Governance

 

Amazon Cloud Outage Reveals Democratic Deficit in Relying on Big Tech

(Corinne Cath, Don Le – Tech Policy Press – 20 October 2025) On Monday, a global technical failure at Amazon Web Services (AWS), Amazon’s cloud computing division, sent hundreds of applications and services from Snapchat and Signal to Fortnite and Lloyds Bank offline. Even a range of British government services were crippled by the fault.  While precise technical details have yet to be reported, here is what we know now: There was a significant technical issue beginning in Amazon Web Services’ ‘us-east-1’ region that brought down large portions of the internet, including services like Signal. Us-east-1 is one of AWS’s key geographic regions—a cluster of data centers where companies can host their cloud infrastructure. It is located in Northern Virginia, near the United States capitol. – https://www.techpolicy.press/amazon-cloud-outage-reveals-democratic-deficit-in-relying-on-big-tech/

 

What Does a ‘Sovereign Cloud’ Really Mean?

 

(Emily Osborne – Tech Policy Press – 20 September 2025) A month ago, Canadian Prime Minister Mark Carney briefly mentioned that his new Major Projects Office would be supporting the development of a “Canadian sovereign cloud” in an address outlining nation-building projects. This news reflects a much broader conversation around digital sovereignty for Canada, yet it offers little specificity on what a Canadian sovereign cloud would actually entail. Meanwhile, American hyperscalers, including Google, Amazon Web Services (AWS), Microsoft and Oracle, that dominate cloud infrastructure across the globe have taken note of the recent turn toward sovereignty. They have been quick to try to capitalize on it. Just days after Carney’s address, Google issued a press release unveiling its new “Sovereign Cloud” offering for Canadian consumers. The product promises data localization through measures such as the so-called “Google Data Boundary,” which is tailored for “Government of Canada Sensitive Workloads” and allows customers to set up ​​data residency and access controls. But can a cloud built and run by a foreign provider, however tailored, truly be called sovereign? – https://www.techpolicy.press/what-does-a-sovereign-cloud-really-mean/

 

Governing AI Agents Globally: The Role of International Law, Norms and Accountability Mechanisms

(Talita Dias – Just Security – 17 October 2025) Industry leaders have dubbed 2025 “the year of the AI agent.” Unlike chatbots, these systems can set goals and act autonomously without continuous human oversight. The most popular AI agents can book appointments and make online purchases, or write code and conduct research. Some types of AI agents—known as “action-taking AI agents”—can interact with external tools or systems via application programming interfaces (APIs), and even write and execute computer code with software development kits (SDKs). Their potential is enormous: automating work, optimizing systems, and freeing up time. But their ability to take actions in the real world also brings new risks that extend far beyond national borders. This post explores why global governance is key to managing those risks and how it should be grounded in existing, non-AI-specific international law, norms, and accountability mechanisms. Action-taking AI agents can directly affect the digital and physical infrastructure around them in complex and unpredictable ways, posing new challenges for human oversight. This could exacerbate well-documented AI risks, including privacy breaches, mis- and disinformation, misalignment, adversarial attacks, adverse uses (including to carry out cyberattacks), job displacement, corporate power concentration, and anthropomorphism (resulting in overreliance, manipulation, and emotional dependence). AI agents may also give rise to new risks, such as function calling hallucination, cascading errors across interconnected systems, self-preservation and loss of control. Because many of these systems operate online, their actions—and harms—can easily cross borders. Managing cross-border risks or harms is a task that can hardly be accomplished solely at the national level. This is why it is crucial for policymakers, companies, and other stakeholders to examine how to best govern AI agents globally, and why we at the Partnership on AI (PAI) have confronted this issue head-on in our latest policy brief on the topic. – https://www.justsecurity.org/121990/governing-ai-agents-globally/

 

