Daily Digest on AI and Emerging Technologies (24 March 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-24-march-2026/

Daily Digest on AI and Emerging Technologies (25 March 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-25-march-2026/ 

Daily Digest on AI and Emerging Technologies (26 March 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-26-march-2026/

Daily Digest on AI and Emerging Technologies (27 March 2026) – https://pam.int/daily-digest-on-ai-and-emerging-technologies-27-march-2026/

 

Governance/Regulation/Legislation

Europol warns legal gaps could weaken child abuse detection online

(DigWatch) Efforts to combat online child sexual exploitation could be severely weakened, Europol has warned, if legal frameworks supporting detection and reporting are disrupted. Executive Director Catherine De Bolle highlighted growing concerns over the increasing volume of harmful content online and stressed that protecting children remains a top priority for European law enforcement. Authorities rely heavily on reports submitted by online service providers, which play a central role in identifying victims and supporting investigations, rather than relying solely on traditional policing methods. – https://dig.watch/updates/europol-warns-legal-gaps-could-weaken-child-abuse-detection-online

National security rules to prioritise UK contracts in AI, steel and shipbuilding

(DigWatch) The UK government has announced new procurement guidance that will treat shipbuilding, steel, AI, and energy infrastructure as critical to national security, with departments directed to prioritise British businesses where necessary to protect national security. The press release was published on 26 March by the Cabinet Office and its Minister, Chris Ward. According to the government, the new approach is intended to respond to recent supply-chain fragility and strengthen domestic capacity in sectors it describes as vital to national security. The guidance is presented as the first clear framework for how departments can protect the UK’s economic security and build resilience in the four named sectors. – https://dig.watch/updates/uk-national-security-ai-steel-shipbuilding

EU demands stronger age verification from adult websites

(DigWatch) The European Commission has preliminarily found that several major adult platforms, including Pornhub, Stripchat, XNXX, and XVideos, may be in breach of the Digital Services Act for failing to adequately protect minors from accessing harmful content. These findings highlight concerns that children can easily access such platforms rather than being effectively prevented by robust safeguards. – https://dig.watch/updates/eu-demands-stronger-age-verification-from-adult-websites

UNESCO and Tecnológico de Monterrey partner on AI in education initiative

(DigWatch) UNESCO and Tecnológico de Monterrey have signed an agreement to collaborate on advancing the use of AI in education, as digital transformation reshapes learning systems and workforce skills across Latin America and the Caribbean. The agreement establishes a framework for joint work on generating evidence, developing standards and formulating public policy recommendations on AI in education, and supports the launch of a Regional Observatory on Artificial Intelligence in Education. – https://dig.watch/updates/unesco-and-tecnologico-de-monterrey-partner-on-ai-in-education

European Parliament rejects extension of CSAM scanning rules for tech platforms

(Suzanne Smalley – The Record) The European Parliament on Thursday voted against extending rules that have let tech companies hunt for child sexual abuse material (CSAM) by scanning their services. The law, which exempts platforms from strict privacy rules so they can scan for CSAM, lapses next Friday. When it does, tech companies will no longer be able to use certain scanning tools to detect the material and turn it over to law enforcement. The 311 members of Parliament who voted against an extension did so despite strong support from law enforcement, children’s rights groups, German Chancellor Friedrich Merz, several European commissioners and a half dozen big tech companies to allow the scans to continue. – https://therecord.media/eu-parliament-rejects-csam-scanning-extension

UK weighs new limits on political donations as reports warn of hard-to-trace foreign interference

(Alexander Martin – The Record) The British government is preparing to tighten rules on political donations after two major reports warned that foreign interference in U.K. democracy is becoming more complex and harder to counter, spanning both financial systems and the information environment. The changes follow the publication of the Rycroft Review on foreign financial interference earlier this week and a cross-party parliamentary report on foreign information manipulation and interference (FIMI) released Friday. The parliamentary report warns that hostile actors are conducting sustained and increasingly sophisticated campaigns to interfere in democratic processes, exploiting divisive issues to amplify tensions and influence public debate. It describes such activity as part of a wider pattern of “hybrid threats” targeting democratic systems. – https://therecord.media/uk-weighs-limits-political-donations-foreign-interference

Digital divide shapes AI job outcomes. Developing countries risk disruption before seeing productivity gains

A joint study by the International Labour Organization and the World Bank finds that AI will reshape labour markets unevenly across countries. Research covering 135 economies highlights growing risks for workers as automation expands.- https://dig.watch/updates/digital-divide-shapes-ai-job-outcomes

Courts and Litigation

Dutch court threatens xAI with fines over Grok’s nonconsensual nude images

(Suzanne Smalley – The Record) A Dutch judge on Thursday ordered the AI assistant Grok to stop creating nude images without subjects’ consent, arguing that the company’s efforts to curb the practice may not have gone far enough. Grok — which is owned by Elon Musk’s xAI — will be forced to pay damages of €100,000 ($115,000) a day if it does not comply, according to the ruling, which also said that damages of up to €10 million ($11.5 million) could be levied if xAI does not rectify the problem. X and Grok drew criticism earlier this year for allowing users to generate and share altered images of individuals — including minors — in sexual contexts. The European Commission is investigating the companies, and the European Council has unveiled a proposal for modifying the bloc’s AI Act to include a ban on AI nudification tools. – https://therecord.media/dutch-court-threatens-xai-with-fines-grok-nudification

