cybersecurity

Russia advances draft AI regulation framework

Russia has moved forward with a draft law outlining the fundamentals of state regulation of AI technologies, with the public consultation closed on 15 April 2026. The proposal outlines a structured compliance framework to tighten oversight of AI system development and deployment nationwide.

Under the draft, AI system operators would be required to test their systems to identify potential uses that could violate Russian legislation.

The framework also introduces a classification of trusted AI models, which would be subject to formal security verification by authorised federal bodies responsible for technical intelligence countermeasures and information security.

The proposed rules also establish a certification process for quality compliance, to be carried out in accordance with procedures defined by the Russian government. These measures aim to create a multi-layered oversight system for AI security and performance in regulated environments.

The proposed framework signals a shift towards tighter state control over how AI is tested, classified, and deployed, particularly in sensitive or high-risk environments. By introducing mandatory testing, security certification and government-defined quality standards, it increases regulatory scrutiny across the AI lifecycle. 

The broader implication is a move towards more centralised governance of AI systems, where compliance and risk management become embedded requirements rather than optional best practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

Australian authorities warn of data exploitation through social media platforms

Social media and messaging services pose growing security and privacy risks, with personal data used to build profiles for fraud, espionage, or social engineering. Even routine posts may contribute to broader data collection and unintended exposure.

Platforms typically collect extensive user and device data under evolving privacy policies, sometimes storing it across jurisdictions with varying legal protections. Such conditions increase the risks to identity theft, reputational harm, and the misuse of aggregated personal information.

The Australian Government advises organisations to restrict access to official accounts, train staff, and enforce clear policies on what can be shared. It also highlights the importance of breach response procedures to maintain operational security.

For individuals, the Government guidance recommends limiting exposure of personal data, using privacy settings, avoiding unknown contacts, and applying strong authentication.

Regular updates, careful app permissions, and device security measures are also encouraged to reduce cyber risks.

Strengthening awareness and applying consistent security practices reduces vulnerability and supports more resilient organisational systems in an increasingly interconnected digital environment.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

EU launches Mediterranean digital programme to support governance, cybersecurity and skills

The European Commission has launched a digital transformation programme for countries in North Africa and the Middle East, marking the first digital initiative under the Pact for the Mediterranean.

EU aims to support inclusive and sustainable growth by improving access to digital services and strengthening regulatory alignment.

The initiative focuses on enhancing digital governance by aligning telecommunications regulations with the EU standards and strengthening national regulatory authorities. It also promotes regional cooperation by creating coordinated networks across participating countries.

Cybersecurity forms a central component, with measures designed to improve national frameworks and institutional capacity to prevent and respond to cyber threats.

Additionally, the programme advances digital skills development based on EU competency frameworks, supporting long-term capacity development.

Such an approach reflects a broader policy objective to foster regional digital integration, strengthen institutional resilience and promote secure and inclusive digital transformation across neighbouring regions.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

FBI reports billions lost to crypto and AI scams

The Federal Bureau of Investigation reports that cyber-enabled crimes cost Americans nearly $21 billion in 2025, according to its latest Internet Crime Report. The Internet Crime Complaint Center recorded more than 1 million complaints, marking a rise from the previous year.

Investment fraud, phishing, extortion, and tech support scams remained the most common threats, with older adults reporting disproportionately high losses. Individuals over 60 accounted for approximately $7.7 billion in losses, reflecting a sharp year-on-year increase.

Cryptocurrency-related fraud was the most financially damaging category, with losses exceeding $11 billion across more than 180,000 complaints. The report also highlighted emerging risks linked to AI, including deepfake identities, voice cloning, and fabricated media used to manipulate victims.

The FBI has expanded initiatives such as Operation Level Up to identify ongoing scams and reduce losses, while emphasising early reporting and awareness measures. Officials say scammers increasingly use psychological pressure and realistic digital impersonation to deceive victims.

Rising losses highlight how rapidly evolving digital fraud techniques are outpacing public awareness, with crypto and AI tools making scams more scalable and convincing.

Strengthening detection, reporting, and education will be critical to reducing financial harm and improving resilience against increasingly sophisticated online crime networks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Geneva Cyber Week to bring diplomacy, cyber policy, and AI security debates together

The United Nations Institute for Disarmament Research and the Swiss Federal Department of Foreign Affairs will co-host Geneva Cyber Week from 4 to 8 May 2026, bringing policymakers, diplomats, technical experts, industry leaders, academics, and civil society representatives to venues across Geneva and online for a week of discussions on cyber stability, resilience, governance, digitalisation, and the security implications of emerging technologies, including AI.

