Daily Digest on AI and Emerging Technologies (12 may 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-12-may-2026/

Daily Digest on AI and Emerging Technologies (13 may 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-13-may-2026/

Daily Digest on AI and Emerging Technologies (15 may 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-15-may-2026/

 

Governance/Regulation/Legislation

EU AI Act transparency rules go beyond high-risk systems

(DigWatch) The EU AI Act’s Article 50 introduces a wide-ranging transparency regime that requires organisations to disclose when AI is involved in interactions or content creation. Unlike high-risk rules elsewhere in the regulation, these obligations apply broadly across sectors and business models, covering any organisation that uses AI in areas such as chatbots, content generation, or biometric analysis. Four core scenarios trigger compliance duties. These include situations where users interact directly with AI systems, where AI generates synthetic audio, video, text or images, where emotion recognition or biometric categorisation is used, and where AI is involved in producing deepfakes or public-interest content. – https://dig.watch/updates/eu-ai-act-article-50-transparency-rules

UK NAO guide sets AI oversight questions for public bodies

(DigWatch) The UK National Audit Office has published a good practice guide for public sector organisations using AI, setting out questions for audit and risk assurance committees overseeing the planning, deployment and scaling of the technology. The guide draws on NAO findings, the UK government’s AI Playbook and lessons from digital transformation programmes. It advises committees to assess whether organisations are clear on why they are using AI, what risks they need to manage and how responsible adoption will be assured. The NAO says the guide will evolve as AI continues to develop. – https://dig.watch/updates/uk-nao-good-practice-guide-ai

Nuclear-Powered AI: The Risks of De-Regulation

(Michael J. Kelly and Craig Martin – Just Security) By 2030, global data centers will consume as much electricity as Japan, according to a recent report by the International Energy Agency. Feeding that new energy demand with fossil fuels will exacerbate the climate change crisis. AI infrastructure will also put increasing strain on the electricity grid and lead to rising energy costs for communities. Incorporating solar and wind energy in hybrid systems could provide an attractive solution to both problems, but the Trump administration has declared all-out war on renewable energy, taking a range of actions to stymie its development. The administration has instead embraced nuclear—particularly new-generation small modular nuclear reactors (SMRs) situated near data centers—as the optimal means to bolster energy generation for our expanding AI universe. This move has considerable appeal, particularly for those concerned about the climate change crisis and interested in cleaner alternatives to fossil fuels. But the manner and speed with which it is being developed raises serious legal and policy concerns. These concerns arise from a coordinated loosening of regulatory oversight on three fronts: (1) AI development, (2) nuclear deployment, and (3) the environmental review that would ordinarily govern both. We have written elsewhere about the risks raised by the Trump administration’s deregulation of AI development. Our concern here is with the less-examined legs of this triad: the dismantling of nuclear safety oversight and the gutting of environmental review in order to accelerate AI development. The regulatory architecture now being dismantled is the hard-earned product of lessons learned from earlier experiences in developing and operating technologies that pose high risks to both the public and the environment. – https://www.justsecurity.org/138215/nuclear-powered-ai-risks-deregulation/

Geostrategies

Decade of Policy Support Drives Quantum Breakthroughs

(Sunny Cheung – The Jamestown Foundation) A decade of increasingly specific policy direction in the People’s Republic of China (PRC)—Five-Year plans, Ministry of Industry and Information Technology (MIIT) technical mandates—has shifted focus from basic science to engineering targets and deployment, effectively guiding both industry pathways and investor behavior. The sector is supported by a multi-tiered, state-aligned capital architecture that provides large-scale, patient funding, reducing commercial pressure and enabling quantum firms to prioritize deployment over short-term profitability. The PRC has already translated research into operational infrastructure, exemplified by the Beijing–Shanghai quantum network and Micius satellite, demonstrating end-to-end quantum communication capabilities at national scale. Despite strong central coordination, provincial competition introduces fragmentation and inefficiencies, creating parallel ecosystems that may dilute resources but also drive innovation pressure. – https://jamestown.org/decade-of-policy-support-drives-quantum-breakthroughs/

