Governance/Regulation/Legislation
Claude and the Constitution: Questions Congress Should Ask Before Renewing Section 702
(Ryan Goodman and Andrew Weissmann – Just Security) By law, on April 20, 2026, a broad tool for intercepting the communications of foreigners abroad – Section 702 of the Foreign Intelligence Surveillance Act – will sunset, unless Congress decides to renew it. This deadline gives Congress an unusual opportunity to examine the executive branch’s use of this surveillance law, which has been criticized for its ability to sweep in communications of Americans, and to consider its use in the context of other government surveillance tools and authorities. To be sure, having worked in the government, we believe that historically Section 702 has provided the government with an indispensable national security tool with respect to the NSA and other agencies’ detecting foreign threats. But there has also been meaningful bipartisan interest in reforms to the tool. We recognize important long-standing questions and concerns it raises about Americans’ and others’ privacy rights and the parameters governing how the law functions. What makes this moment different is the convergence of two factors: (1) the government’s rapidly expanding deployment of artificial intelligence in its surveillance programs; and (2) greater distrust of government actions involving Americans’ First Amendment political freedoms and Fourth Amendment privacy rights, which courts have repeatedly found to have been violated by this administration. In order to facilitate robust deliberation, we provide the following questions for Members of Congress to ask executive branch officials as part of the Section 702 renewal process. Journalists and the public could – and should – also demand answers to these questions. – https://www.justsecurity.org/135103/questions-congress-should-ask-before-renewing-section-702/
AI Needs Accountability. We Can’t Rely on Companies and Governments Alone
(Julie Owono – Just Security) The flare-up earlier this year between Anthropic and the U.S. Department of Defense has exposed a deeper crisis: our systems for holding AI development and deployment to account are broken. Companies enforce their own internal rules when convenient; governments regulate when politically expedient. What is missing is an independent public interest layer of accountability: a third way between corporate self-regulation and state enforcement. Replace “AI” with “social media,” “quantum computing,” or “biotech,” and the statement still stands. On one hand, tech companies often show the best intentions, yet do not practice what they preach. Many cheered Anthropic’s CEO, Dario Amodei, for resisting the U.S. government’s use of his company’s models for mass surveillance or fully autonomous weapons systems. But on Feb. 25, the company quietly gutted the central safeguard of its Responsible Scaling Policy: the company’s commitment that it would not deploy or train models until adequate safety mechanisms were in place. That previous pledge, clear in the policy’s 2023–25 versions, virtually disappeared from the 2026 revision. As the company’s chief scientist explained, it no longer “[made] sense for us to make unilateral commitments… if competitors are blazing ahead.”. And while Anthropic was still being celebrated publicly, we learned its model had already been used in U.S. military operations in Venezuela and Iran. – https://www.justsecurity.org/133322/ai-accountability-companies-governments/
Building a Regulatory Framework for Online Gaming in India
(Soumya Awasthi, Shravishtha Ajaykumar – Observer Research Foundation) The rapid expansion of digital connectivity has transformed online gaming from a niche entertainment activity to a significant digital ecosystem. Today, gaming is deeply embedded in the lives of billions of people, particularly young users connected through smartphones and high-speed internet. Around 80 percent of gamers worldwide are adults, with the largest group ages 18–34, while the average gamer is in their mid-30s. Mobile gaming has emerged as the dominant platform, with 3.6 billion players globally and serving as the most accessible entry point for young users. At the same time, online gaming platforms are emerging as spaces for malicious actors to conduct financial fraud, establish criminal networks, enhance extremist recruitment, and inflict psychological harm. India, with roughly 659 million smartphone users, is one of the fastest-growing digital gaming markets in the world. Estimates indicate that the country has over 568 million gamers, most of whom play on smartphones due to affordable data and widespread mobile penetration. This scale of participation, particularly among youth, has turned gaming platforms into complex socio-digital environments that extend far beyond entertainment. – https://www.orfonline.org/research/building-a-regulatory-framework-for-online-gaming-in-india
