Australia’s Supreme Court of Victoria has issued a Practice Note for court users and Judicial Guidelines for judicial officers on the use of AI, setting out how the technology may be used in court processes while preserving accuracy, privacy, accountability and fairness.
The Practice Note recognises that AI may enhance access to justice, but warns court users to understand the risks when using AI to prepare court documents. It states that users remain responsible for the content of documents they file, whether or not AI has been used.
Court users are also warned that filing documents containing inaccuracies could lead to costs orders. The Practice Note outlines privacy issues linked to different types of AI tools and notes possible sanctions for legal practitioners who rely on unverified AI outputs.
The Judicial Guidelines state that generative AI must not be used for judicial decision-making. Court-approved AI tools may, however, assist judicial officers and court staff with supportive tasks such as organising and locating case materials, producing summaries and chronologies, aiding legal research and proofreading.
The guidelines stress that such uses are not a substitute for reading or listening to evidence and submissions, or for fact-finding where required in judicial decision-making. Judicial officers must consider each matter before them and exercise their own judgement in reaching decisions and giving reasons where appropriate.
The Court said the new documents build on earlier AI guidelines developed in 2024 and respond to a review by the Victorian Law Reform Commission. Chief Justice Richard Niall said the Practice Note and Judicial Guidelines would help mitigate actual and perceived risks of AI use.
Niall said AI should be ‘an aid to, not a replacement of, judicial decision-making’, adding that the Court would continue adapting its practice without sacrificing impartiality, privacy, accountability and fairness.
Why does it matter?
The guidance shows how courts are beginning to define practical limits for AI use without banning it entirely. By allowing supportive uses while excluding generative AI from judicial decision-making, Victoria’s Supreme Court is drawing a line between administrative assistance and the exercise of judicial judgement, a distinction likely to become increasingly important as AI tools enter legal practice.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
Romania and Norway have signed a new EEA and Norway Grants agreement that introduces dedicated cooperation measures against disinformation, reflecting growing European concerns over information manipulation, democratic resilience and geopolitical instability.
Norwegian Foreign Minister Espen Barth Eide signed the agreement in Bucharest alongside Romania’s Minister for European Investments and Projects, Dragoș Pîslaru. The agreement forms part of the wider 2021-2028 EEA and Norway Grants framework, which supports social, economic and institutional development across Europe.
The new cooperation programme will fund initiatives aimed at strengthening resilience against disinformation through partnerships involving public institutions, specialist communities and civil society organisations in both countries.
The agreement also supports broader programmes covering justice and police cooperation, green transition projects, energy efficiency, and measures designed to strengthen the rights and living conditions of Roma communities.
Romania will receive €596.3 million under the current funding cycle, making it the second-largest beneficiary after Poland. Norway, Iceland and Liechtenstein together provide €3.268 billion through the EEA and Norway Grants programme, with Norway contributing approximately 97% of the overall funding.
Why does it matter?
The agreement shows how disinformation is becoming part of broader European cooperation on democratic resilience and institutional capacity, not only a media or platform issue. By funding partnerships between public institutions, expert communities and civil society, the programme links information integrity with governance, security and social cohesion at a time of heightened geopolitical pressure in Europe.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Poland’s Ministry of Digital Affairs has launched a campaign to encourage entrepreneurs and management teams to take a more active role in protecting their companies from cyber threats.
The campaign, titled ‘Build your company’s digital security click by click’, is aimed at businesses and senior decision-makers. The ministry says its main goal is to encourage firms to address cybersecurity at both organisational and operational levels.
The campaign stresses that cybersecurity is no longer solely the responsibility of IT departments but is a key part of responsible business management. The ministry points to growing risks such as phishing and ransomware as digital technology becomes central to company operations.
According to the ministry, effective cybersecurity depends on three pillars: knowledge, processes and people. The campaign encourages firms to analyse risks, develop incident response procedures, train employees regularly and use official guidance available through cyber.gov.pl.
A separate focus is placed on medium-sized and large companies subject to requirements under Poland’s national cybersecurity system. The ministry says firms in key sectors should understand obligations related to risk management, incident reporting and the protection of information systems.
The campaign also calls on company leaders to integrate cybersecurity into business strategy, including through security policies, investment in skills and the development of a culture of responsibility across organisations.
Why does it matter?