After Mythos, Australia should prepare to battle for access to frontier AI

(David Wroe – ASPI The Strategist) The lesson of Anthropic’s new Claude Mythos AI model, with potent hacking capabilities, is becoming clear: in the era of increasingly powerful AI, national security priorities will prevail. Countries like Australia can’t assume they’ll always have access to these models – so they should start to plan accordingly. Rather than commercial products anyone can buy for about A$275 a month, frontier models are on track to become jealously guarded national assets as their abilities become increasingly sensitive. Access might need to be negotiated government-to-government, and even this cannot be taken for granted. Mythos, announced on 7 April, is very good at reasoning and writing computer code on its own, which makes it also a very powerful hacking tool. – https://www.aspistrategist.org.au/after-mythos-australia-should-prepare-to-battle-for-access-to-frontier-ai/

South Africa and China expand digital education ties

(DigWatch) South Africa and China have agreed on measures to deepen cooperation in digital education, technical skills development and student mobility following bilateral talks at the World Digital Education Conference in Hangzhou. The talks brought together South Africa’s Minister of Higher Education and Training, Buti Manamela, and China’s Vice Minister of Education, Xu Qingsen. According to SAnews, the meeting produced a framework for stronger cooperation in areas including AI, vocational training and industry-linked education pathways. – https://dig.watch/updates/south-africa-china-expand-digital-education-ties

Courts and Litigation

Italy lawsuit against Meta and TikTok tests child safety rules

(DigWatch) A first hearing has taken place at the Milan Business Court in a case brought by MOIGE, the Italian Parents’ Movement, and a group of families against Meta and TikTok over the protection of minors on social media platforms. According to MOIGE, the class-wide injunction seeks to protect around 3.5 million Italian children aged between 7 and 14 who are allegedly active on social platforms despite age restrictions. The organisation described the case as the first such action in Europe focused on protecting minors in the digital sector. – https://dig.watch/updates/italy-lawsuit-meta-and-tiktok-child-safety-rules

Don’t Count on Courts to Rein In Unregulated AI

(Daniel Wilf-Townsend – Lawfare) Over the past few months, the headlines might give the impression that the U.S. court system is deftly navigating the world of tech regulation. A federal judge quickly enjoined the Department of Defense’s overbroad and retaliatory attempt to label artificial intelligence (AI) developer Anthropic a supply chain risk. Juries in California and New Mexico issued major verdicts against Meta and Google for harms arising from their social media products, in cases that could influence thousands of other similar claims. And the U.S. Supreme Court let stand a lower court’s decision over the copyrightability of AI-generated art, in one of the first actions by the Court in the area of intellectual property (IP) and artificial intelligence. Based on this flurry of activity, one might think that when it comes to the current greatest challenge for technology policy—artificial intelligence—the courts can be trusted to man the regulatory helm. But that trust would be misplaced. We are years into the explosive growth of the generative AI industry, and its integration into commerce and daily life has raised many important legal questions. But the courts have largely failed to resolve these issues in a timely enough way to inform the development of this major sector. The state of AI litigation over the past few years raises concerns about the adequacy of courts and their procedures in this fast-changing area, and suggests that policymakers may need to think twice about relying on courts as cornerstones of new regulatory regimes. The “ChatGPT moment” of late 2022 is now more than three years ago. Even at that early time, a number of important legal questions were fairly obvious. Among the most significant ones: Is it a violation of copyright protections to train on copyrighted data? Are the outputs of AI tools copyrightable? If a user causes a tool to generate outputs that violate IP protections, who is liable—the user? The developer? Both? Neither? Many of these major early questions focused on intellectual property. And some of them continue to have implications for the viability of large parts of the industry. If it is not fair use to train large language models on copyrighted data, for instance, it’s not clear that the current paradigm of training on massive text corpuses would continue to be feasible. – https://www.lawfaremedia.org/article/don-t-count-on-courts-to-rein-in-unregulated-ai

