Governance, Regulation, Legislation, Geostrategies
AI explained: Why the world needs to act now
(UN News) Artificial intelligence (AI) is moving faster than governments can keep up. Just a few years ago, it could answer questions or generate text. Today, it can write computer code, analyse vast amounts of data, create realistic images and videos, help scientists discover new medicines and increasingly act on its own with little human supervision. However, while AI’s capabilities are accelerating, experts say the rules needed to ensure it is used safely as current safeguards are struggling to keep pace. That is the conclusion of the preliminary report by the UN Independent International Scientific Panel on Artificial Intelligence launched on Wednesday. It warns that the window to establish effective global governance remains open but may not stay that way for long. – https://news.un.org/en/story/2026/07/1167848
UNICEF urges child-focused AI governance
(DigWatch) UNICEF has called for child rights to be placed at the centre of AI governance, warning that children are adopting AI technologies faster than adults while safeguards struggle to keep pace. Ahead of the first Global Dialogue on AI Governance, UNICEF said AI is already reshaping childhood worldwide, creating significant opportunities alongside new risks. Based on data from 10 countries, UNICEF estimates that at least 20 million children have used AI, with adoption rates in many cases more than three times higher than among adults. – https://www.unicefusa.org/press/children-are-adopting-ai-technologies-more-three-times-faster-adults
EU launches three new digital skills academies
(DigWatch) The European Commission has launched three new Digital Skills Academies focused on AI, quantum technologies and virtual worlds. The academies were announced during Digital Skills EU Days, an annual event bringing together digital skills projects, national coalitions, policymakers, industry representatives and education organisations from across the EU. Funded under the Digital Europe Programme, the academies are intended to establish specialised training in critical technology areas and help the EU meet its Digital Decade targets. – https://digital-strategy.ec.europa.eu/en/news/three-new-academies-launched-digital-skills-eu-days
Can Frontier AI Labs Lawfully Agree to Pause?
(Nicholas Felstead – Lawfare) The Anthropic Institute recently published an essay on “recursive self-improvement” (RSI)— the prospect of a state-of-the-art artificial intelligence (AI) system that is “capable of fully autonomously designing and developing its own successor.” Anthropic stresses that we are not yet at that point of RSI, but that AI is accelerating AI development at an alarming pace. Anthropic’s essay closes with a call for a slowdown in AI development to deal with the implications of RSI. It suggests that it “would be good for the world to have the option to slow or temporarily pause frontier AI development” and that if systems existed that could verify peer company compliance, “we expect that we would slow down or temporarily pause, if other developers at or near the frontier also did so in a verifiable manner.” This is a market-leading company publicly stating that it is prepared to halt development of its most important and financially lucrative products, provided that its competitors verifiably do the same. A coordinated pause may be the most valuable safety intervention available to the industry, and it is also the form of collaboration most likely to raise antitrust concerns. – https://www.lawfaremedia.org/article/can-frontier-ai-labs-lawfully-agree-to-pause
The Handover of AI Standard-Setting
(Ignacio Cofone – Just Security) The public bodies that are supposed to set the standards for AI regulation have, for the most part, not done it yet. AI regulations on both sides of the Atlantic require providers to certify or document that their systems meet general requirements (such as accuracy, fairness, robustness, human oversight). But they leave much of the specification over what those requirements mean to bodies that have not yet produced requirements that match the systems being regulated. The European Union’s AI Act delay is a visible example. Under the Act, providers of high-risk AI systems are supposed to certify their systems against harmonized technical standards written by independent bodies in Brussels, but those bodies missed their August 2025 deadline to issue the standards, and the European Commission proposed postponing parts of the Act’s application to 2027 and 2028 because of that delay. In the meantime, providers are working out their own definitions of what compliance requires with, at most, sectoral guidance from non-AI regulators and their own interpretations of general legal requirements. The standard-setting work that the AI Act assumed public bodies and regulators would do, in other words, is being done by the companies whose systems are being regulated. This pattern, as detailed below, is not specific to the AI Act. – https://www.justsecurity.org/140955/handover-ai-standard-setting/
Hiding in Plain Sight: The Geopolitics of Software Supply Chains