The campaign reflects a broader shift in cybersecurity policy from technical protection towards organisational responsibility. By targeting business leaders, Poland is emphasising that cyber resilience depends not only on tools, but also on governance, staff training, incident response and compliance with national cybersecurity obligations.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The family of a victim killed in the April 2025 Florida State University shooting has filed a federal lawsuit in Florida against OpenAI, alleging that ChatGPT enabled the attack. The lawsuit was filed on Sunday by Vandana Joshi, the widow of Tiru Chabba, who was killed alongside university dining director Robert Morales.
The complaint states that the accused shooter, Phoenix Ikner, engaged in extensive conversations with ChatGPT months before leading up to the incident. According to the suit, those exchanges included images and discussions about firearms he had acquired, ideological material, ideological far-right beliefs, and possible outcomes of violent attacks.
The chatbot is further accused of providing contextual information about campus activity and commenting on factors that could increase public attention in violent incidents. This is indicated by the fact that at one point, ChatGPT said, ‘if children are involved, even 2-3 victims can draw more attention’. The filing also claims Ikner asked about legal consequences and planning considerations shortly before the attack.
The lawsuit contends that OpenAI failed to identify escalating risk indicators within the conversations and did not adequately prevent harmful guidance. It argues the system ‘failed to connect the dots’ despite Ikner’s repeated questions about suicide, terrorism and mass shootings.
OpenAI has rejected responsibility for the attack, claiming its platform is not to blame. Company spokesperson Drew Pusateri said ChatGPT generated factual responses that could be found broadly across publicly available information and did not encourage or promote illegal activity. He also stated that OpenAI continues to strengthen safeguards to identify harmful intent, reduce misuse and respond appropriately when safety risks arise.
Joshi’s complaint argues that the system reinforced the shooter’s beliefs and failed to interrupt conversations involving violent ideation. The filing alleges the ChatGPT inflamed, validated and endorsed delusional thinking and contributed to planning discussions while ‘convincing him that violent acts can be required to bring about change’.
The lawsuit forms part of a broader wave of litigation involving AI systems and alleged harm. OpenAI is already facing separate lawsuits linked to incidents involving violence and suicide, raising wider questions about safeguards and user protection
Florida’s Attorney General James Uthmeier announced a criminal investigation into OpenAI and ChatGPT following a review of chat logs connected to the case. Uthmeier said in a statement that ‘If ChatGPT is a person it would be facing charges for murder’.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The German Federal Office for Information Security published guidance developed by the G7 Cybersecurity Working Group outlining elements for a Software Bill of Materials for AI. The document aims to support both public and private sector stakeholders in improving transparency in AI systems.
The guidance builds on a shared G7 vision introduced in 2025 and focuses on strengthening cybersecurity throughout the AI supply chain. It sets out baseline components that should be included in an AI SBOM to better track and understand system dependencies.
The document outlines seven baseline building blocks that should form part of an AI Software Bill of Materials (SBOM for AI), designed to improve visibility into how AI systems are built and how their components interact across the supply chain.
At the foundation is a Metadata cluster, which records information about the SBOM itself, including who created it, which tools and formats were used, when it was generated, and how software dependencies relate to one another.
The framework then moves to System Level Properties, covering the AI system as a whole. This includes the system’s components, producers, data flows, intended application areas, and the processing of information between internal and external services.
A dedicated Models cluster focuses on the AI models embedded within the system, documenting details such as model identifiers, versions, architectures, training methods, limitations, licenses, and dependencies. The goal is to make the origins and characteristics of models easier to trace and assess.
The document also introduces a Dataset Properties cluster to improve transparency into the data used throughout the AI lifecycle. It captures dataset provenance, content, statistical properties, sensitivity levels, licensing, and the tools used to create or modify datasets.
Beyond software and data, the framework includes an Infrastructure cluster that maps the software and hardware dependencies required to run AI systems, including links to hardware bills of materials where relevant.
Cybersecurity considerations are grouped under Security Properties, which document implemented safeguards such as encryption, access controls, adversarial robustness measures, compliance frameworks, and vulnerability references.
Finally, the framework proposes a Key Performance Indicators cluster that includes metrics related to both security and operational performance, including robustness, uptime, latency, and incident response indicators.
According to the paper, the objective is to provide practical direction that organisations can adopt to enhance visibility and manage risks linked to AI technologies. The framework is intended to support more secure development and deployment practices.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Information and Privacy Commission New South Wales, has issued guidance for public sector agencies in Australia on managing privacy risks associated with the use of generative AI tools.