Security and Surveillance

What Fronter AI Models Like Mythos and GPT-Cyber Mean for Modern Cybersecurity

(Danny Palmer – Infosecurity Magazine) Landmark announcements by some of the biggest names in artificial intelligence have upended how defenders must think about cybersecurity, vulnerability management and threat detection. In April 2026, Anthropic detailed Mythos Preview, a frontier large language model (LLM) equipped to autonomously find and fix cybersecurity vulnerabilities at scale. Upon launch, Anthropic said that Mythos had already identified thousands of previously undiscovered zero-days. Just days later, OpenAI unveiled GPT-5.4-Cyber, an updated variant of their own GPT-5.4 model fined-tuned to specifically work on cybersecurity problems. The company has since gone onto release an updated version of the model, GPT-5.5-Cyber. For now, both AI companies have restricted their cybersecurity frontier models to a limited audience of approved partners. Mythos Preview is only available to participants of Anthropic’s Project Glasswing. Those confirmed as part of the scheme included some of the biggest names in technology like Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks. Meanwhile, OpenAI has limited use of GPT-Cyber to members of its Trusted Access for Cyber (TAC) program. This scheme is based around individual cyber defenders, who must be verified and vetted by OpenAI to gain access. Both Open and Anthropic believe their tools are the future of cybersecurity, but both have been reluctant to go as far as publicly releasing their models. One core consideration is how these AI tools could be exploited in the ‘wrong hands’. Cybercriminals and threat actors are already using AI tools to develop sophisticated phishing campaigns, write malicious code and deploy automated attacks. The same hackers could quickly find ways to abuse these new frontier AI models for their own gain. – https://www.infosecurity-magazine.com/news-features/what-mythos-gptcybe-ai-mean-for/

Ghostwriter group resumes attacks on Ukrainian Government targets

(Pierluigi Paganini – Security Affairs) ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat actor Ghostwriter (aka UNC1151, UAC-0057) is linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests. The newest activity detected by ESET starts with a spear-phishing email carrying a PDF attachment. The document impersonates Ukrtelecom, one of Ukraine’s main telecommunications providers, and presents the victim with what looks like an official communication complete with a download button. – https://securityaffairs.com/192196/apt/ghostwriter-group-resumes-attacks-on-ukrainian-government-targets.html

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

(Pierluigi Paganini – Security Affairs) A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, while GreenPlasma enables privilege escalation. The researcher previously disclosed three Microsoft Defender vulnerabilities. – https://securityaffairs.com/192173/hacking/researchers-uncover-yellowkey-and-greenplasma-windows-zero-days.html

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

(Kevin Poireault – Infosecurity Magazine) An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made when they responded to an intrusion attempt affecting the Indian branch of an unnamed global manufacturing customer with multiple regional sites in April 2026. While the Cato CTRL team managed to block the intrusion, they also identified suspicious traffic associated with a third-party user connected to the customer environment. The attack chain used a first-stage dropper, Donut shellcode, a masqueraded .woff web-font resource, memory injection and web-like command-and-control (C2) communication. – https://www.infosecurity-magazine.com/news/china-hackers-tencshell-malware/

Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities

(Beth Maundrill – Infosecurity Magazine) A new version of the Gremlin stealer has evolved from a basic credential harvester into a modular toolkit, according to researchers at Palo Alto Networks’ Unit 42. The infostealer first emerged in April 2025, now just 12 months later the threat has rapidly evolved with new obfuscation techniques and new anti-analysis safeguards into recent builds. Gremlin stealer siphons sensitive information from compromised systems and exfiltrates it to attacker‑controlled servers for potential publication or sale. It targets web browsers, system clipboard and local storage. The new variant has an increased focus on stealth and is specifically designed to evade static analysis tools, according to the research. This includes the malware authors shifting the malicious payload into the .NET Resource section, masking it with XOR encoding to bypass signature-based detection and heuristic scanning. The core architecture and exfiltration methods via private web panels or the Telegram Bot API remain consistent with older versions. – https://www.infosecurity-magazine.com/news/gremlin-stealer-evolves-into/

