Privacy and data protection

ChatGPT to Claude migration trend gains momentum

More users are exploring how to switch from ChatGPT to Claude while preserving their existing chat history and preferences. Rather than starting over with a new AI assistant, many want to migrate context and maintain continuity.

The first step is gathering your data from ChatGPT. In Settings, open Personalisation, then review the Memory section to copy any stored preferences you want to retain. You can also export your full chat history through Data Controls by selecting ‘Export Data’.

ChatGPT will generate downloadable files containing your conversations. If you prefer a lighter approach, manually copy key discussions or ask ChatGPT to summarise your main preferences, frequently discussed topics, and custom instructions.

Once your information is ready, open Claude and enable Memory under Settings and Capabilities. Start a new conversation and paste your summaries using a prompt such as ‘Here is important context about me. Please update your memory accordingly.’

After transferring the data, verify that Claude has stored the information accurately. If you plan to leave ChatGPT entirely, review and delete saved memory entries before removing your account to ensure your data is cleared.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ClawJacked flaw let attackers hijack AI agents through the browser

A high-severity vulnerability dubbed ‘ClawJacked’ has been discovered in OpenClaw, an open-source AI agent framework that lets developers run autonomous AI assistants locally.

The flaw, uncovered by Oasis Security, allowed malicious websites to silently hijack a user’s local AI agent instance and steal sensitive data, all triggered by a single browser visit.

The attack exploited OpenClaw’s local WebSocket gateway, which assumed that traffic from localhost could be trusted. A malicious website could open a WebSocket connection to the gateway, brute-force the password at hundreds of guesses per second, with no rate limiting applied to local connections, and then silently register as a trusted device without any user prompt.

Once inside, attackers gained admin-level access to the AI agent, connected devices, logs, and configuration data. Oasis Security responsibly disclosed the flaw, and OpenClaw issued a patch within 24 hours, releasing version 2026.2.26.

Security experts are urging organisations to update immediately, audit the permissions held by their AI agents, and apply strict governance policies, treating AI agents as non-human identities that require the same oversight as human users or service accounts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Why detecting deepfakes is no longer enough to stay secure

Deepfakes and injection attacks are no longer just tools for misinformation; they are now being deployed to break the identity verification systems that underpin banking, hiring, and account access.

Bad actors are targeting the critical moments when a system determines whether someone is a real person, from customer onboarding at banks to remote hiring and account recovery workflows.

Attackers exploit verification systems in two main ways: by using increasingly convincing synthetic faces and voice clones to mimic real people, and by launching injection attacks that substitute fraudulent video into the capture pipeline before it ever reaches the detection system.

According to the Entrust 2026 Identity Fraud Report, deepfakes are now linked to one in five biometric fraud attempts, with injection attacks rising 40% year-on-year.

Experts warn that detecting deepfakes alone is no longer sufficient. Enterprises must validate the whole session, including device integrity and behavioural signals, in real time.

Gartner predicts that by 2026, 30% of enterprises will no longer consider face-based identity verification reliable in isolation, given the pace AI AI-generated deepfake attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Data breach sparks outrage at Cloud Imperium among players

A data breach at British game studio Cloud Imperium has angered players worldwide after the company quietly announced the incident. Users criticised the slow disclosure and the minimal information provided about what was accessed.

The breach, which occurred on 21 January, exposed names, contact details and dates of birth from backup systems. Cloud Imperium insists no passwords, financial information or game data were compromised.

Players have expressed frustration over the company’s reassurances, arguing that even basic personal details could be used in phishing campaigns. Forums and social media quickly filled with criticism, calling the announcement hidden and inadequate.

Cloud Imperium said it acted quickly to contain the breach, refresh security settings, and monitor systems for further incidents. The studio maintains that the issue should not affect gameplay or user safety, but some users remain sceptical.

