Privacy and data protection

New public guidance launched to promote responsible AI use in Thailand

Thailand has published a draft public guidance document to help citizens use AI safely and responsibly. The ‘AI Guide for Citizens’ outlines key AI concepts, benefits, limitations, and practical examples for users engaging with generative AI tools.

Data safety is a central focus, with officials warning against entering personal identifiers, financial data, confidential information, or government secrets into public AI platforms.

The guide also details technical risks such as AI’ hallucinations,’ prompt injection, and data poisoning, advising users to verify outputs and treat AI as a support tool rather than a decision maker.

The guidance addresses ethical and legal responsibilities, warning against using AI to generate misinformation, deepfakes, or harmful content. It emphasises fairness and bias, noting AI systems can inherit human prejudices from training data.

Citizens encountering AI-related scams or harmful content are advised to collect evidence, report incidents to cybercrime authorities, and contact Thailand’s personal data protection agency if privacy is compromised.

The draft aligns Thailand’s AI policies with national rules and international standards, including ISO governance principles and the EU AI Act. The initiative aims to boost AI literacy and safeguards as AI becomes more integrated into daily life.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Europe pressed to slow digital age-verification push amid privacy fears

Hundreds of academics urged governments to halt plans for mandatory age checks on social media, rather than accelerating deployment without assessing the risks.

The warning arrives as several European states consider restrictions on children’s access to online platforms and as companies promote verification tools such as live selfies or uploads of government-issued IDs.

Researchers argue that current systems expose people to privacy breaches, security vulnerabilities and malicious sites that ignore verification rules instead of offering meaningful protection.

They say scientific consensus has not yet formed on the benefits or harms of age-assurance technologies, making large-scale implementation premature and potentially discriminatory.

The letter stresses that any credible system would require cryptographic safeguards for every query, protecting data in transit rather than leaving identity checks to platforms without robust technical guarantees.

Academics believe such infrastructure would be complex to build globally and would create friction that many providers may refuse to adopt.

Concern escalated after early deployments in Italy and France, where verification is already mandatory.

Signatories, including Ronald Rivest and Bart Preneel, warn that governments risk introducing a socially unacceptable system that increases exposure to data misuse instead of ensuring children’s safety online.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

X rolls out Paid Partnership labels to boost creator transparency

The social media platform, X, has introduced a new ‘Paid Partnership’ label that creators can attach to posts to show when content is promotional instead of leaving audiences unsure about commercial intent.

An update that improves transparency for followers while meeting rules set by the Federal Trade Commission, which expects sponsored material to be disclosed clearly.

Creators previously relied on hashtags such as #ad or #paidpartnership instead of an integrated disclosure option. The new feature allows users to apply the label through a content-disclosure toggle either during posting or afterwards.

X’s product lead, Nikita Bier, said undisclosed promotions damage trust and weaken the platform’s integrity, so the tool is meant to support creators and regulators simultaneously.

X has been trying to build a stronger creator ecosystem by offering payouts, subscriptions and other incentives. Yet many creators still favour Instagram or YouTube over X as their primary channel, because those platforms have longer-standing monetisation tools.

The addition of a built-in label aligns X with broader industry practice and aims to regain credibility among advertisers and creators.

The company has also tightened API access, preventing programmatic replies unless a user is directly mentioned or quoted.

A change that seeks to limit LLM-generated spam instead of allowing automated responses to distort discussions or appear as fake engagement beneath sponsored content.

X hopes these combined measures will enhance authenticity around commercial posts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Non-human identities gain importance in cloud and AI security

As organisations expand across cloud environments, non-human identities are becoming a critical component of modern cybersecurity strategies. Managing machine identities and their associated secrets is increasingly central to reducing risk and improving AI-driven threat detection.

As digital infrastructure grows, machine identities function as secure access credentials for applications, services, and automated processes. Effective governance can reduce vulnerabilities, improve compliance, and streamline operations across sectors such as finance and healthcare.

Integrating non-human identities into AI security frameworks enables more contextual anomaly detection and improved visibility into network behaviour. Rather than relying solely on static scanning, organisations can adopt adaptive models that enhance predictive threat response.

Challenges remain, particularly around coordination between security, DevOps, and research teams. Gaps in collaboration and limited awareness of identity lifecycle management can create blind spots that weaken overall cyber resilience.

Automation is increasingly seen as essential for scaling non-human identity management. By automating secrets rotation, certificate renewal, and access reviews, organisations can strengthen governance while enabling security teams to focus on higher-value strategic priorities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Samsung advances AI RAN with NVIDIA breakthrough

The South Korean electronics company, Samsung, has completed a multi-cell test that brings its virtualised RAN software together with accelerated computing from NVIDIA.

A validation that took place in a realistic network environment confirms that the combined architecture is nearing commercial readiness as AI-native networks continue to evolve.

The company plans to highlight the achievement at Mobile World Congress 2026 as part of its broader push toward software-driven networks that use AI instead of fixed hardware optimisation.

Samsung will demonstrate an AI-based MIMO beamformer running on NVIDIA infrastructure, which offers operators higher throughput and improved spectral efficiency by extracting more value from existing spectrum.

NVIDIA and Samsung are also advancing a unified processor design that integrates CPU and GPU within a single chipset, enabling faster and more efficient data exchange.

Recently, Samsung integrated its vRAN software with the NVIDIA ARC Compact platform equipped with the Grace CPU and L4 GPU, taking another step toward commercial AI-RAN deployments.

The firm says that experience from large-scale vRAN rollouts and close collaboration with industry computing partners strengthens its position in delivering AI-powered network platforms for operators worldwide.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Microsoft reveals OAuth redirection abuse powering new phishing attempts

Researchers at Microsoft have identified phishing activity that abuses legitimate OAuth redirection behaviour instead of relying on credential theft.

