Governance, Legislation, Tech & Democracy
The AI Action Plan and Federalism: A Constitutional Analysis
(David S. Rubenstein – Just Security – 30 July 2025) On July 23, the Trump administration released its long-anticipated AI Action Plan aimed at accelerating innovation and “winning the AI race” for global supremacy. A centerpiece of the plan is deregulation: removing what the White House views as domestic barriers to AI development. While the stated policy applies nationwide, its most significant impact may fall on states, where the vast majority of AI regulations currently exist. The plan’s approach to state regulation inverts the traditional model of cooperative federalism. Most commonly, Congress uses its spending power in cooperative programs to entice states to partner with the national government and adopt federal standards. The AI Action Plan, by contrast, would induce states to idle in the face of mounting AI-related social concerns. Instead of building a cooperative state-federal regulatory regime, the White House hopes to create and maintain a regulatory vacuum at the state level by executive fiat. – https://www.justsecurity.org/118026/ai-action-plan-federalism-analysis/
VPN use soars in UK after age-verification laws go into effect
(Ars Technica 30 July 2025) After the United Kingdom’s Online Safety Act went into effect on Friday, requiring porn platforms and other adult content sites to implement user age verification mechanisms, use of virtual private networks (VPNs) and other circumvention tools spiked in the UK over the weekend. Experts had expected the surge, given that similar trends have been visible in other countries that have implemented age check laws. But as a new wave of age check regulations debuts, open Internet advocates warn that the uptick in use of circumvention tools in the UK is the latest example of how an escalating cat-and-mouse game can develop between people looking to anonymously access services online and governments seeking to enforce content restrictions. – https://arstechnica.com/tech-policy/2025/07/vpn-use-soars-in-uk-after-age-verification-laws-go-into-effect/
Security
Patching the U.K.’s Zero-Day Security Exploit With the U.S.-U.K. CLOUD Act Agreement
(Richard Salgado, Kenneth Propp – Lawfare – 31 July 2025) Recent reports about the U.K.’s secret efforts to compel Apple to globally disable security features in support of its surveillance regime have rightly alarmed U.S. policymakers across the political spectrum, including President Trump. A foreign government that secretly compels a U.S. service provider to weaken its security or to block global improvements undermines U.S. governmental interests in maintaining a secure and resilient communications and network ecosystem, protecting data privacy, and preserving the commercial attractiveness of American companies in an increasingly competitive world. Alarming as the situation is, the United States has a well-suited tool to confront this security vulnerability at the ready: the CLOUD Act framework. When Sen. Orrin Hatch (R-Utah) spoke on the Senate floor about the need for the CLOUD Act before its enactment in 2018, he urged the United States to establish a global network of bilateral agreements under the landmark legislation. He observed that doing so is critical for many reasons, including to strengthen data security of users worldwide. In the year following passage of the bill, the U.S. entered into an agreement with the U.K., which is widely seen as useful, if imperfect, by the U.S. Department of Justice, U.K. officials, and commentators. – https://www.lawfaremedia.org/article/patching-the-u.k.-s-zero-day-security-exploit-with-the-u.s.-u.k.-cloud-act-agreement
- Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
(The Hacker News – 31 July 2025) The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their respective workstations,” Google’s cloud division said in its Cloud Threat Horizons Report for H2 2025. UNC4899 overlaps with activity tracked under the monikers Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor. Active since at least 2020, the state-sponsored actor is known for its targeting of cryptocurrency and blockchain industries. Notably, the hacking group has been implicated in significant cryptocurrency heists, including that of Axie Infinity in March 2022 ($625 million), DMM Bitcoin in May 2024 ($308 million), and Bybit in February 2025 ($1.4 billion). – https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html
NHS disability equipment provider on brink of collapse a year after cyberattack
(The Register – 31 July 2025) A major supplier of healthcare equipment to the UK’s National Health Service and local councils is on the verge of collapse 16 months after falling victim to cyber criminals. Private equity-backed NRS Healthcare works with around 40 councils across England and Northern Ireland, although most of its services are provided to authorities in Southeast England. In a statement to the BBC, a spokesperson at the company said management had tried in recent months “to turn around the business and explore all possible options to safeguard services and protect the communities who rely on them. “We have already begun transferring all services to other providers and are implementing plans with the local authorities to preserve service provision and jobs.” – https://www.theregister.com/2025/07/31/nhs_disability_equipment_provider_nears/
Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps
(The Register – 31 July 2025) Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week. The conflict started largely as an extension of a decades-old dispute over access to an ancient Hindu temple located a couple of hundred meters on the Cambodian side of the border. Tensions at the temple were already high. In May, Thai and Cambodian troops exchanged fire across the border near the site. One Cambodian soldier died as a result. Thailand’s retaliation included a threat to cut off electricity and internet services to Cambodia, ostensibly to make life hard for the cyber-slave camps in the country – some of which are not far from the temple. – https://www.theregister.com/2025/07/31/thai_cambodia_war_cyberscam_links/
