Governance, Regulation, and Legislation

EU AI Act enforcement begins, reshaping startup compliance landscape

(DigWatch) The first enforcement provisions of the EU AI Act entered into force on 2 February 2025, marking a turning point for Europe’s AI startup ecosystem. The initial phase targets ‘unacceptable risk’ systems, including social scoring, real-time biometric surveillance in public spaces, and manipulative AI practices. Under the regulation, penalties can reach €35 million or 7% of global annual turnover, whichever is higher. Although the current enforcement covers only prohibited practices, the move signals that Europe’s AI rulebook is now operational rather than theoretical. – https://dig.watch/updates/eu-ai-act-enforcement-startups

How to get AI democratization right

(Isaac Sacolick – CIO) One primary IT objective is to reduce the complexity of using technology to empower business teams to continuously improve operations. In doing so, CIOs help departments become more customer-focused, efficient, and data-driven by leveraging their expertise to define their technical operations, often without IT’s direct involvement. This democratization of technology and data now extends to AI capabilities, including copilots, language models, and AI agents. The question is whether CIOs, CISOs, and CDOs will get the right balance between capability and governance; innovation and security. “Generative AI is shifting technical skills from IT teams into everyday business roles, allowing customer experience and operations leaders to pull important insights from customer data without relying on engineers,” says Daniel Ziv, global VP of AI and analytics at Verint. “Agentic AI speeds this change even more by automating how insights are found and acted on, reducing the time from decision to action from weeks to hours.” – https://www.cio.com/article/4136302/how-to-get-ai-democratization-right.html

Digital Sovereignty: Why Tech Execs Must Act Now

(CDO Trends) As global tensions continue to rise and cloud adoption accelerates, digital sovereignty has become a board-level topic. Tech execs must now modernize infrastructure, protect autonomy, ensure compliance, and manage geopolitical risk at the same time. As we outlined in a recent report, 2025 showed a clear trend: Digital sovereignty is reshaping public cloud strategy across all major regions and industries. Tech execs who delay may face growing operational and regulatory challenges. – https://www.cdotrends.com/story/4912/digital-sovereignty-why-tech-execs-must-act-now?refresh=auto

Global AI data center boom hits delays

(Amy Harder – Axios) As many as half of the world’s data center projects slated to come online this year could face delays, according to a report issued Tuesday. Why it matters: It’s a sign of mounting collisions in the AI race — from power constraints and grid equipment shortages to rising community opposition. The big picture: As tech giants sprint to build AI infrastructure, the physical — and political — limits of the power system are starting to bite. State of play: Up to 11 gigawatts of 2026 capacity “remains in the announced stage with no signs of construction,” per the report by Sightline Climate, a data intelligence firm. –  https://www.axios.com/2026/02/24/ai-data-center-boom-projects-numbers

Geostrategies

US tech giants eye Wales for major AI investment

(DigWatch) American technology firms are increasingly looking to Wales as a destination for AI investment and data infrastructure. Strong inward investment figures and expanding growth zones are putting the nation firmly on the technology map. Last year Wales secured £4.6bn in global investment across 65 foreign direct investment projects, marking a 23 per cent rise year on year. Thousands of jobs were created or safeguarded, outperforming many other UK regions. – https://dig.watch/updates/us-tech-giants-eye-wales-for-major-ai-investment

America’s Digital Empire Has a Trust Problem

(Kat Duffy – Council on Foreign Relations) Over the past few decades, three U.S. companies—Amazon Web Services, Microsoft Azure and Google Cloud—have quietly amassed control over nearly two-thirds of global cloud infrastructure services. It is an ad hoc American empire, built through commercial logic rather than grand strategy and answering to shareholders rather than voters or bureaucrats. The internet was built for decentralization, designed to route around damage and resist single points of failure or control. Nonetheless, a combination of convenience, cybersecurity and cost have driven most of the world onto a handful of platforms, positioning them as “hyperscalers”—great powers of digital infrastructure that operate across more countries than most international organizations. As the footprint of these hyperscalers has increased, policymakers in Washington have found ways to serve U.S. foreign policy goals by weaponizing this digital infrastructure. In response, other nations have increasingly sought to reduce their dependence on the U.S. for their critical digital infrastructure. Technologically, their task is herculean. But one year into President Donald Trump’s second term, the sense of urgency driving their efforts has grown palpable. – https://www.cfr.org/articles/americas-digital-empire-has-a-trust-problem

