate vulnerabilities across widely used projects.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hackers can use AI to de-anonymise social media accounts

AI technology behind platforms like ChatGPT is making it significantly easier for hackers to identify anonymous social media users, a new study warns. LLMs could match anonymised accounts to real identities by analysing users’ posts across platforms.

Researchers Simon Lermen and Daniel Paleka warned that AI enables cheap, highly personalised privacy attacks, urging a rethink of what counts as private online. The study highlighted risks from government surveillance to hackers exploiting public data for scams.

Experts caution that AI-driven de-anonymisation is not flawless. Errors in linking accounts could wrongly implicate individuals, while public datasets beyond social media- such as hospital or statistical records- may be exposed to unintended analysis.

Users are urged to reconsider what information they share, and platforms are encouraged to limit bulk data access and detect automated scraping.

The study underscores growing concerns about AI surveillance. While the technology cannot guarantee complete de-anonymisation, its rapid capabilities demand stronger safeguards to protect privacy online.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU faces challenges in curbing digital abuse against women

Researchers and policymakers are raising concerns about how new technologies may put women at risk online, despite existing EU rules designed to ensure safer digital spaces.

AI-powered tools and smart devices have been linked to incidents of harassment and the creation of non-consensual sexualised imagery, highlighting gaps in enforcement and compliance.

The European Commission’s Gender Equality 2026–2030 Strategy noted that women are disproportionately targeted by online gender-based violence, including harassment, doxing, and AI-generated deepfakes.

Investigations into tools such as Elon Musk’s Grok AI and Meta’s Ray-Ban smart glasses have drawn attention to how digital platforms and wearable technologies can be misused, even where legal frameworks like the Digital Services Act (DSA) are in place.

Experts emphasise that while the EU’s rules offer a foundation to regulate online content, significant challenges remain. Advocates and lawmakers say enforcement gaps let harmful AI functions like nudification persist.

Commissioners have stressed ongoing cooperation with tech companies and upcoming guidelines to prioritise flagged content from independent organisations to address gender-based cyber violence.

Authorities are also monitoring new technologies closely. In the case of wearable devices, regulators are considering how users and bystanders are informed about recording features.

Ongoing discussions aim to strengthen compliance under existing legislation and ensure that digital spaces become safer and more accountable for all users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Data breaches push South Korea toward stricter corporate liability rules

South Korea’s government and ruling party are advancing a second revision of the Personal Information Protection Act to strengthen corporate liability for large-scale data breaches.

The proposed amendment would make it easier for victims of major data breaches to receive compensation and relief. By removing the requirement for victims to prove a company’s ‘intent or negligence’, the amendment would increase companies’ legal liability when user data is compromised, making it more likely that affected individuals can claim damages.

Momentum for stricter rules follows several high-profile incidents, including a recent Coupang data breach that may have exposed personal information linked to numerous user accounts. The case has intensified scrutiny of how firms handle and protect customer data.

South Korea Officials at the Personal Information Protection Commission (PIPC) say victims often struggle to obtain evidence explaining how data breaches occur or how damages arise. The proposed reform would shift a greater evidentiary burden onto companies in disputes over losses.

The amendment would also introduce criminal penalties for anyone who knowingly obtains or distributes leaked personal data, closing a legal gap that currently applies only to employees who unlawfully disclose information. Authorities would gain powers to issue emergency protective orders to limit the spread of compromised data.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.