Governance

Public AI: Policies for democratic and sustainable AI infrastructures

(Alek Tarkowski, Albert Cañigueral, Felix Sieker, Luca Cominassi – OECD.AI) In late 2022, just as commercial AI labs were launching the first public-facing generative AI platforms, Mariana Mazzucato and Gabriela Ramos published an op-ed arguing for public policies and institutions “designed to ensure that innovations in AI are improving the world.” Otherwise, they warned, a new generation of technologies will develop in a policy vacuum. Three years on, concentrations of power in AI have only deepened. A small group of dominant technology companies now controls not only most state-of-the-art AI models, but also the foundational infrastructure that shapes the field: GPUs used for AI training and inference, as well as cloud systems that host these chips. As a result, cutting-edge AI remains in the hands of a select few actors, with limited orientation toward the public interest, public accountability or public oversight. However, a parallel trajectory of AI development suggests the possibility of building public AI infrastructures and services. – https://oecd.ai/en/wonk/public-ai-policies-for-democratic-and-sustainable-ai-infrastructures

EU gains stronger ad oversight after TikTok agreement

(DigWatch) Regulators in the EU have accepted binding commitments from TikTok aimed at improving advertising transparency under the Digital Services Act. An agreement that follows months of scrutiny and addresses concerns raised in the Commission’s preliminary findings earlier in the year. TikTok will now provide complete versions of advertisements exactly as they appear in user feeds, along with associated URLs, targeting criteria and aggregated demographic data. – https://dig.watch/updates/eu-gains-stronger-ad-oversight-after-tiktok-agreement

Legislation

Portugal Revises Cybercrime Law to Protect Security Researchers

(Kevin Poireault – Infosecurity Magazine) Portugal has updated its cybercrime law to exempt cybersecurity researchers and ethical hackers from prosecution. The change was made public in the Portuguese Official Journal (Diário da República) on December 4. The amendment, titled “Acts not punishable due to public interest in cybersecurity,” creates a legal exception for actions that would have been considered illegal under prior law, on the condition that these actions help identifying vulnerabilities or contribute to cybersecurity. – https://www.infosecurity-magazine.com/news/portugal-cybercrime-law-security/

UK lawmakers push for binding rules on advanced AI

(DigWatch) Growing political pressure is building in Westminster as more than 100 parliamentarians call for binding regulation on the most advanced AI systems, arguing that current safeguards lag far behind industry progress. A cross-party group, supported by former defence and AI ministers, warns that unregulated superintelligent models could threaten national and global security. The campaign, coordinated by Control AI and backed by tech figures including Skype co-founder Jaan Tallinn, urges Prime Minister Keir Starmer to distance the UK from the US stance against strict federal AI rules. – https://dig.watch/updates/uk-lawmakers-push-for-binding-rules-on-advanced-ai

Courts and Litigation

Barts Health Seeks High Court Ban After Oracle EBS Breach

(Phil Muncaster – Infosecurity Magazine) A leading NHS trust has become the latest organization to notify about a data breach linked to its use of Oracle E-business Suite (EBS). Barts Health said in an update on Friday that it is seeking a High Court order to prevent the sharing, publication or use of the breached data. “A criminal group known as Cl0p stole some files from a database containing invoices and posted them on the dark web. The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years,” it explained. – https://www.infosecurity-magazine.com/news/barts-health-high-court-ban-oracle/

Extremism, Terrorism, and Counter-Terrorism

Blurred Boundaries: Legal, Ethical, and Practical Limits in Detecting and Moderating Terrorist, Illegal and Implicit Extremist Content Online while Respecting Freedom of Expression

(Bibi van Ginkel, Tanya Mehra, Merlina Herbach, Julian Lanchès, Yael Boerma – International Centre for Counter-Terrorism) This study examines a pressing and highly topical challenge: how to assess online content that may undermine democracy, threaten national security and public safety, or infringe upon the rights of others—while safeguarding freedom of expression. The central question it explores, the specific challenges identified, and the recommendations it puts forward should not be viewed in a vacuum. Rather, they are situated within a broader and increasingly complex societal and political context. A range of systemic developments shapes the environment in which this work takes place: the rise of online radicalisation, particularly among children and young adults; the expanding influence of large technology platforms and the tensions this creates with rule-of-law-based democratic societies leading to a global trend toward both techno-libertarianism andtechno-authoritarianism; and the evolving role of governments as they seek to reconcile the imperatives of security, safety, and national interest with those of privacy, human rights, and minority protection. These challenges are compounded by the unprecedented speed and scale of online information dissemination, growing concerns about disinformation and foreign influence, and the urgent need to strengthen societal resilience and media literacy. While this study does not address each of these systemic issues in depth, they form the essential backdrop against which its findings and proposals should be understood. – https://icct.nl/publication/blurred-boundaries-legal-ethical-and-practical-limits-detecting-and-moderating

Security and Surveillance

Fighting Cyber-Enabled Fraud: A Systemic Defence Approach

(World Economic Forum) Phishing and cyber-enabled fraud are escalating global threats affecting users, consumers, organizations and countries alike. This white paper, Fighting Cyber-Enabled Fraud: A Systemic Defence Approach, developed by the World Economic Forum’s Partnership against Cybercrime in collaboration with the Institute for Security and Technology, presents a systemic defence framework to confront this challenge. Turning the tide on cyber-enabled fraud demands a truly systemic approach, one that maximizes the impact of upstream interventions while ensuring broad, consistent coverage through downstream measures, and this paper calls on stakeholders to act across three complementary pillars of systemic defence: Prevention, Protection and Mitigation. It also demonstrates how a multistakeholder, upstream-focused model can shift responsibility to those best positioned to act at scale, empowering them to prevent harm before it takes root. – https://www.weforum.org/publications/fighting-cyber-enabled-fraud-a-systemic-defence-approach/