Defence and Intelligence

Toxins are an escalating global threat. Here’s how governments should respond

(Asha M. George, John “J.T.” O’Brien – Atlantic Council) Prominent in recent assassinations, terrorist plots, nation-state research programs, and lethal accidents, toxins are not a danger relegated to the past but persist as a current threat. And the risk is expanding, as toxins remain accessible, difficult to detect and attribute, and potentially easier to weaponize due to advances in artificial intelligence. Governments must prioritize toxin biodefense, investing in biological attribution, rapid diagnostics, and biosurveillance to detect and respond to intentional, accidental, and natural toxin exposures. – https://www.atlanticcouncil.org/dispatches/toxins-are-an-escalating-global-threat-heres-how-governments-should-respond/

Security and Surveillance

Phishing operation with links to Russia, Armenia compromised Western cargo companies, researchers find

(James Reddick – The Record) Researchers have uncovered and taken down the infrastructure of a phishing operation run by Russian cybercriminals targeting freight companies in the U.S. and Europe. Over a five-month period, the group, dubbed Diesel Vortex, stole more than 1,600 login credentials from accounts at logistics platforms, which allowed thieves to intercept and divert freight shipments and commit check fraud. The researchers with the domain protection platform Have I Been Squatted discovered an exposed .git directory, which revealed the ins and outs of the operation, including messages sent between the cybercriminals. – https://therecord.media/phishing-operation-russia-armenia-targeting-us-european-cargo

UAE claims it stopped ‘terrorist’ ransomware attack

(Jonathan Greig – The Record) The United Arab Emirates said it stopped a ransomware attack this weekend that allegedly targeted the country’s digital infrastructure. The country’s Cyber Security Council published a statement on Saturday that said they “successfully thwarted organized cyberattacks of a terrorist nature that targeted the country’s digital infrastructure and vital sectors in an attempt to destabilize the nation and disrupt essential services.”. “The Council indicated that the attacks included attempts to infiltrate networks, deploy ransomware, and conduct systematic phishing campaigns targeting national platforms,” the council said. It did not respond to requests for comment. – https://therecord.media/uae-claims-it-stopped-terrorist-ransomware-attack

Moscow man accused of posing as FSB officer to extort Conti ransomware gang

(Daryna Antoniuk – The Record) A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB), according to local media reports. Russian outlet RBC, citing sources familiar with the investigation, reported on Wednesday that the suspect, Ruslan Satuchin, allegedly presented himself as an FSB officer and demanded a large payment from Conti members in exchange for avoiding criminal prosecution. The scheme allegedly began in September 2022, when Satuchin contacted one of Conti’s members and claimed to have influence over law enforcement activities targeting the group, the sources said. – https://therecord.media/moscow-man-accused-of-extorting-conti-gang

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

(Pierluigi Paganini – Security Affairs) The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S., Canada, and the U.K., its platform analyzes listings to identify good deals and provides tools for pricing, dealer reviews, and vehicle history. The site attracts around 40 million monthly visitors and is publicly traded, making it a major player in online car shopping and automotive research. In February 2026, CarGurus suffered a data breach that exposed personal information, including emails, account IDs, finance applications, dealer info, names, phone numbers, addresses, IPs, and auto finance application results after a failed extortion attempt. – https://securityaffairs.com/188491/cyber-crime/shinyhunters-cyberattack-on-cargurus-impacts-12-4-million-users.html

VMware Aria Operations flaws could enable remote attacks

(Pierluigi Paganini – Security Affairs) Broadcom has released security updates to address multiple vulnerabilities affecting VMware Aria Operations. VMware Aria Operations is an IT operations management platform that helps organizations monitor and optimize virtual, cloud, and hybrid environments. It provides performance monitoring, capacity planning, automated alerting, and cost analysis, giving IT teams greater visibility and control over infrastructure to ensure efficiency, reliability, and compliance. The most severe of the flaws is a command injection vulnerability, tracked as CVE-2026-22719 (CVSS 8.1), which an unauthenticated attacker can exploit remotely. – https://securityaffairs.com/188445/security/vmware-aria-operations-flaws-could-enable-remote-attacks.html