Geostrategies
South Korea sets ambition to become AI leader
(DigWatch) South Korea has unveiled a national strategy to become one of the world’s top three AI powers by 2028. The plan combines investment in digital infrastructure, data systems and next-generation connectivity. Authorities aim to expand networks by advancing 5G capabilities and preparing for the commercial deployment of 6G by 2030. Cybersecurity and data integration are also key priorities to support a stronger digital ecosystem. – https://dig.watch/updates/south-korea-sets-ambition-to-become-ai-leader
EU and Japan strengthen digital partnership in ICT Dialogue
(DigWatch) The European Commission and Japan have reinforced their digital cooperation through the 31st the EU–Japan ICT Dialogue held in Tokyo, focusing on advancing shared priorities in emerging technologies instead of pursuing separate national strategies. A meeting that forms part of the broader EU–Japan Digital Partnership, which aims to deepen collaboration in key areas of the digital economy. – https://dig.watch/updates/eu-and-japan-strengthen-digital-partnership-in-ict-dialogue
Data centres are Australia’s chance to shape AI’s future
(Janet Egan – ASPI The Strategist) Australia has a narrow window to act if it wants any leverage in what comes next in AI, the most transformative technology of our era. Building data centres and enabling AI training to happen here is the best way for Australia to shape its own future. The pace of AI progress has been astronomical and shows no sign of slowing. Novel AI-discovered drugs are showing promise in clinical trials. Nations are already integrating AI into military and national security applications. And some of the world’s best software engineers are handing large portions of their jobs over to AI. Experts may disagree on exact timelines and trajectories, but there is clear consensus that significant disruption lies ahead, carrying both tremendous opportunity and risk. – https://www.aspistrategist.org.au/data-centres-are-australias-chance-to-shape-ais-future/
Counterterrorism
Will the Next U.N. Counterterrorism Strategy Hold States Accountable For Their Use of AI?
(Tomaso Falchetta and Romain Lanneau – Just Security) In his report on the implementation of the United Nations Global Counter-Terrorism Strategy, the U.N. Secretary-General warned of the growing sophistication of terrorist groups in exploiting new and emerging technologies, including AI, for terrorist purposes. He also warned about the risks of deploying these technologies for counterterrorism without adequate human rights safeguards. Far from hypothetical, such warnings are particularly relevant given recent and current developments. In January, the United States military operation in Venezuela, which involved capturing President Nicolas Maduro, reportedly relied on AI to map sites for targeted bombing in Caracas. Two years earlier, investigative journalists had revealed that the Israeli military uses AI to select “tens of thousands of potential Hamas and Islamic Jihad targets for elimination in Gaza.” The United States and Israel have argued they are using these tools in counterterrorism operations to protect their populations from the threat of “narco-terrorism” and and “to sweep [Gaza] free of terrorists” (although it is worth noting that when operations took place in the context of armed conflict the concomitant application of international humanitarian law, alongside applicable international human rights law, comes into play). The issue of AI may well feature in the forthcoming 9th U.N. Global Counter-Terrorism Strategy, due to be adopted by the U.N. General Assembly in June. However, discussions on emerging technologies at the United Nations have so far centered on the perceived challenges posed by AI to international counterterrorism efforts, such as addressing the misuse of technologies by terrorist organizations for propaganda purposes. The 8th Global Counter-Terrorism Strategy review already called for scaling up the use of AI and digital technologies to catch up with terrorists’ technological innovations. States have been much less willing to address how AI and other digital technologies have been abused in the name of countering terrorism, in some cases leading to serious human rights violations. As the U.N. Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism noted in a 2025 position paper, “the Security Council has urged States to use new technologies to counter terrorism without paying sufficient regard to the human rights risks, including in countries lacking human rights protections, independent judiciaries, a rule of law culture, or democratic oversight.”. The 9th Global Counter-Terrorism Strategy has an opportunity to enhance compliance with international human rights law, in particular by strengthening accountability in the use of AI, as well as human rights-focused due diligence by the U.N.’s programmes of technical assistance in the use of technologies for counterterrorism. – https://www.justsecurity.org/133656/counterterrorism-ai/