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

(Pierluigi Paganini – Security Affairs) FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025. During this period, organizations reported 4,194 ransomware incidents and more than $2.1 billion in payments. For comparison, from 2013 to 2021, FinCEN logged 3,075 reports totaling about $2.4 billion. Ransomware peaked in 2023 with 1,512 incidents and $1.1 billion paid, up 77% from 2022. In 2024, incidents dipped to 1,476 and payments dropped to about $734 million. – https://securityaffairs.com/185465/cyber-crime/fincen-data-shows-4-5b-in-ransomware-payments-record-spike-in-2023.html

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

(Pierluigi Paganini – Security Affairs) The FBI warns that criminals are altering publicly available photos to create fake “proof-of-life” images used in virtual kidnapping scams, posing as kidnappers and demanding ransom. “The Federal Bureau of Investigation (FBI) warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams.” reads the FBI’s public service announcement (PSA). “The criminal actors pose as kidnappers and provide seemingly real photos or videos of victims along with demands for ransom payments.” – https://securityaffairs.com/185456/cyber-crime/fbi-crooks-manipulate-online-photos-to-fuel-virtual-kidnapping-ransoms.html

ClayRat Android Spyware Expands Capabilities

(Alessandro Mascellino – Infosecurity Magazine) A new iteration of the ClayRat Android spyware featuring expanded surveillance and device-control functions has been identified by cybersecurity researchers. First seen in October, ClayRat was originally capable of stealing SMS messages, call logs and photos, as well as sending mass texts. The latest version introduces far broader capabilities by combining Default SMS privileges with extensive abuse of Accessibility Services. – https://www.infosecurity-magazine.com/news/clayrat-android-spyware-upgraded/

Marquis Software Breach Affects Over 780,000 Nationwide

(Alessandro Mascellino – Infosecurity Magazine) A data breach affecting more than 780,000 individuals has been confirmed by Marquis Software Solutions, a Texas-based fintech provider that works with over 700 banks and credit unions across the US. The incident began on August 14, when attackers broke into the company’s network by exploiting a SonicWall firewall vulnerability. After discovering the intrusion, Marquis reportedly shut down affected systems and brought in outside cybersecurity specialists to investigate. The Marquis review, completed in late October, found that unauthorized actors accessed and copied files containing personal and financial information from certain business customers. – https://www.infosecurity-magazine.com/news/marquis-software-breach/

UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims

(Phil Muncaster – Infosecurity Magazine) The UK’s data protection watchdog has asked the government for urgent answers after a Home Office report revealed racial bias in the retrospective facial recognition (RFR) technology used by police. Deputy information commissioner, Emily Keaney, said in a statement on Friday that the Information Commissioner’s Office (ICO) had asked the Home Office for “urgent clarity on this matter so we can assess the situation and consider our next steps.” – https://www.infosecurity-magazine.com/news/ico-demands-clarity-facial/

Securing AI for Cyber Resilience: Building Trustworthy and Secure AI Systems

(Infosecurity Magazine) As artificial intelligence (AI) becomes woven into the fabric of daily life – powering automation, analytics, and decision-making – it simultaneously opens new vulnerabilities for attackers to exploit. Ensuring the security of AI systems, beyond leveraging AI for network defense, is now among the most urgent challenges in cybersecurity. To explore what this shift means for enterprises and critical infrastructure, Dr Vrizlynn Thing, Senior Vice President, Head of Cybersecurity Strategic Technology Centre at ST Engineering, shared how cyber-resilience principles can help organizations build AI that is secure, trustworthy and robust. – https://www.infosecurity-magazine.com/blogs/securing-ai-for-cyber-resilience/

AI fuels a new wave of cyber threats in Greece

(DigWatch) Greece is confronting a rapid rise in cybercrime as AI strengthens the tools available to criminals, according to the head of the National Cyber Security Authority. Michael Bletsas warned that Europe is already experiencing hybrid conflict, with Northeastern states facing severe incidents that reveal a digital frontline. Greece has not endured physical sabotage or damage to its infrastructure, yet cyberattacks remain a pressing concern. – https://dig.watch/updates/ai-fuels-a-new-wave-of-cyber-threats-in-greece

Taiwan blocks Chinese app RedNote after surge in online scams

(DigWatch) Authorities in Taiwan will block the Chinese social media and shopping app RedNote for a year following a surge in online scams linked to the platform. Officials report that more than 1,700 fraud cases have been linked to the app since last year, resulting in losses exceeding NT$247 million. – https://dig.watch/updates/taiwan-blocks-chinese-app-rednote-after-surge-in-online-scams

Frontiers and Markets

Why quantum technologies need AI to succeed

(Kai Bongs, Vikram Sharma – OECD.AI) Experts at the OECD’s Global Forum on Technology identified AI’s support for quantum development as one of the most tangible synergies between the two fields. This article examines AI’s role across the three main branches of quantum technologies: quantum computing, quantum sensing, and quantum communication. The first blog in this series introduced quantum technologies and explored their complementarity with AI. This instalment looks at how AI contributes to the development of quantum systems and applications. – https://oecd.ai/en/wonk/why-quantum-technologies-need-ai

UK researchers test robotic dogs and AI for early wildfire detection

(DigWatch) Researchers at the University of Bradford are preparing to pilot an AI-enabled wildfire detection system that uses robotic dogs, drones, and emerging 6G networks to identify early signs of fire and alert emergency services. The trial, set to take place in Greece in 2025, is part of the EU-funded 6G-VERSUS research project, which explores how next-generation connectivity can support crisis response. – https://dig.watch/updates/uk-researchers-test-robotic-dogs-and-ai-for-early-wildfire-detection