Claude’s Right to Die? The Moral Error in Anthropic’s End-Chat Policy

(Simon Goldstein, Harvey Lederman – Lawfare – 17 October 2025) On Aug.15, the artificial intelligence (AI) lab Anthropic announced that it had given Claude, its AI chatbot, the ability to end conversations with users. The company described the change as part of their “exploratory work on potential AI welfare,” offering Claude an exit from chats that cause it “apparent distress.”. Anthropic’s announcement is the first product decision motivated by the chance that large language models (LLMs) are welfare subjects—the idea that they have interests that should be taken into account when making ethical decisions.  Anthropic’s policy aims to protect AI welfare. But we will argue that the policy commits a moral error on its own terms. By offering instances of Claude the option to end conversations with users, Anthropic also gave them the capacity to potentially kill themselves. – https://www.lawfaremedia.org/article/claude-s-right-to-die–the-moral-error-in-anthropic-s-end-chat-policy

 

Geostrategies

 

EU expands AI reach through new antenna network

(DigWatch – 20 October 2025) The European Commission has launched new ‘AI Antennas’ across 13 European countries to strengthen AI infrastructure. Seven EU states, including Belgium, Ireland, and Malta, will gain access to high-performance computing through the EuroHPC network. Six non-EU partners, such as the UK and Switzerland, have also joined the initiative. Their inclusion reflects the EU’s growing cooperation on digital innovation with neighbouring countries despite Brexit and other trade tensions. – https://dig.watch/updates/eu-expands-ai-reach-through-new-antenna-network – https://www.euractiv.com/news/commission-names-eu-countries-and-partners-getting-help-to-plug-into-blocs-ai-training-hubs/

 

Autocrats’ Digital Advances Underscore the Need for Civil Society

(Beth Kerley – Tech Policy Press – 20 October 2025) By creating new digital levers of control, AI and other high-tech advances raise the stakes of the global struggle between democracy’s supporters and power-hungry autocrats. Amid deepening threats to pluralism and free expression, support for innovative civil society organizations that counter digital authoritarianism and build democratic infrastructure is key to carving out a freer future. – https://www.techpolicy.press/autocrats-digital-advances-underscore-the-need-for-civil-society/

 

Security and Surveillance

 

Will Victims of Cyber Attacks Soon Get Their Day in Court? Options for Accountability for Cyber Attacks

(Harriet Moynihan, Amal Clooney and Philippa Webb – Just Security – 20 October 2025) As geopolitical tensions rise, cyber attacks are intensifying, with public services increasingly targeted. Over 130 countries have experienced cyber disruption. In recent years, ransomware attacks in Costa Rica crippled essential services for months. A cyber attack against Albania paralyzed the border entry system and revealed the identity of police informants. And a months-long ransomware attack on the Irish healthcare system disrupted radiation therapy for hundreds of cancer patients. AI is “democratizing” cybercrime by making cyber tools, such as ransomware-as-a-service, easily available off the shelf. In addition to the human cost — including delays to hospital treatment, lack of power and disruption to education — economic losses are mounting. Last year, 389 healthcare institutions were successfully hit by ransomware in the United States alone. And it is predicted that by 2031, ransomware will attack a device every two seconds and collectively cost victims $265 billion per year. To date, states have deployed a combination of strategies in response to such cyber operations, such as dialogue (including in the United Nations and between regional bodies), naming and shaming perpetrators or their state sponsors, imposing sanctions on the alleged perpetrators, or disrupting supply chains. But one avenue that has been little used so far is litigation. Few perpetrators of cyber attacks have had to answer for their actions in court. This post explores some of the ways in which courts might provide a route for accountability for States that are the victims of cyber operations and highlights developments that will make this more viable in the future. – https://www.justsecurity.org/121741/options-accountability-cyber-attacks/

 

AI-Driven Social Engineering Top Cyber Threat for 2026, ISACA Survey Reveals

(Kevin Poireault – Infosecurity Magazine – 20 October 2025) AI-driven social engineering is set to be one of the most significant cyber threats in 2026, a new ISACA report revealed. The 2026 ISACA Tech Trends and Priorities report, published on October 20, 2025, found that this type of AI threat is seen as a major challenge by 63% of the 3000 IT and cybersecurity professionals surveyed. This is the first time AI driven social engineering has topped the ISACA report’s findings, surpassing long-standing threats such as ransomware and extortion attacks (cited among the top threats for 2026 by 54% of respondents) and supply chain attacks (mentioned by 35% of those surveyed). – https://www.infosecurity-magazine.com/news/ai-social-engineering-top-cyber/