(Hans Nelson – Just Security) When Anthropic announced in April 2026 a limited preview of its Claude Mythos model capable of finding and exploiting vulnerabilities at scale, government and industry immediately focused on what it could mean for cybersecurity. Mythos Preview can reportedly find and author vulnerability exploits in hours that would have previously taken weeks. The White House even viewed the capability as significant enough to re-examine aspects of its current approach to artificial intelligence oversight. But the growing focus on AI-driven vulnerability detection risks obscuring another category of threat hidden deeper within modern software ecosystems and their supply chains. Risks facing national security systems arise not only from software code vulnerabilities, but from governance structures and strategic dependencies embedded within the larger software ecosystems. This gap creates a strategic blind spot: modern defense technologies may rely on software ecosystems whose control, influence, or development pathways lie outside the visibility of traditional supply chain risk frameworks. As the next generation of defense and weapons programs come online infused with AI capabilities, defense officials should scrutinize software supply chains supporting mission-critical defense systems with the same mindset as they do physical supply chains. Software ecosystems built upon open-source dependencies should be evaluated for geopolitical risk and subjected to risk-tiered governance reviews within the defense acquisition process. This more expansive strategic software assurance review would evaluate strategic risk stemming from things like maintainer authority, dependency governance, repository control, and indicators of foreign ownership, control, or influence. Critical defense technology software supply chains should be treated as strategic infrastructure. Fortunately, adopting a more strategic view to shielding software supply chains from risk does not require new legislation or regulation. There are already regulatory regimes in place; the necessary step towards realizing the full spirit of those regimes is improving due diligence in reviewing critical defense software supply chains. These reviews should be scoped and only performed on the most critical systems, taking advantage of existing expert personnel in the acquisition program offices, supported by the contractors’ security, compliance, and product teams. – https://www.justsecurity.org/142183/hiding-geopolitics-software-supply-chains/
Japan backs domestic AI model for robotics
(DigWatch) Japan’s industry ministry has approved ¥387.3 billion in funding for a domestic AI project to develop a multimodal foundation model for physical AI systems that control robots. The initiative is part of a broader effort to strengthen Japan’s position in advanced AI technologies. The project aims to develop a foundation model that can be widely adopted by Japanese companies to support industrial automation and robotics. Officials see the initiative as a strategic effort to narrow the technology gap with the United States and China in next-generation AI. – https://www.nippon.com/en/news/yjj2026063000630/japan-to-provide-aid-for-domestic-ai-development-project.html
India launches WhatsApp chatbot for public health services
(DigWatch) India’s Union Health Minister Jagat Prakash Nadda has launched Ayushman Sarathi, a WhatsApp chatbot developed by the National Health Authority to provide round-the-clock access to services under the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana (PM-JAY), the country’s government-funded health insurance scheme. – https://dig.watch/updates/india-whatsapp-chatbot-public-health-service
Courts and Litigation
Fencing with Fourth Amendment: Unpacking the Supreme Court’s Chatrie Decision
(Michael Dreeben – Just Security) For nearly a century, the Supreme Court has wrestled with the effects of technology on the privacy interests protected by the Fourth Amendment. That Amendment prohibits unreasonable searches or seizures of persons, houses, papers, and effects. Yet it is undeniable that technological advances enable the police to pry into formerly private areas in ways unimaginable to the drafters of the Bill of Rights. Views of private property from airplanes and helicopters, electronic surveillance of telephone calls, use of infrared imaging to probe the interiors of buildings, and GPS tracking of motor vehicles, allow the government to acquire private information without the type of physical search that would have been familiar to the framers in the late eighteenth century. In a line of decisions, the Supreme Court has updated the Fourth Amendment to limit unrestrained police searches that draw on new technologies. The Court has a particular romance with cell phones, consistently finding privacy interests in the vast amount of information accessible through smart phones. This week’s decision in Chatrie v. United States continues that trend. Once again, the Supreme Court held that the Fourth Amendment requires a reasonable search, and generally requires a warrant, when the government seeks to compel the production of information from a service provider about an individual’s location generated by his phone. The decision in Chatrie is narrow and incremental, but the stakes were high. If the Court had declined to