Security and Surveillance
It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies
(Pierluigi Paganini – Security Affairs) Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. This vulnerability is especially dangerous because an attacker can exploit it simply by sending a malicious animated sticker, with no action required from the victim. The vulnerability lies in how Telegram automatically processes media to generate previews, allowing crafted files to trigger code execution. The flaw poses a serious security risk, especially as no patch is currently available, raising concerns across the cybersecurity community. – https://securityaffairs.com/190167/security/its-a-mystery-alleged-unpatched-telegram-zero-day-allows-device-takeover-but-telegram-denies.html
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
(Pierluigi Paganini – Security Affairs) A critical Fortinet FortiClient EMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1), is now being actively exploited. Defused researchers warn that threat actors are exploiting the vulnerability in Fortinet’s FortiClient EMS platform. “Fortinet Forticlient EMS CVE-2026-21643 – currently marked as not exploited on CISA and other Known Exploited Vulnerabilities (KEV) lists – has seen first exploitation already 4 days ago according to our data Attackers can smuggle SQL statements through the “Site”-header inside an HTTP request According to Shodan, close to 1000 instances of Forticlient EMS are publicly exposed.” Defused wrote on X. – https://securityaffairs.com/190158/security/critical-fortinet-forticlient-ems-flaw-exploited-for-remote-code-execution.html
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
(Pierluigi Paganini – Security Affairs) Researchers at Malwarebytes spotted a new macOS infostealer, named Infinity Stealer, using a Python payload compiled with Nuitka. It spreads via ClickFix, tricking users with fake Cloudflare CAPTCHA pages. “A fake verification page instructs the visitor to open Terminal, paste a command, and press Return. Once executed, the infection process begins immediately.” reads the report published by MalwareBytes. “The technique gained popularity on Windows systems, but it’s now being adapted for macOS, with the instructions tailored to the platform: Command + Space > open Terminal > paste the command” – https://securityaffairs.com/190147/security/new-macos-infinity-stealer-uses-nuitka-python-payload-and-clickfix.html
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
(Pierluigi Paganini – Security Affairs) Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from advanced state-sponsored actors. TA446 has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT group primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine. – https://securityaffairs.com/190139/apt/russia-linked-apt-ta446-uses-darksword-exploit-to-target-iphone-users-in-phishing-wave.html
EU investigates cyber attack targeting Commission websites
(DigWatch) The European Commission has confirmed a cyber-attack targeting its cloud infrastructure hosting the Europa.euservices, with authorities acting swiftly to contain the incident and prevent disruption to public access. The attack was identified on 24 March, prompting immediate mitigation measures to secure systems and maintain service continuity. – https://dig.watch/updates/eu-cyber-attack-targeting-commission-websites
Defence/Warfare/Intelligence
In Ukraine, ground robots are increasingly going on the offensive
(David Kirichenko – Lowy The Interpreter) Throughout the war, Ukraine has relied on technology to offset Russia’s greater numbers in personnel and materiel. Aerial drones became the backbone of that effort, helping blunt assaults, guide artillery and strike deep behind the front. Now the same logic is moving onto the ground. As the kill zone expands, Kyiv is increasingly turning to unmanned ground vehicles (UGVs) to carry supplies, evacuate the wounded, and, in some cases, go on the offensive. This shift is being driven by necessity. Ukraine now has 280 companies developing UGVs. On large stretches of the front, the most dangerous task is simply getting in and out. Ukrainian UGVs now regularly destroy Russian drones waiting in ambush along these routes, helping protect human vehicle drivers and wounded soldiers, also being evacuated by UGVs. – https://www.lowyinstitute.org/the-interpreter/ukraine-ground-robots-are-increasingly-going-offensive