Threat actors create malicious applications within attacker-controlled tenants and configure redirect pages that lead victims from trusted authentication domains to malware-delivery sites.

A technique that has been used against government and public-sector organisations and is designed to bypass email and browser defences by embedding URLs that appear genuine.

The attack begins with lures themed around documents, financial matters or meeting requests, each containing OAuth URLs crafted to trigger silent authentication.

Validation errors, session checks and Conditional Access evaluations provide attackers with information about session status without granting access to tokens, yet still deliver the victim to a malicious landing page.

Once redirected, victims encounter phishing frameworks or are served ZIP files containing shortcut files and HTML-based loaders. These PowerShell commands launch system discovery and extract files used for DLL side-loading.

Executing a legitimate process allows a malicious DLL to load unseen, decrypt the final payload and establish a connection to a remote command-and-control server for hands-on keyboard activity.

Microsoft Entra has removed identified malicious OAuth applications, although related activity continues to appear.

Microsoft emphasises that OAuth redirection follows standards such as RFC 6749 and RFC 9700, meaning attackers cannot exploit normal protocol behaviour instead of software vulnerabilities.

Stronger governance of OAuth applications, tighter consent controls and cross-domain monitoring are required to prevent trusted authentication flows from being turned into delivery paths for phishing and malware.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU pressures Meta over alleged smart glasses privacy breaches

Lawmakers in the European Parliament are pressing the European Commission for clarity after reports that Meta’s smart glasses recorded people in intimate moments without their knowledge.

Concerns intensified when Swedish outlets reported that Ray-Ban AI glasses captured and uploaded sensitive footage in violation of strict consent requirements under the EU’s General Data Protection Regulation.

The reports indicate that personal data from EU users was sent to Sama, a third-party contractor, in Kenya for human review. Annotators working there said they viewed images of individuals changing clothes and believed the recordings were taken without consent.

They added that Meta’s attempts to blur faces or apply other safeguards failed often enough to expose identifiable material instead of ensuring proper anonymisation.

EU privacy law requires clear information and consent before collecting and processing personal data, and additional safeguards when exporting data to countries without recognised adequacy status.

Kenya is still negotiating such recognition with the Commission, meaning contractual protections would be necessary.

The Irish Data Protection Commission, responsible for Meta’s GDPR oversight, has been contacted amid questions about whether Meta complied with EU requirements.

Lawmakers also want the Commission to examine whether proposed changes in the Digital Omnibus package could dilute privacy protections rather than strengthen them.

Critics argue the reforms might ease data-use rules for AI training at a moment when allegations about Meta’s smart glasses have intensified scrutiny of the EU’s broader digital policy agenda.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK launches consultation on possible social media ban for under-16s

Britain has opened a public consultation examining whether children under 16 should face restrictions or a potential ban on social media use. Young people, parents and educators are being invited to share views before ministers decide on future policy.

Officials are considering several options beyond a full ban, including disabling addictive platform features, introducing overnight curfews, regulating access to AI chatbots, and tightening age verification rules. Pilot schemes will test proposed measures to gather practical evidence on their effectiveness.

The debate follows international momentum after Australia introduced restrictions on under-16 access to major platforms, with Spain signalling similar intentions. Political parties, charities and campaigners remain divided over whether bans or stronger safety regulations offer better protection.

Children’s organisations warn blanket prohibitions could push young users towards less regulated online spaces, creating a ‘false sense of security’. Researchers and policymakers instead emphasise improving platform safety standards while allowing young people to socialise and express themselves online responsibly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI helps scientists translate thoughts into speech and images

Breakthroughs in AI and neuroscience are bringing researchers closer to translating human thoughts into words, offering new communication tools for people living with paralysis or severe speech disorders. Experiments with implanted brain electrodes have enabled patients to produce sentences simply by imagining speech.

Machine learning systems analyse neural signals captured from small electrode arrays placed in speech-related brain regions, converting activity into text at increasing speed and accuracy. Recent trials achieved communication rates approaching practical conversation while also capturing tone, rhythm and emotional expression.

Scientists have begun detecting ‘inner speech’, identifying silent counting or imagined phrases without physical attempts to speak. Findings suggest thinking and speaking rely on overlapping neural networks, although spontaneous thoughts remain difficult to decode reliably.

Beyond language, researchers are reconstructing images, music and sensory experiences from brain scans using generative AI models. Studies analysing visual and auditory processing reveal how different brain regions encode perception, opening possibilities for studying hallucinations, dreams and animal cognition.

Technology companies, including Neuralink, are pushing brain-computer interfaces toward commercial use, though current systems sample only a tiny fraction of the brain’s billions of neurons. Experts believe widespread applications such as natural speech restoration or even brain-to-brain communication may emerge within the next two decades, alongside growing ethical debates around privacy and mental autonomy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Does politeness improve AI responses

Research suggests that being polite to AI chatbots such as ChatGPT does not reliably improve accuracy, despite widespread belief to the contrary. Experiments testing flattery, encouragement and even insults found inconsistent results across different large language models.

Experts in the US say many prominent engineering myths have faded as AI systems have improved. Minor wording changes, such as adding ‘please’ or ‘thank you’, are unlikely to influence mainstream generative AI tools consistently.

Computer scientists argue that users should treat AI as a tool rather than a person. Techniques that do work include asking for multiple options, providing concrete examples and requesting step-by-step clarification before generating a final response.

Researchers also warn that role playing can reduce accuracy when a question has one correct answer, potentially increasing hallucinations. For creative tasks, however, role play and iterative questioning can still be effective when used carefully.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.