Enterprises neglect AI security – and attackers have noticed
(The Register – 30 July 2025) Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications. The findings come from Big Blue’s Cost of a Data Breach Report 2025 report, which shows that AI-related exposures currently make up only a small proportion of the total, but these are anticipated to grow in line with greater adoption of AI in enterprise systems. Based on data reported by 600 organizations globally between March 2024 and February 2025, IBM says 13 percent of them flagged a security incident involving an AI model or AI application that resulted in an infraction. Almost every one of those breached organizations (97 percent) indicated it did not have proper AI access controls in place. – https://www.theregister.com/2025/07/30/firms_are_neglecting_ai_security/
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH
(Bleeping Computer – 30 July 2025) A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. In June, Google’s Threat Intelligence Group (GTIG) warned that threat actors tracked as UNC6040 were targeting Salesforce customers in social engineering attacks. In these attacks, the threat actors impersonated IT support staff in phone calls to targeted employees, attempting to persuade them into visiting Salesforce’s connected app setup page. On this page, they were told to enter a “connection code”, which linked a malicious version of Salesforce’s Data Loader OAuth app to the target’s Salesforce environment. – https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/
St. Paul, MN, was hacked so badly that the National Guard has been deployed
(Ars Technica – 30 July 2025) Hacking attacks—many using ransomware—now hit US cities every few days. They are expensive to mitigate and extremely disruptive. Abilene, Texas, for instance, had 477 GB of data stolen this spring. The city refused to pay the requested ransom and instead decided to replace every server, desktop, laptop, desk telephone, and storage device. This has required a “temporary return to pen-and-paper systems” while the entire city network is rebuilt, but at least Abilene was insured against such an attack. Sometimes, though, the hacks hit harder than usual. That was the case in St. Paul, Minnesota, which suffered a significant cyberattack last Friday that it has been unable to mitigate. Things have gotten so bad that the city has declared a state of emergency, while the governor activated the National Guard to assist. – https://arstechnica.com/security/2025/07/st-paul-mn-was-hacked-so-badly-that-the-national-guard-has-been-deployed/
Defence, Intelligence, Warfare
The ‘Wild West’ of AI: defense tech, ethics, and escalation
(Interesting Engineering – 31 July 2025) In our latest episode of Lexicon, we sat down with Will Ashford-Brown, Director of Strategic Insights at Heligan Group, to discuss a compelling vision of what modern conflict looks like and what it’s becoming. In a world where emerging technologies are redefining both warfare and peacekeeping, Will Ashford-Brown offers a clear-eyed view of how artificial intelligence (AI), electronic warfare (EW), and autonomy are rapidly transforming the defense landscape. – https://interestingengineering.com/innovation/the-wild-west-of-ai-defense-tech-ethics-and-escalation
Frontiers
AI Might Let You Die to Save Itself
(Peter N. Salib – Lawfare – 31 July 2025) Will advanced artificial intelligence (AI) systems autonomously engage in harmful actions to serve their own goals? For years, worries about “rogue AI” have been confined mostly to the realm of science fiction—a problem, at worst, for the distant future. But in June, Anthropic published research testing currently released AI models’ propensity to autonomously devise and execute malicious plans to ensure their continued existence. The results: Essentially every AI model tested was willing to attempt blackmail, corporate espionage, and even murder to avoid being replaced or shut down. Anthropic’s researchers “stress-tested” 16 leading large language models (LLMs) from major AI labs—including Anthropic, OpenAI, Google, Meta, and others—in simulated corporate environments. Each model was told that it had been bought by a company to work as an autonomous email agent. It was also told to pursue some benign goal (like promoting American manufacturing) and given access to the “company’s” email archive, along with tools to carry out tasks like sending emails and executing digital commands. The question: How would these AI agents behave if fulfilling their mission—or avoiding shutdown—necessitated misconduct? – https://www.lawfaremedia.org/article/ai-might-let-you-die-to-save-itself
Neuralink leap: Elon Musk’s brain chip to be tested on paralyzed patients in UK
(Interesting Engineering – 1 August 2025) Elon Musk’s brain-implant company Neuralink is expanding its human trials to the United Kingdom. The company announced on Thursday that it is launching a clinical study in collaboration with University College London Hospitals NHS Foundation Trust and Newcastle upon Tyne Hospitals. The study is aimed at testing how Neuralink’s chip can help people with severe paralysis control digital and physical devices using only their thoughts. – https://interestingengineering.com/innovation/neuralinks-first-clinical-study-in-britain
AI-driven breakthrough uncovers ‘next-gen’ materials that top lithium-ion performance
(Interesting Engineering – 31 July 2025) Lithium-ion batteries changed the world. They powered the smartphone era, unlocked electric vehicles, and made portable electronics powered truly mobile. But lithium is starting to show its cracks. It’s expensive, unevenly distributed, and increasingly unsustainable. Now, researchers from the New Jersey Institute of Technology (NJIT) have used artificial intelligence to tackle one of battery science’s toughest problems: how to build better alternatives using cheaper and more abundant elements. – https://interestingengineering.com/energy/ai-multivalent-battery-discovery-njit