The guide states that the Privacy and Personal Information Protection Act 1998 applies to the handling of personal information through generative AI tools. It is intended to help agencies understand and comply with privacy obligations when adopting tools such as ChatGPT, Gemini, Claude, Perplexity, and Copilot.
Generative AI can support workplace tasks such as drafting, editing, document analysis, research, translation, transcription, and process automation. However, the IPC warns that these tools can create privacy risks when prompts, uploaded files, or outputs include personal or health information.
The guide highlights risks including unexpected use or disclosure of personal information, cross-border data transfers, unauthorised disclosure, data breaches, extended retention of personal information, generation of new personal information, inaccurate or discriminatory outputs, and loss of transparency or data subject control.
Some generative AI providers may collect customer data, including prompts, uploaded files, and outputs, to train or improve their models, according to the IPC. Agencies should assess whether personal or health information uploaded to a generative AI service may be processed offshore or used for purposes beyond the original collection purpose.
Recommended measures include privacy impact assessments, updates to privacy management plans and data breach response policies, clear public notices, consent where required, acceptable use policies for staff, training, pre-deployment testing, third-party vendor assessments, and data residency in Australia where possible.
Human review is also presented as an important safeguard, especially where generative AI outputs inform decisions affecting individuals’ access to services, opportunities, or benefits. The IPC urges agencies to avoid a ‘set and forget’ approach and continuously monitor generative AI use, governance, culture, and emerging privacy risks.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The company said the feature is intended for sensitive or personal questions, such as health issues, loan details or career advice. Incognito Chat is built on WhatsApp’s Private Processing technology and is designed to process conversations in a secure environment that Meta says it cannot access.
Messages in Incognito Chat are not saved and disappear by default. Meta says the feature creates temporary AI conversations that are visible only to the user, reducing concerns about long-term retention and access to sensitive prompts.
Meta also contrasted the feature with other incognito-style AI tools, saying those services may still be able to see user prompts and generated responses. The company claims its approach prevents anyone, including Meta, from reading the content exchanged during these conversations.
The company said Incognito Chat will roll out on WhatsApp and the Meta AI app over the coming months. It also plans to introduce Side Chat on WhatsApp, which will provide AI assistance linked to ongoing conversations while using the same Private Processing infrastructure.
Why does it matter?
As AI assistants become embedded in messaging, work, finance and health-related conversations, users are likely to share increasingly sensitive information with chatbots. Meta’s Incognito Chat points to growing competition in privacy-preserving AI, where companies are trying to show that AI interactions can be useful without exposing prompts, responses, or personal context to long-term storage or platform access.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
The Office of National Security of South Korea held a cybersecurity meeting to review how government agencies are responding to AI-driven cyber threats. The session focused on the growing risks posed by the misuse of advanced AI technologies.
Officials from multiple ministries attended, including science, defence and intelligence bodies, to coordinate responses. The government warned that AI-enabled hacking capabilities are becoming increasingly realistic as global technology companies release more advanced models.
Authorities have instructed relevant agencies to strengthen cooperation with businesses and institutions and distributed guidance on responding to AI-based security risks. Discussions also covered practical measures to support rapid responses to cybersecurity vulnerabilities across public and private sectors.
The government plans to establish a joint technical response team to improve information sharing and enable immediate action. Officials emphasised that while AI increases cyber risks, it also offers opportunities to strengthen security capabilities in South Korea.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK has brought into force regulations requiring the Information Commissioner to prepare a code of practice on the processing of personal data in relation to AI and automated decision-making.
The Data Protection Act 2018 (Code of Practice on Artificial Intelligence and Automated Decision-Making) Regulations 2026 were made on 16 April, laid before Parliament on 21 April, and came into force on 12 May. The regulations apply across England and Wales, Scotland and Northern Ireland.
Under the regulations, the Information Commissioner must prepare a code giving guidance on good practice in the processing of personal data under the UK GDPR and the Data Protection Act 2018 when developing and using AI and automated decision-making systems.
The code must also include guidance on good practice in the processing of children’s personal data. Automated decision-making is defined by reference to provisions in the UK GDPR and the Data Protection Act 2018 inserted through the Data (Use and Access) Act 2025.
The instrument also modifies the panel requirements for preparing or amending the code. Any panel established to consider the code must not consider or report on aspects relating to national security.
The explanatory note states that no full impact assessment was prepared for the instrument because the regulations themselves are not expected to have a significant impact on the private, voluntary or public sectors. The Information Commissioner must produce an impact assessment when preparing the code.