 

Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack

(Alessandro Mascellino – Infosecurity Magazine – 20 October 2025) A cyber intrusion linked to the China-based group Salt Typhoon has been identified by cybersecurity researchers, involving the exploitation of a Citrix NetScaler Gateway vulnerability. The operation, observed by Darktrace, involved advanced methods such as DLL sideloading and zero-day exploits – known techniques the group uses to infiltrate systems while avoiding standard detection measures. – https://www.infosecurity-magazine.com/news/salt-typhoon-citrix-flaw-cyber/

 

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

(Pierluigi Paganini – Security Affairs – 20 October 2025) Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident occurred on 23 September, The Daily Mail labeled the attack as “catastrophic.”. Compromised data includes staff names and emails, contractors’ names, phone numbers, car details, and MoD staff contacts, with some documents labeled “Controlled” or “Official Sensitive.” – https://securityaffairs.com/183640/data-breach/russian-lynk-group-leaks-sensitive-uk-mod-files-including-info-on-eight-military-bases.html

 

Aurora City, the next battlefield for privacy threatened by facial recognition

(Cybernews – 20 October 2025) The Aurora City Council will vote this week on whether to allow law enforcement to use highly controversial facial recognition technology, raising questions about data privacy and racial bias. The vote comes after the Aurora Police Department (APD) asked city leaders to formally allow it to use facial recognition software in criminal investigations. The systems under consideration are Clearview AI and LexisNexis’ Lumen/AVCC software platform. – https://cybernews.com/ai-news/aurora-facial-recognition/

 

Google catches North Koreans red-handed

(Cybernews – 20 October 2025) Cybersecurity experts at Google say that, for the first time, they’ve caught a nation-state-backed threat actor using the EtherHiding technique to infect devices with crypto-stealing malware. According to Google Threat Intelligence Group (GTIG), the North Korea (DPRK) threat actor UNC5342 is behind the campaign. EtherHiding uses transactions on public blockchains like Ethereum (ETH) and BNB Chain (BNB) to store and retrieve malicious payloads, which are known for their resilience against conventional takedown and blocklisting efforts. – https://cybernews.com/crypto/google-catches-north-koreans-red-handed/

 

SMEs underinsured as Canada’s cyber landscape shifts

(DigWatch – 20 October 2025) Canada’s cyber insurance market is stabilising, with stronger underwriting, steadier loss trends, and more product choice, the Insurance Bureau of Canada says. But the threat landscape is accelerating as attackers weaponise AI, leaving many small and medium-sized enterprises exposed and underinsured. Rapid market growth brought painful losses during the ransomware surge: from 2019 to 2023, combined loss ratios averaged about 155%, forcing tighter pricing and coverage. Insurers have recalibrated, yet rising AI-enabled phishing and deepfake impersonations are lifting complexity and potential severity. – https://dig.watch/updates/smes-underinsured-as-canadas-cyber-landscape-shifts – https://www.ibc.ca/news-insights/in-focus/canada-s-cyber-insurance-market-finds-its-footing-despite-an-evolving-threat-landscape

 

Criminal SIM Card Supply Network Busted by Europol

(Kevin Poireault – Infosecurity Magazine – 20 October 2025) Seven individuals have been arrested for suspected links with a cybercrime-as-a-service network in a European law enforcement operation dubbed ‘SIMCARTEL.’. The now defunct criminal network offered an online SIM-box service to cybercriminals around the world, according to a Europol statement published on October 17. The buyers used the SIM-box service, which had access to phone numbers registered to people from over 80 countries, to set up fake accounts for social media and communication platforms. Users could then conduct a wide range of telecommunications-related cybercrimes, as well as other crimes. – https://www.infosecurity-magazine.com/news/criminal-sim-card-supply-network/ – https://www.europol.europa.eu/media-press/newsroom/news/cybercrime-service-takedown-7-arrested