Returning after its inaugural edition, the event is being positioned as a response to a more fragile cyber and geopolitical environment. Held under the theme ‘Advancing Global Cooperation in Cyberspace’, Geneva Cyber Week 2026 comes at a moment of mounting cyber insecurity, intensifying geopolitical tension, and rapid technological change, with organisers framing the gathering as a space for more practical cooperation across diplomatic, technical, operational, and policy communities.

“Cybersecurity is no longer a niche technical issue; it is a strategic policy challenge with implications for international peace, economic stability and public trust. At a moment of growing fragmentation and accelerating technological change, Geneva Cyber Week brings together the communities that need to be in the room — diplomatic, technical, operational and policy — to move from shared concern to practical cooperation,” said Dr Giacomo Persi Paoli, Head of Security and Technology Programme at UNIDIR.

The programme will feature nearly 90 events and reinforce Geneva’s role as a centre for cyber diplomacy, international cooperation, and digital governance. Scheduled sessions include UNIDIR’s Cyber Stability Conference, Peak Incident Response organised by the Swiss CSIRT Forum, Digital International Geneva, the World Economic Forum Annual Meeting on Cybersecurity, and a Council of Europe session titled ‘Artificial Intelligence, Cybercrime and Electronic Evidence: Risks, Opportunities, and Global Cooperation’.

The week will also include partner-led panels, workshops, simulations, exhibitions, and networking events to connect specialist communities that do not always work in the same room. That broader structure reflects an effort to treat cyber issues not only as a technical or security matter but also as a governance, trust-building, and international-coordination challenge.

“At a time when digital threats know no borders, fostering inclusive discussions is essential to building trust, advancing common norms, and promoting a secure and open cyberspace for all. International Geneva provides an unparalleled multilateral environment to address these cybersecurity challenges collectively. Geneva Cyber Week’s diverse programme embodies this collaborative spirit,” said Marina Wyss Ross, Deputy Head of International Security Division and Chief of Section for Arms Control, Disarmament and Cybersecurity at the Swiss FDFA.

Across the city, Geneva will also mark the week visually, including flags on the Mont Blanc Bridge and special illumination of the Jet d’Eau on Monday evening. But beyond the symbolism, the event’s significance lies in how it seeks to bring cyber diplomacy, incident response, governance debates, and emerging technology risks into the same international conversation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

European Business Council in Japan holds first cybersecurity conference in Tokyo

Tokyo hosted a cybersecurity conference organised by the European Business Council in Japan (EBC) Digital Committee on 7 April. The event took place at the EU Delegation in Tokyo.

The conference was the EBC Digital Committee’s first event. It brought together experts from the public and private sectors to exchange views on cybersecurity challenges and policy developments.

Speakers included Luis Miguel Vega Fidalgo from the European Commission, Satoshi D. from Japan’s Ministry of Economy, Trade and Industry, and Amelia Alder from Knorr-Bremse. A question-and-answer session followed their presentations.

Participants continued discussions during a networking reception after the session. The Digital Committee co-chairs, Wataru Suzuki and Felix von Helden, thanked the speakers and organisers, including Peter Fatelnig from the EU Delegation to Japan.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot 

Project Glasswing unites tech firms for AI-driven cyber defence

Major technology and security companies have joined forces under Project Glasswing to defend critical software infrastructure using advanced AI. The initiative brings together organisations including AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorganChase and the Linux Foundation.

Anthropic is deploying its frontier model, Claude Mythos Preview, at the centre of the effort. The system detects complex software vulnerabilities at scale, uncovering thousands of previously unknown flaws across operating systems, browsers, and core infrastructure.

The model’s findings suggest a major shift in cybersecurity capabilities. AI systems are increasingly capable of matching or surpassing human expert performance in vulnerability discovery, raising both defensive opportunities and security risks.

Some of the flaws identified had persisted for decades, undetected by traditional testing methods.

Project Glasswing aims to convert these capabilities into a coordinated defensive advantage. Partners will use the model to scan and secure systems more efficiently, supported by $100 million in usage credits and additional funding for open-source security initiatives.

The programme also targets long-term improvements in cybersecurity standards and secure development practices.