The company’s flagship game, Star Citizen, is crowdfunded and boasts millions of players. However, it has not disclosed the total number of accounts affected, leaving the community uneasy about the transparency of the response.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU launches ProtectEU counterterrorism agenda

The European Commission has unveiled a new counterterrorism agenda under the ProtectEU initiative, outlining measures to strengthen the EU’s response to evolving security threats. Officials say the strategy aims to improve preparedness, reinforce cooperation and protect citizens and businesses from emerging forms of terrorism and violent extremism.

Authorities warn that technological change is reshaping the threat landscape. Terrorist groups increasingly exploit digital tools such as social media, AI and encrypted platforms for recruitment, propaganda and fundraising.

New risks also include the potential misuse of drones, crypto-assets and 3D-printed weapons, while radicalisation of minors online has become a growing concern across Europe.

The agenda proposes stronger capabilities for anticipating threats through expanded intelligence analysis and enhanced support for Europol, including greater use of open-source intelligence. Additional research funding will explore the security implications of emerging technologies, while new initiatives aim to strengthen early prevention efforts and community engagement to counter radicalisation, particularly among young people.

Online safety forms another key priority. The Commission plans to intensify cooperation with digital platforms to remove extremist content more quickly and to strengthen enforcement of the Digital Services Act. A new EU Online Crisis Response Framework is also proposed to improve coordination between authorities and technology companies during security incidents.

Measures targeting the physical environment will focus on protecting public spaces and critical infrastructure, including investments in security projects and stronger monitoring of individuals suspected of terrorism.

The strategy also seeks to improve the tracking of terrorist financing, including through cryptocurrencies, and to expand cooperation with international partners, such as countries in the Western Balkans and the Mediterranean region.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ocado job cuts raise AI questions

Ocado has announced plans to cut 1,000 jobs from its 20,000 strong global workforce, with roles mainly affected in technology and support. The company, headquartered in Hatfield, Hertfordshire, said the move would save £150m and follows major investment in robotics and automation.

Chief executive Tim Steiner said Ocado had completed a significant phase of investment in automation, but the company declined to confirm that AI directly led to the redundancies. At its Luton warehouse, opened in 2023, human staff continue to work alongside AI powered robots.

Analysts suggested that competition has intensified as retailers in the UK, the US and Canada adopt similar AI driven systems. Some former clients in the US and Canada have invested in their own technology, reducing reliance on Ocado’s platform.

Retail experts argued that deeper structural challenges, including changing consumer expectations and cost pressures in Hertfordshire and beyond, are also at play. Local leaders in Welwyn Hatfield have requested urgent talks as the company reshapes its operating model.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Free plan users can now transfer data to Claude

Anthropic has enhanced its Claude AI chatbot to make switching from other platforms easier. Users on the free plan can now activate Claude’s memory feature, which allows them to import data from other AI platforms using a new dedicated tool.

The update ensures that users don’t have to start over when transferring context and history from competitors like OpenAI’s ChatGPT or Google’s Gemini.

The memory import option, first introduced in October for paid subscribers, now appears under ‘settings’ → ‘capabilities’ for all users. The tool lets users copy a prompt from their previous AI and paste the output into Claude, seamlessly transferring past interactions.

The recent popularity of Claude has been driven by tools such as Claude Code and Claude Cowork, as well as the launch of the Opus 4.6 and Sonnet 4.6 models. Upgrades enhance Claude’s coding, spreadsheet, and complex task capabilities, boosting its appeal to new users.

Anthropic’s visibility has also increased amid debates with the Pentagon, as the company refuses to loosen AI safeguards for military use, drawing ‘red lines’ around mass surveillance and autonomous weapons.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Chrome unveils 3-phase quantum-resistant HTTPS upgrade with Merkle Tree Certificates

Google has outlined a plan to strengthen Chrome’s HTTPS security against future quantum-computing threats. Rather than expanding traditional X.509 certificate chains in Chrome with post-quantum cryptography, the company is developing a new model based on Merkle Tree Certificates (MTCs).

The proposal from the PLANTS working group seeks to modernise the web public key infrastructure. Under the MTC model, a Certification Authority signs a single ‘Tree Head’ covering many certificates. Browsers receive a lightweight proof instead of a full certificate chain.