find a Fourth Amendment search, it would have opened the door to potential government surveillance of individuals’ locations as tracked by their phones without any judicial oversight. Given the near-ubiquitous use of smart phones and location-tracking apps, the government’s proposed rule — that short-term acquisition of location history did not implicate the Fourth Amendment protections — had enormous and ominous consequences. The Court rejected that concept of a Fourth-Amendment-free zone by finding that, consistent with earlier cases, individuals have a reasonable expectation of privacy about their location when tracked by their cell phone. But the Court stopped well short of saying whether any judicial warrant could issue for “geofence” information and, if so, what the warrant had to provide. Chatrie thus stands as an important but narrow reaffirmation of the Court’s determination not to let technology overwhelm all privacy expectations in the digital age. The next shoes to drop will come as the lower courts work out the details. Those courts will have to strike the balance between law enforcement needs and privacy interests in the first instance, before the issues inevitably return to the Supreme Court. – https://www.justsecurity.org/145214/chatrie-fourth-amendment-supreme-court/
Security and Surveillance
Insurance Giant Aflac Discloses Data Breach Impacting Millions
(Phil Muncaster – Infosecurity Magazine) US insurer Aflac has disclosed a major data breach after hackers managed to access highly sensitive personal and financial information. The company’s Aflac Japan subsidiary discovered the intrusion on June 25, it said in a filing with the SEC yesterday (June 30). It explained that an “unauthorized third party” had accessed certain systems between June 15 and June 25. “Although the investigation remains ongoing, Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information,” it revealed. – https://www.infosecurity-magazine.com/news/insurance-giant-aflac-data-breach/
The New Hacktivists: How Global Conflict Turned a Nuisance Into a Security Threat
(Pascal Geenens – Infosecurity Magazine) Mention hacktivism to today’s CISOs and most will roll their eyes. They might have a point. Many years after the term hacktivism was first coined, this type of cybercrime is still often viewed as a low-level threat carried out by fringe groups of frustrated digital pranksters in basements. That’s where hacktivism started, but it’s not where it is now. Hacktivism has long since mutated into a very different beast, an evolution that continues apace. It is not a risk most CISOs will put on their top five cyber worries, but it is a phenomenon they should still pay close attention to because it is heading in a dangerous direction. The turning point was the 2022 war between Ukraine and Russia. It probably helped that Russia was already a global superpower in commercial cybercrime knowhow. Hacktivist attacks surged. The main weapon of choice since then has been DDoS, cheaply rented from plentiful DDoS-for-hire services. – https://www.infosecurity-magazine.com/opinions/hacktivist-nuisance-into-a/
RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow
(Pierluigi Paganini – Security Affairs) Since February 2026, researchers at QiAnXin’s XLab have been tracking a new malware family, called RustDuck, that hijacks routers, cameras, Android set-top boxes, and exposed servers, then uses them to flood targets with junk traffic until they go offline. It’s not the biggest DDoS botnet around right now, and that’s almost beside the point. “The reason XLab flagged it is the speed at which it’s changing. The codebase is actively migrating from C to Rust, and each new variant brings meaningfully more sophisticated encryption, evasion, and communication design.” reads the report published by XLab. “Although the family’s current activity level and influence in DDoS attacks are not yet comparable to some mainstream botnets, its speed of technological evolution deserves significant attention. Research has found that the family is undergoing a comprehensive technological transition from C to Rust, and its anti-defense and traffic encryption techniques are also iterating rapidly.” – https://securityaffairs.com/194556/malware/rustduck-the-botnet-thats-still-small-but-engineering-like-it-plans-to-grow.html
(Pierluigi Paganini – Security Affairs) Adversa AI just published a survey, titled “GuardFall: a universal shell injection vulnerability in open-source AI agents,” of eleven open-source AI coding and computer-use agents, and the headline finding is uncomfortable: ten of them leave a structural gap that lets a shell bypass walk straight through their command filter. The one that doesn’t is Continue. The rest include Hermes, opencode, Goose, Cline, Roo-Code, Aider, Plandex, Open Interpreter, OpenHands, and SWE-agent, ranked by GitHub star count, roughly 548,000 combined. – https://securityaffairs.com/194546/ai/guardfall-flaw-hits-10-of-11-popular-open-source-ai-agents.html
Defense, Intelligence, Warfare
AWS launches Secret Cloud for industry’s classified workloads