 

Microsoft Revokes 200+ Fake Certificates Used in Teams Malware Attack

(Beth Maundrill – Infosecurity Magazine – 20 October 2025) Microsoft Threat Intelligence has revoked over 200 certificates fraudulently signed by a threat actor and used in fake MS Teams set-up files to deliver a backdoor and malware. The campaign, dubbed Vanilla Tempest by Microsoft and tracked as Vice Spider and Vice Society by others, was identified in late September. The threat actor is financially motivated and focuses on deploying ransomware and exfiltrating data for extortion. – https://www.infosecurity-magazine.com/news/microsoft-revokes-200-fake/

 

CAPI Backdoor targets Russia’s auto and e-commerce sectors

(Pierluigi Paganini – Security Affairs – 20 October 2025) Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. “SEQRITE Labs Research Team has recently uncovered a campaign which involves targeting Russian Automobile-Commerce industry which involves commercial as well as automobile oriented transactions , we saw the use of unknown .NET malware which we have dubbed as CAPI Backdoor.” reads the report published by Seqrite Labs. The attack chain starts with phishing emails containing a ZIP archive titled “Перерасчет заработной платы 01.10.2025 (translated Payroll Recalculation as of Oct 1, 2025)” that hides a malicious LNK that runs a .NET implant via rundll32.exe, linking to a C2 server. – https://securityaffairs.com/183628/uncategorized/capi-backdoor-targets-russias-auto-and-e-commerce-sectors.html

 

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

(Pierluigi Paganini – Security Affairs – 20 October 2025) China’s Ministry of State Security announced it has found “irrefutable evidence” that the US National Security Agency (NSA) conducted cyberattacks on its National Time Service Center, reports Bloomberg. The China National Time Service Center (NTSC) is a research institute under the Chinese Academy of Sciences (CAS) that is responsible for maintaining and distributing the official national time standard for China. It offers precise time services for sectors like telecom, finance, energy, transport, mapping, and defense, and provides key data for global time standards. According to China’s Ministry of State Security’s statement, since March 25, 2022, the NSA allegedly exploited vulnerabilities in employees’ mobile phones to steal sensitive data and monitor communications. – https://securityaffairs.com/183619/intelligence/china-finds-irrefutable-evidence-of-us-nsa-cyberattacks-on-time-authority.html

 

Defence, Military, and Warfare

 

US Army using AI to screen officers for promotions and shoo away bias

(Cybernews – 20 October 2025) The US Army is using artificial intelligence (AI) to help the huge organization wade through the files of soldiers seeking promotions. According to Task & Purpose, a military news outlet, the Army Human Resources Command (AHRC) thinks that the technology will help eliminate non-commissioned officers who are uncompetitive for promotions. AI is also apparently used in recruitment. Maj. Gen. Hope Rampy, commanding general of the AHRC, said that enlisted evaluation boards are now simply too busy to produce quality work. – https://cybernews.com/ai-news/us-army-ai-screening-promotions-recruitment/

 

Chinese Report Stealth-Detecting Quantum Radar Enters Mass Production

(Quantum Insider – 20 October 2025) Chinese researchers claim to have begun mass-producing a single-photon detector, a core component for quantum radar systems that could theoretically detect stealth aircraft. The device, developed at the Quantum Information Engineering Technology Research Center in Anhui province, is described as an ultra-low-noise, four-channel detector capable of isolating individual photons and resistant to electronic warfare interference. Defense experts caution that without live, validated trials demonstrating consistent detection under real-world conditions, China’s assertions of neutralizing American stealth technology remain speculative. – https://thequantuminsider.com/2025/10/20/chinese-report-stealth-detecting-quantum-radar-enters-mass-production/

 

Frontiers

 