Malicious NuGet Package Targets Stripe Developers

(Alessandro Mascellino – Infosecurity Magazine) A malicious NuGet package designed to mimic Stripe’s official .NET library has been uncovered by cybersecurity researchers, marking a shift in tactics from earlier cryptocurrency-focused campaigns to the broader financial sector. The package, named StripeApi.Net, impersonated Stripe.net, the legitimate helper library used to integrate Stripe payments into Microsoft .NET applications. With more than 74 million downloads, Stripe.net is widely adopted by developers building payment, billing and subscription systems. This made the malicious package particularly dangerous. – https://www.infosecurity-magazine.com/news/malicious-nuget-package-stripe-devs/

Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days

(Phil Muncaster – Infosecurity Magazine) A former senior executive at a US defense contractor has been handed an 87-month jail term after selling zero-day exploits to a Russian broker. Australian national Peter Williams, 39, is the former general manager of L3Harris cyber-division Trenchant – a company that develops digital surveillance tools for Five Eyes agencies. In addition to the jail term, he was ordered to serve three years of supervised release with special conditions, to forfeit $1.3m, cryptocurrency, a house, and luxury items including watches and jewelry. – https://www.infosecurity-magazine.com/news/defense-contractor-boss-7-years/

ICO’s £14m Reddit Fine Highlights Age Check Privacy Concerns

(Phil Muncaster – Infosecurity Magazine) The UK’s Information Commissioner’s Office (ICO) has issued a multimillion-pound fine to Reddit for GDPR non-compliance, but experts have warned that its rules pose a risk to user security and privacy. The UK’s data protection regulator said on February 24 that its £14.47m ($19.6m) fine was levied for two main reasons. First, Reddit failed to put “robust” age verification measures in place, which meant it did not have a lawful basis for processing the personal information of children under the age of 13. – https://www.infosecurity-magazine.com/news/icos-14m-reddit-fine-age-check/

Cost of Insider Incidents Surges 20% to Nearly $20m

(Phil Muncaster – Infosecurity Magazine) Employee negligence driven by shadow AI cost organizations more than any other type of insider risk last year, accounting for 53% of the $19.5m lost on average per business, according to DTEX. The security vendor’s Cost of Insider Risks 2026 report was produced by the Ponemon Institute and based on interviews with 8750 IT and security practitioners in 354 global organizations. Malicious incidents such as sabotage, data theft, fraud and unauthorized disclosure accounted for 27% ($4.7m) of the total lost to insider risks last year, DTEX claimed. – https://www.infosecurity-magazine.com/news/cost-of-insider-incidents-surges/

Multifaceted Phishing Scheme Deceives Bitpanda Customers

(Alessandro Mascellino – Infosecurity Magazine) A sophisticated phishing campaign impersonating cryptocurrency brokerage Bitpanda has been uncovered by cybersecurity researchers. The operation, detailed in a new advisory by the Cofense Phishing Defense Center, combines credential theft with extensive personal data harvesting, using a near-perfect replica of the legitimate platform to deceive users. As cryptocurrency adoption increases, so does criminal interest. Analysts at Cofense said this latest campaign goes beyond typical login harvesting by guiding victims through a staged, fake multi-factor authentication (MFA) process designed to collect multiple forms of personally identifiable information. – https://www.infosecurity-magazine.com/news/bitpanda-mfa-phishing-scheme/