(Frank Konkel – Defense One) Amazon Web Services on Tuesday announced a new cloud offering designed to run contractor-owned classified workloads, a first for the defense industrial base and select research institutions that historically have had to build and maintain costly on-premesis infrastructure to support classified programs. The AWS Secret Cloud for Industry, or ASCI, is designed to reduce the provision time for classified environments up to the Secret classification level from months to days, according to Dave Levy, vice president of AWS Public Sector. The cloud is designed for cleared U.S. defense contractors, research institutions, and other organizations in the National Industrial Security Program. “America’s defense industrial base builds the capabilities that keep this nation safe, and it’s time they have the tools to match the urgency of the mission,” Levy said. “AWS Secret Cloud for Industry puts the full power of cloud computing and AI directly into the hands of the engineers and scientists working on our most sensitive programs. Now, the defense industrial base can innovate at the speed the moment demands, using the same classified infrastructure trusted by the Department of War.” – https://www.defenseone.com/defense-systems/2026/06/aws-launches-secret-cloud-industrys-classified-workloads/414551/?oref=d1-homepage-top-story
Anduril and Amazon’s mobile data center venture aims to bring edge computing to the frontlines
(Thomas Novelly – Defense One) Amazon Web Services and Anduril are combining the tech giant’s on-site cloud computers and the defense contractor’s mobile data center to bring edge computing to the frontlines. Both have already been used during the Iran war. Anduril’s containerized command and data center, Menace-I, can now be outfitted with Amazon Web Services’s Outpost, the two companies announced Tuesday. With two people, the mobile data center “can stand up in under 10 minutes and moves by truck, rail, airlift, or helicopter sling load,” the company said in a press release. – https://www.defenseone.com/business/2026/06/anduril-and-amazons-mobile-data-center-venture-aims-bring-edge-computing-frontlines/414554/
Army using AI, robot boats for Pacific logistics
(Jennifer Hlad – Defense One) The Army’s 8th Theater Sustainment Command is using artificial intelligence “to help us make better-informed decisions” for supply chain management in the Pacific, the unit’s commander said Friday. “For logistics, a lot of what we do is very similar to what the commercial world does, and so I have leveraged, and we are leveraging commercial partners with, you know, how do they do warehouse management regionally, and then how do they look at, how do you time delivery of supplies to the location it’s needed, and kind of, what are those time-distance factors,” Maj. Gen. Gavin Gardner told reporters. “ I’m looking at partners, and I’m talking to partners that do that on a global scale, because the distances between the continental United States to the forward positions that we train or live at, like the Republic of Korea or Japan, we’re constantly looking for smarter ways to do that.” – https://www.defenseone.com/technology/2026/06/army-using-ai-robot-boats-pacific-logistics/414525/?oref=d1-featured-river-secondary
Marine Corps inks first contract for autonomous ground vehicle production
(Lauren C. Williams – Defense One) The Marine Corps will pay Overland AI $19.7 million to produce more than a dozen autonomous ground vehicles by early 2027. The vehicles, due to be delivered in about nine months, will be part of the Marine Air Defense Integrated Systems program, which is part of the service’s counterdrone approach, and support resupply missions. “Ground autonomy matters now more than ever. We’re seeing the proliferation of uncrewed ground vehicles in conflicts like the one in Ukraine, and tech maturity is really there,” Byron Boots, Overland AI’s CEO told reporters. “We’re registering extremely high demand from U.S. operational units who want to incorporate this technology into their concepts of operation.” – https://www.defenseone.com/business/2026/06/marine-corps-inks-first-contract-autonomous-ground-vehicle-production/414517/?oref=d1-homepage-river
Agentic-AI tools aim to give US commanders new target options ‘within seconds’
(Patrick Tucker – Defense One) A new agentic-AI tool set will continuously scan intelligence feeds and operational networks to provide U.S. military commanders with targeting options “within seconds,” the Pentagon announced Thursday. Dubbed Agent Network, the new tools will employ “agents”—artificial-intelligence entities that perform tasks on behalf of a user, such as running a scheduled search or executing an email campaign—to “continuously scan defense intelligence and operational systems, translating findings into clearly presented options,” said a press release, which added: “Agent Network does not autonomously select or strike targets; it ensures commanders remain in charge of every decision”. The network is one of seven “pace-setting” projects originally unveiled in January along with a new Pentagon AI strategy. Key contractors in the Agent Network effort include Lumbra and Palantir, which already handles much targeting analysis through its Maven Smart Systems contract. – https://www.defenseone.com/technology/2026/06/agentic-ai-tool-aims-give-us-commanders-new-target-options-within-seconds/414491/?oref=d1-homepage-river