Google said this structure reduces authentication data exchanged during TLS handshakes while supporting post-quantum algorithms. By decoupling cryptographic strength from certificate size, the approach seeks to preserve performance as stronger security standards are adopted.

The company is already testing MTCs with real internet traffic. Phase one involves feasibility studies with Cloudflare, while phase two, in early 2027, will invite selected Certificate Transparency log operators to support initial public deployment.

By the third quarter of 2027, Google plans to establish requirements for onboarding certificate authorities to the quantum-resistant Chrome Root Store, which exclusively supports MTCs. The company described the initiative as foundational to maintaining long-term web security resilience.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Medical chatbots spark powerful debate over serious health risks and benefits

Medical chatbots are rapidly becoming part of digital healthcare as technology companies expand AI tools into health services. Companies such as OpenAI and Anthropic are introducing chatbot features designed to answer medical questions using personal data.

Medical chatbots can analyse information from medical records, wearable devices and wellness applications. By incorporating details such as prescriptions, age and prior diagnoses, they aim to provide more personalised responses than a standard internet search.

However, companies stress that these tools are not substitutes for professional medical care. They are not intended to diagnose conditions but rather to summarise results, explain terminology and help users prepare for appointments.

Supporters argue that medical chatbots can improve patient understanding. Experts from the University of California, San Francisco, note that the tools may clarify complex reports and highlight essential health trends when used responsibly.

Despite these benefits, significant limitations remain. AI systems can hallucinate or generate inaccurate advice, and users may struggle to distinguish reliable guidance from subtle errors.

Independent research reinforces these concerns. A 2024 study by the University of Oxford found that participants who used chatbots for hypothetical health scenarios did not make better decisions than those who relied on online searches or personal judgement.

Performance was strong when analysing structured written cases. Yet effectiveness declined during real-world interactions, where communication gaps affected outcomes.

Privacy presents another major issue. Medical chatbots often require users to upload sensitive health information to deliver personalised responses.

Unlike doctors and hospitals, AI companies are not bound by HIPAA, the US federal health privacy law. Although platforms state that data is stored separately and not used to train models, privacy standards differ from those in traditional healthcare.

Experts from Stanford University advise users to understand these differences before sharing medical records. Transparency and informed consent are critical considerations.

Medical chatbots are also inappropriate in emergencies. Individuals experiencing symptoms such as chest pain, shortness of breath or severe headaches should seek immediate medical attention instead of consulting AI tools.

Even in non-urgent cases, specialists recommend maintaining healthy scepticism. Consulting multiple AI systems may provide a form of second opinion, but it does not replace professional medical advice.

Medical chatbots, therefore, represent both opportunity and risk. As their capabilities expand, users must carefully weigh convenience and personalisation against accuracy, oversight and data protection concerns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chrome Gemini vulnerability allowed camera and file access

A high-severity vulnerability in Chrome’s integrated Gemini AI assistant exposed users to the potential activation of the camera and microphone, local file access, and phishing attacks. The issue, tracked as CVE-2026-0628, was disclosed by Palo Alto Networks’ Unit 42 and patched by Google in January 2026.

Gemini Live operates as a privileged AI panel embedded within the browser, capable of web page summarisation and task automation. To enable multimodal functionality, the panel is granted elevated permissions, including access to screenshots, local files, and device hardware.

Researchers identified inconsistent handling of the declarativeNetRequest API when gemini.google.com was loaded inside the AI side panel rather than a standard browser tab. While extensions could inject JavaScript in both cases, the panel context inherited browser-level privileges.

A malicious extension exploiting this distinction could hijack the trusted panel and execute arbitrary code with elevated access. Potential impacts included silent activation of a camera or microphone, screenshot capture, local file exfiltration, and high-credibility phishing attacks.

Google released a fix on 5 January 2026 following responsible disclosure. Users running the latest version of Chrome are protected, and organisations are advised to ensure updates are applied across all endpoints.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.