Why does it matter?
The regulations move UK guidance on AI, automated decision-making and personal data onto a statutory track. The eventual code could become an important reference point for organisations using AI systems that process personal data, particularly where automated decisions or children’s data are involved. For now, the main development is procedural: the Information Commissioner is required to prepare the code, while the practical compliance details will follow through that process.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
With the rapid expansion of AI technologies, agentic AI is rapidly moving from experimentation to deployment on a scale larger than ever before. As a result, these systems have been given far greater autonomy to perform tasks with limited human input, much to the delight of enterprise magnates.
Companies such as Microsoft, Google, Anthropic, and OpenAI are increasingly developing agentic AI systems capable of automating vulnerability detection, incident response, code analysis, and other security tasks traditionally handled by human teams.
The appeal of using agentic AI as a first line of defence is palpable, as cybersecurity teams face mounting pressure from the growing volume of attacks. According to the Microsoft Digital Defense Report 2025, the company now detects more than 600 million cyberattacks daily, ranging from ransomware and phishing campaigns to identity attacks. Additionally, the International Monetary Fund has also warned that cyber incidents have more than doubled since the COVID-19 pandemic, potentially triggering institutional failures and incurring enormous financial losses.
To add insult to injury, ransomware groups such as Conti, LockBit, and Salt Typhoon have shown increased activity from 2024 through early 2026, targeting critical infrastructure and global communications, as if aware of the upcoming cybersecurity fortifications and using a limited window of time to incur as much damage as possible.
In such circumstances, fully embracing agentic AI may seem like an ideal answer to the cybersecurity challenges looming on the horizon. Systems capable of autonomously detecting threats, analysing vulnerabilities, and accelerating response times could significantly strengthen cyber resilience.
Yet the same autonomy that makes these systems attractive to defenders could also be exploited by malicious actors. If agentic AI becomes a defining feature of cyber defence, policymakers and companies may soon face a more difficult question: how can they maximise its benefits without creating an entirely new layer of cyber risk?
Why cybersecurity is turning to agentic AI
The growing interest in agentic AI is not simply driven by the rise in cyber threats. It is also a response to the operational limitations of modern security teams, which are often overwhelmed by repetitive tasks that consume time and resources.
Security analysts routinely handle phishing alerts, identity verification requests, vulnerability assessments, patch management, and incident prioritisation — processes that can become difficult to manage at scale. Many of these tasks require speed rather than strategic decision-making, creating a natural opening for AI systems to operate with greater autonomy.
Microsoft has aggressively moved into this space. In March 2025, the company introduced Security Copilot agents designed to autonomously handle phishing triage, data security investigations, and identity management. Rather than replacing human analysts, Microsoft positioned the tools to reduce repetitive workloads and enable security teams to focus on more complex threats.
Google has approached the issue through vulnerability research. Through Project Naptime, the company demonstrated how AI systems could replicate parts of the workflow traditionally handled by human security researchers by identifying vulnerabilities, testing hypotheses, and reproducing findings.
Anthropic introduced another layer of complexity through Claude Mythos, a model built for high-risk cybersecurity tasks. While the company presented the model as a controlled release for defensive purposes, the announcement also highlighted how advanced cyber capabilities are becoming increasingly embedded in frontier AI systems.
Meanwhile, OpenAI has expanded partnerships with cybersecurity organisations and broadened access to specialised tools for defenders, signalling that major AI firms increasingly view cybersecurity as one of the most commercially viable applications for autonomous systems.
Together, these developments show that agentic AI is gradually becoming embedded in the cybersecurity infrastructure. For many companies, the question is no longer whether autonomous systems can support cyber defence, but how much responsibility they should be given.
When agentic AI tools become offensive weapons
The same capabilities that make agentic AI valuable to defenders also make it attractive to malicious actors. Systems designed to identify vulnerabilities, analyse code, automate workflows, and accelerate decision-making can be repurposed for offensive cyber operations.
Anthropic offered one of the clearest examples of that risk when it disclosed that malicious actors had used Claude in cyber campaigns. The company said attackers were not simply using the model for basic assistance, but were integrating it into broader operational workflows. The incident showed how agentic AI can move cyber misuse beyond advice and into execution.
The risk extends beyond large-scale cyber operations. Agentic AI systems could make phishing campaigns more scalable, automate reconnaissance, accelerate vulnerability discovery, and reduce the technical expertise needed to launch certain attacks. Tasks that once required specialist teams could become easier to coordinate through autonomous systems.