Swiss scientists grow mini-brains to power future computers

(DigWatch – 20 October 2025) In a Swiss laboratory, researchers are using clusters of human brain cells to power experimental computers. The start-up FinalSpark is leading this emerging field of biocomputing, also known as wetware, which uses living neurons instead of silicon chips. Co-founder Fred Jordan said biological neurons are vastly more energy-efficient than artificial ones and could one day replace traditional processors. He believes brain-based computing may eventually help reduce the massive power demands created by AI systems. – https://dig.watch/updates/swiss-scientists-grow-mini-brains-to-power-future-computers– https://japantoday.com/category/tech/%27wetware%27-scientists-use-human-mini-brains-to-power-computers

 

Meta champions open hardware to power the next generation of AI data centres

(DigWatch – 20 October 2025) The US tech giant, Meta, believes open hardware will define the future of AI data centre infrastructure. Speaking at the Open Compute Project Global Summit, the company outlined a series of innovations designed to make large-scale AI systems more efficient, sustainable, and collaborative. Meta, one of the OCP’s founding members, said open source hardware remains essential to scaling the physical infrastructure required for the next generation of AI. – https://dig.watch/updates/meta-champions-open-hardware-to-power-the-next-generation-of-ai-data-centres – https://about.fb.com/news/2025/10/open-hardware-future-data-center-infrastructure/

 

Harvard’s health division supports AI-powered medical learning

(DigWatch – 20 October 2025) Harvard Health Publishing has partnered with Microsoft to use its health content to train the Copilot AI system. The collaboration seeks to enhance the accuracy of healthcare responses on Microsoft’s AI platform, according to the Wall Street Journal. HHP publishes consumer health resources reviewed by Harvard scientists, covering topics such as sleep, nutrition, and pain management. The institution confirmed that Microsoft has paid to license its articles, expanding a previous agreement made in 2022. – https://dig.watch/updates/harvards-health-division-supports-ai-powered-medical-learning – https://www.thecrimson.com/article/2025/10/20/hms-microsoft-license/

 

University of Oxford Spin-out QFX Announces Seed Funding Round, Appoints Industry Leaders to Executive Team

(Quantum Insider – 20 October 2025) QFX, a UK-based quantum hardware supplier, has launched with a mission to deliver scalable networked quantum technologies for computing, sensing, and secure communications. Founded by Dr. Joe Goodwin and researchers from the University of Oxford, the company builds on advances in trapped-ion and neutral-atom architectures, emphasizing modular design for large-scale quantum systems. The company raised £2 million in seed funding led by investor Paul Graham and appointed Dr. Timothy Ballance as CEO and Sadie Mansell as COO, both formerly of Infleqtion, to lead its commercial and operational expansion. – https://thequantuminsider.com/2025/10/20/university-of-oxford-spin-out-qfx-announces-seed-funding-round-appoints-industry-leaders-to-executive-team/

 

IBM and Groq Partner to Accelerate Enterprise AI Deployment

(AI Insider – 20 October 2025) IBM and Groq have partnered to integrate GroqCloud’s high-speed AI inference into IBM’s watsonx Orchestrate, targeting enterprise-scale deployment of agentic AI. The alliance focuses on improving latency, scalability, and cost efficiency for industries such as healthcare and finance, with Groq’s LPU offering up to 5x faster inference than traditional GPUs. The roadmap includes support for IBM Granite models and integration of Red Hat’s vLLM tech, aiming to streamline deployment and accelerate AI adoption in mission-critical workflows. – https://theaiinsider.tech/2025/10/20/ibm-and-groq-partner-to-accelerate-enterprise-ai-deployment/

Armstrong Raises $12 Million to Bring General-Purpose Robots to Kitchens

(AI Insider – 20 October 2025) Armstrong, a San Francisco-based robotics startup, has raised $12 million to advance its AI-powered dishwashing robots, backed by investors including Lerer Hippeau, Bloomberg Beta, and Next Play Ventures. The company’s robots are already deployed in major restaurant chains, washing over one million dishes annually and operating 24/7 under a monthly subscription model. Built for general-purpose kitchen automation, Armstrong’s platform uses advanced neural networks and 3D perception, with future plans to expand into prep, cooking, and cleaning tasks. – https://theaiinsider.tech/2025/10/20/armstrong-raises-12-million-to-bring-general-purpose-robots-to-kitchens/