Modern society depends on software that runs critical infrastructure, including banking systems, healthcare networks, energy grids, and communications platforms. When AI systems find vulnerabilities at scale, the balance shifts between attackers and defenders, making hidden weaknesses easier to uncover and faster to fix before exploitation.

For global infrastructure, this means cybersecurity is shifting from slow, human-driven auditing to continuous, AI-assisted defence, where speed, coordination, and secure-by-design practices become essential to maintaining stability and reducing systemic risk.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

US agencies warn of cyber intrusions into critical infrastructure systems

A joint cybersecurity advisory issued by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, and several sector-specific partners warns US organisations of an ongoing campaign by actors targeting industrial control systems across US critical infrastructure.

The activity focuses on internet-exposed operational technology (OT), particularly programmable logic controllers (PLCs), which are widely used to automate industrial processes in sectors such as energy, water and wastewater systems, and government services.

According to the advisory, the attackers are exploiting PLCs by leveraging their direct exposure to the internet. The attackers gain initial access by scanning for internet-facing PLCs and connecting through commonly used industrial communication ports. Once access is established, the actors interact with device project files and manipulate data displayed on human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems. This enables them to disrupt industrial processes in real time. In several confirmed cases, such intrusions have resulted in operational disruption and financial loss, underscoring the tangible, physical-world impact of these cyber operations.

The advisory provides a detailed set of indicators of compromise (IOCs), including specific IP addresses associated with malicious activity, along with mappings to the MITRE ATT&CK framework to help defenders contextualise tactics and techniques.

Organisations are strongly encouraged to review both current and historical network logs for signs of compromise, particularly for unusual traffic on ports commonly used by OT protocols.

The campaign appears to be part of a broader escalation in Iranian-linked cyber activity, likely tied to geopolitical tensions involving the USA and its allies. The advisory links the activity to previously identified advanced persistent threat (APT) groups associated with Iran’s Islamic Revolutionary Guard Corps (IRGC).

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

ENISA launches consultation on EU digital wallet certification

The European Union Agency for Cybersecurity (ENISA) has launched a public consultation on a draft candidate certification scheme for the EU Digital Identity (EUDI) Wallets.

The draft was developed with a dedicated ad hoc working group, and the consultation aims to gather feedback on its structure, core elements, and annexes. Responses are open until 30 April 2026.

The initiative follows the adoption of a regulation establishing the European Digital Identity Framework. The European Commission has mandated ENISA to support the certification of EUDI Wallets, including the development of a European cybersecurity certification scheme under the Cybersecurity Act.

The objective is to define cybersecurity requirements for digital identity solutions and support their consistent implementation across the EU.

In February 2026, ENISA signed a €1.6 million contribution agreement with the European Commission for two years to support the development and rollout of national certification schemes.

Funded under the Digital Europe Work Programme 2025–2027, the agreement supports capacity development, skills development, and alignment with a future European certification framework. Member states are expected to provide at least one certified EUDI Wallet by the end of 2026.

Digital identity wallets are intended to enable secure identification and the protection of personal data in both digital and physical environments.

The proposed certification scheme aims to verify compliance with cybersecurity requirements, addressing the limited use of formal certification in current wallet implementations.

The initiative carries significant regulatory weight as it translates the European Digital Identity Framework into enforceable cybersecurity standards. It ensures harmonised compliance across member states while strengthening trust, interoperability, and legal certainty within the EU’s digital identity ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Global cyber stability conference set for May 2026 in Geneva

The Cyber Stability Conference 2026 will take place on 4–5 May at the Centre International de Conférences Genève in Geneva, bringing together global stakeholders to discuss the future of ICT security and cyber governance.

Organised by the United Nations Institute for Disarmament Research, the event will run in a hybrid format during Geneva Cyber Week.

The conference comes amid growing international efforts to strengthen frameworks for responsible state behaviour in cyberspace and improve coordination on digital security challenges. It is positioned within a broader push to adapt governance systems to rapid technological change.

Discussions will focus on how cyber governance can respond to emerging technologies such as AI and quantum computing. Emphasis will be placed on aligning regulatory and security approaches with technological development to reinforce international stability.

Participants from government, academia, industry, and civil society will review past lessons, assess current risks, and explore future pathways for global ICT security governance.

Cyber stability is becoming a core pillar of global security as digital infrastructure underpins economies, governance systems, and critical services. Stronger coordination on cyber governance is essential to reducing systemic risks and ensuring technological progress does not outpace security frameworks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.