Poland launches campaign to boost business cybersecurity awareness

(DigWatch) Poland’s Ministry of Digital Affairs has launched a campaign to encourage entrepreneurs and management teams to take a more active role in protecting their companies from cyber threats. The campaign, titled ‘Build your company’s digital security click by click’, is aimed at businesses and senior decision-makers. The ministry says its main goal is to encourage firms to address cybersecurity at both organisational and operational levels. – https://dig.watch/updates/poland-launches-campaign-to-boost-business-cybersecurity-awareness

ICO warns organisations about growing AI cyber threats

(UK Information Commissioner’s Office) Cyber criminals are increasingly using artificial intelligence (AI) to carry out attacks that are faster, more advanced and harder to detect. From AI-generated phishing emails that impersonate trusted contacts, to automated tools that scan for and exploit software vulnerabilities, the threat landscape is evolving rapidly. With this scale and sophistication, cyber security must be a shared responsibility across every part of the economy. As the data protection regulator, we can provide clear expectations and practical support, but all organisations must take proactive steps to prepare themselves for emerging threats. By investing in cyber resilience and ensuring appropriate security measures are in place, you can build public trust and confidence in how your organisation protects the personal data you hold. – https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/five-steps-to-protect-your-organisation-from-ai-powered-cyber-threats

Defense/Intelligence/Warfare

Hybrid Warfare Reflects Convergence of Terrorism and Great Power Competition

(The Soufan Center) Russia and Iran have increasingly utilized disposable non-state actors in attacks across Europe to pursue their broader state objectives while outsourcing terrorist-style activity to criminal networks and disposable agents. Iranian- or Russian-backed attacks across Europe carried out by disposable agents allow these states to compete in the international system through non-state tactics, using terrorism, criminality, and plausible deniability as tools of great power competition. The increased use of encrypted messaging platforms, social media, virtual currencies, and AI has begun to create new ways for hostile states to reach individuals living inside an adversary’s territory without relying on traditional intelligence infrastructure. If Iran, Russia, or another state such as China were to focus more heavily on exporting this disposable agent model to the U.S., it would no doubt achieve some success for the same reasons its deniability and decentralized nature have challenged European governments. – https://thesoufancenter.org/intelbrief-2026-may-15/

Near Russian border, NATO grapples with ground robots in combat

(Rudy Ruitenberg – Defense News) Exercising in Latvia’s dense pine and birch forests this week, local troops found themselves in an unfair fight against a new enemy: unmanned ground vehicles. As NATO tries to keep pace with fast-changing drone warfare, the alliance used Latvia’s Crystal Arrow exercise to test unmanned ground combat, equipping opposing forces with wheeled robots. The systems gave the red team an element of surprise over a blue team relying only on aerial drones, said Lt. Col. Andris Brūveris, the Latvian battalion commander leading the opposing side. “They are force multipliers, and they are here to stay,” said Brūveris, who commands Latvia’s 2nd Mechanized Infantry Battalion, in a briefing with reporters at the Sēlija training area in central Latvia on Monday, during a press trip organized by NATO. – https://www.defensenews.com/global/europe/2026/05/15/near-russian-border-nato-grapples-with-ground-robots-in-combat/

Central Asia Diversifies and Indigenizes Defense Procurement to Limit Reliance on Moscow

(Bradley Jardine, Edward Lemon – The Jamestown Foundation) On January 13, Uzbek President Shavkat Mirziyoyev announced plans to revise Uzbekistan’s 2018 Defense Doctrine, signaling a major modernization shift centered on artificial intelligence (AI), drones, and cyberwarfare, alongside efforts to expand domestic defense industrial capacity. The reform reflects a broader Central Asian trend of reducing reliance on Russia’s legacy security architecture, as states reassess dependence on Moscow amid its constrained defense industry, sanctions pressure, and reputational concerns following Russia’s full-scale invasion of Ukraine. Kazakhstan and Uzbekistan are investing heavily in indigenous defense industries, particularly drone production, armored vehicles, and North Atlantic Treaty Organization (NATO)-standard ammunition, reflecting a broader regional strategy to strengthen military autonomy while avoiding excessive dependence on any single foreign supplier. – https://jamestown.org/central-asia-diversifies-and-indigenizes-defense-procurement-to-limit-reliance-on-moscow/