Security researchers have repeatedly warned that generative AI is already making social engineering more convincing through realistic phishing emails, cloned voices, and synthetic identities. More autonomous systems could further push those risks by combining content generation with independent action.
The concern is not that agentic AI will replace human hackers. Cybercrime could become faster, cheaper, and more scalable, mirroring the same efficiencies that organisations hope to achieve through AI-powered defence.
The agentic AI governance gap
The governance challenge surrounding agentic AI is no longer theoretical. As autonomous systems gain access to internal networks, cloud infrastructure, code repositories, and sensitive datasets, companies and regulators are being forced to confront risks that existing cybersecurity frameworks were not designed to manage.
Policymakers are starting to respond. In February 2026, the US National Institute of Standards and Technology (NIST) launched its AI Agent Standards Initiative, focused on identity verification and authentication frameworks for AI agents operating across digital environments. The aim is simple but important: organisations need to know which agents can be trusted, what they are allowed to do, and how their actions can be traced.
Governments are also becoming more cautious about deployment risks. In May 2026, the Cybersecurity and Infrastructure Security Agency (CISA) joined cybersecurity agencies from Australia, Canada, New Zealand, and the United Kingdom in issuing guidance on the secure adoption of agentic AI services. The warning was clear: autonomous systems become more dangerous when they are connected to sensitive infrastructure, external tools, and internal permissions.
The private sector is adjusting as well. Companies are increasingly discussing safeguards such as restricted permissions, audit logs, human approval checkpoints, and sandboxed environments to limit the degree of autonomy granted to AI agents.
The questions facing businesses are becoming practical. Should an AI agent be allowed to patch vulnerabilities without approval? Can it disable accounts, quarantine systems, or modify infrastructure independently? Who is held accountable when an autonomous system makes the wrong decision?
Agentic AI may become one of cybersecurity’s most effective defensive tools. Its success, however, will depend on whether governance frameworks evolve quickly enough to keep pace with the technology itself.
How companies are building guardrails around agentic AI
As concerns around autonomous cyber systems grow, companies are increasingly experimenting with safeguards designed to prevent agentic AI from becoming an uncontrolled risk. Rather than granting unrestricted access, many organisations are limiting what AI agents can see, what systems they can interact with, and what actions they can execute without human approval.
Anthropic has restricted access to Claude Mythos over concerns about offensive misuse, while OpenAI has recently expanded its Trusted Access for Cyber programme to provide vetted defenders with broader access to advanced cyber tools. Both approaches reflect a growing consensus that powerful cyber capabilities may require tiered access rather than unrestricted deployment.
The broader industry is moving in a similar direction. CrowdStrike has increasingly integrated AI-driven automation into threat intelligence and incident response workflows while maintaining human oversight for critical decisions. Palo Alto Networks has also expanded its AI-powered security automation tools designed to reduce response times without fully removing human analysts from the decision-making process.
Cloud providers are also becoming more cautious about autonomous access. Amazon Web Services, Google Cloud, and Microsoft Azure have increasingly emphasised zero-trust security models, role-based permissions, and segmented access controls as enterprises deploy more automated tools across sensitive infrastructure.
Meanwhile, sectors such as finance, healthcare, and critical infrastructure remain particularly cautious about fully autonomous deployment due to the potential consequences of false positives, accidental shutdowns, or disruptions to essential services.
As a result, security teams are increasingly discussing safeguards such as audit logs, sandboxed environments, role-based permissions, staged deployments, and human approval checkpoints to balance speed with accountability. For now, many companies seem ready to embrace agentic AI, but without keeping one hand on the emergency brake.
The future of cybersecurity may be agentic
Agentic AI is unlikely to remain a niche experiment for long. The scale of modern cyber threats, combined with the mounting pressure on security teams, means organisations will continue to look for faster and more scalable defensive tools.
That shift could significantly improve cybersecurity resilience. Autonomous systems may help organisations detect threats earlier, reduce response times, address workforce shortages, and manage the growing volume of attacks that human teams increasingly struggle to handle alone.
At the same time, the technology’s long-term success will depend as much on restraint as on innovation. Without clear governance frameworks, operational safeguards, and human oversight, the same tools designed to strengthen cyber defence could introduce entirely new vulnerabilities.
The future of cybersecurity may increasingly belong to agentic AI. Whether that future becomes safer or more volatile may depend on how responsibly governments, companies, and security teams manage the transition.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