The cyberattack scenarios that keep officials up at night

(Sam Sabin – Axios) As artificial intelligence accelerates, so does the prospect of a cyberattack powerful enough to shut down hospitals, black-out cities and disrupt core government systems. Why it matters: Just by scaling and accelerating the cyberwarfare tools adversaries already have, AI can turn manageable intrusions into large-scale crises. Axios asked seven former senior cybersecurity officials and leading security experts what a major AI-enabled cyberattack would look like and what worries them the most about current advancements in generative AI. The big picture: Several of the experts pointed to the vulnerability of utilities, particularly water and electricity. Former Defense Secretary Leon Panetta worries AI tools will speed up the ability of adversaries to burrow into sensitive systems and turn off the lights — and potentially to also disable backup systems to prevent a timely recovery. Gen. Paul Nakasone, former head of the NSA and Cyber Command, raised the possibility that a nation-state that has breached systems critical to supplies of food and water could trigger an outage accidentally, if they lose control of an AI agent. Chinese government-linked hackers are known to have accessed U.S. critical infrastructure systems. But nation-states know the risks of attacking the U.S. directly, Nakasone said: “The United States is going to respond and they’re not going to respond necessarily only in cyberspace.” – https://www.axios.com/2026/02/24/cyberattack-risk-scenarios-experts

Frontiers and Markets

New Relic launches new AI agent platform and OpenTelemetry tools

(TechCrunch) Companies are increasingly launching software to build and monitor AI agents in an effort to get enterprises to adopt AI. New Relic is no different. As the data observability company launches an AI agent platform of its own, it knows it isn’t the only game in town. New Relic on Tuesday unveiled a no-code agentic platform that lets enterprises put together data observability AI agents that monitor a company’s data to catch bugs and issues before they disrupt products. Called New Relic Agentic Platform, it lets companies deploy prebuilt agents and manage existing bots as well. – https://techcrunch.com/2026/02/24/new-relic-launches-new-ai-agent-platform-and-opentelemetry-tools/

UK Justice Secretary pushes expanded AI use in courts to tackle backlogs

(DigWatch) Justice Secretary and Deputy Prime Minister David Lammy has signalled plans to increase the use of artificial intelligence (AI) across the justice system in England and Wales, advocating digital modernisation as a key tool to reduce longstanding court delays and administrative burdens. – https://dig.watch/updates/uk-justice-secretary-pushes-expanded-ai-use-in-courts-to-tackle-backlogs

From Radiology to Drug Discovery, Survey Reveals AI Is Delivering Clear Return on Investment in Healthcare

(NVIDIA) AI is accelerating every aspect of healthcare — from radiology and drug discovery to medical device manufacturing and new treatment methods enabled by digital twins of the human body. NVIDIA’s second annual “State of AI in Healthcare and Life Sciences” survey report reveals how the industry is moving from AI experimentation to execution, reaping return on investment (ROI) on core applications like medical imaging and drug discovery. The industry is also embracing open source software and AI models to tackle specific use cases, as well as exploring using agentic AI to speed knowledge retrieval and research paper analysis. – https://blogs.nvidia.com/blog/ai-in-healthcare-survey-2026/

ŌURA Launches Its First Proprietary AI Model to Deliver Personalized, Clinically Grounded Women’s Health Guidance

(Business Wire) ŌURA, maker of the world’s leading smart ring, today announced its first-ever proprietary large language model designed for women’s health. Rolling out for testing in Oura Labs, the new model within the Oura Advisor experience draws from a broad foundation of established medical standards, research, and knowledge sources reviewed by ŌURA’s in-house team of board-certified clinicians and women’s health experts, and integrates biometric signals and long-term trends to deliver personalized, evidence-based guidance. Clinically informed and rigorously vetted, the model supports questions spanning the full reproductive health spectrum, from early menstrual cycles through menopause. Customized to reflect women’s unique physiology and lived health experiences, it marks a significant evolution in ŌURA’s approach to AI—shifting from applying general-purpose AI tools toward more personalized, empathetic, and clinically informed conversations designed for specific health use cases. – https://www.businesswire.com/news/home/20260224023927/en/URA-Launches-Its-First-Proprietary-AI-Model-to-Deliver-Personalized-Clinically-Grounded-Womens-Health-Guidance

Detecting the “scent” of ovarian cancer with AI

(News Medical Life Sciences) Using machine learning, an electronic nose can “smell” early signs of ovarian cancer in the blood. The method is precise and, according to the LiU researchers behind the study, it could eventually be used to find many different cancers. The study is published in the scientific journal Advanced intelligent systems. – https://www.news-medical.net/news/20260223/Detecting-the-scent-of-ovarian-cancer-with-AI.aspx