Security/Surveillance

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

(Kevin Poireault – Infosecurity Magazine) TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting   Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading malicious packages to Python Package Index (PyPI), the official online repository where developers share and download Python software packages. The group typically uses typosquatting to trick developers into downloading them. In one campaign, the group targeted Trivy, a widely used open-source vulnerability scanner owned by Aqua Security, by injecting credential-stealing malware into official releases and GitHub Actions. – https://www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package/

Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

(Pierluigi Paganini – Security Affairs) Iran-linked hacking group Handala claims it breached FBI Director Kash Patel’s personal Gmail account and shared alleged data, including photos and files. The FBI confirmed it is aware of the incident and has taken steps to mitigate risks, stressing that the exposed material is old and does not involve any government or classified information. “The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” reads a statement issued by an FBI spokesman. “The information in question is historical in nature and involves no government information.” – https://securityaffairs.com/190088/intelligence/iran-linked-group-handala-hacked-fbi-director-kash-patels-personal-email-account.html

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

(Pierluigi Paganini – Security Affairs) Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly stealthy BPFDoor implants to maintain hidden access inside critical infrastructure. This strategic positioning allows attackers to quietly monitor and potentially spy on government communications. Researchers describe these implants as extremely hard to detect, acting like “digital sleeper cells” embedded deep within telecom environments for prolonged surveillance. Compromised telecoms threaten entire populations, not just individual companies, as they carry critical communications and digital identities. Over the past decade, similar state-backed intrusions have targeted multiple countries, exposing call records, sensitive communications, and trusted operator links, revealing a worrying global pattern. – https://securityaffairs.com/190029/malware/china-linked-red-menshen-apt-deploys-stealthy-bpfdoor-implants-in-telecom-networks.html

The European Commission confirmed a cyberattack affecting part of its cloud systems

(Pierluigi Paganini – Security Affairs) On March 24, the European Commission detected a cyberattack affecting the cloud infrastructure hosting its Europa.euwebsites. The incident was quickly contained, with mitigation measures applied and no disruption to website availability. Early findings suggest some data may have been accessed, and potentially affected EU entities are being notified. “Early findings of our ongoing investigation suggest that data have been taken from those websites. The Commission is duly notifying the Union entities who might have been affected by the incident.” reads the press release published by the European Commission. “The Commission’s services are still investigating the full impact of the incident”.The EU has launched an investigation into the security breach to determine its full impact. However, the Commission pointed out that its internal systems were not affected, limiting the overall impact of the attack. – https://securityaffairs.com/190067/data-breach/the-european-commission-confirmed-a-cyberattack-affecting-part-of-its-cloud-systems.html

New AITM phishing wave hijacks TikTok Business accounts

(Pierluigi Paganini – Security Affairs) Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous operations. Once compromised, accounts are used to run malicious ads, steal credentials, spread malware, and conduct ad fraud, diverting company advertising budgets for profit. Attackers used newly registered domains created within seconds and hosted behind Cloudflare. The pages follow a common naming pattern and redirect victims from legitimate services before loading fake TikTok for Business or Google “Schedule a call” pages. – https://securityaffairs.com/190058/security/new-aitm-phishing-wave-hijacks-tiktok-business-accounts.html

CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw

(Pierluigi Paganini – Security Affairs) CISA issued an advisory about a critical vulnerability, tracked as CVE-2026-4681 (CVSS score of 10.0), in PTC’s Windchill and FlexPLM software. At this time, no patches are available, and no active attacks have been confirmed, but German media outlet Heise suggests exploitation could be imminent. Organizations are urged to stay alert and apply mitigations while awaiting updates. “The vulnerability is a Remote Code Execution (RCE) issue that may be exploited through deserialization of untrusted data” reads the advisory by the vendor, which includes mitigations and indicators of compromise (IoCs). PTC FlexPLM is a software solution for Product Lifecycle Management (PLM) that helps companies manage product data and processes. PTC Windchill is a product lifecycle management software that helps companies manage product data and processes throughout the entire product lifecycle. – https://securityaffairs.com/190049/security/cisa-and-bsi-warn-orgs-of-critical-ptc-windchill-and-flexplm-flaw.html

IT and OT Are Not Equal. IT Can Fail. Your OT Cannot

(Aaron Singleton-Martin – Infosecurity Magazine) When we visit a hospital, or walk through an airport, Operational Technology (OT) cyber security pros may take a moment to consider the possibility and consequences of a critical cyber incident in these environments. Blackouts, grounded planes, medical equipment malfunction. This is a natural consequence of doing what we do and knowing what we know. We understand how reliant we are on technology every day. We know all technology has its flaws, that organizations don’t always prioritize security, and that people make mistakes. We also know that these are the environments where cyber security and uptime really matter. The stakes for IT cyber security and OT cyber security are worlds apart. And that’s why it’s so frustrating to work in an industry where IT cyber security is still the default, and OT cyber security is often the afterthought. There are still so many industrial and critical infrastructure businesses giving off-the-shelf IT cybersecurity training to their staff, with no OT cyber security modules whatsoever. And no practical training that relates to their role, industry, or the threats they will actually face. OT security awareness isn’t optional, it’s mission critical. It’s high time that OT cyber got the attention and investment it deserves. – https://www.infosecurity-magazine.com/opinions/it-and-ot-are-not-equal/

Defence/Intelligence/Warfare

The Iran war highlights the creeping use of AI in warfare

(Nilza Amaral – Chatham House) The US-Israeli war with Iran has amplified long-standing concerns over the adoption of AI-supported targeting in warfare. These concerns came to the fore in the aftermath of the 28 February strike on Shajareh Tayyebeh girls’ school in Minab, southern Iran, which Iran says killed at least 168 people, most of whom were schoolchildren. The Trump administration initially blamed Iran for the strike, though it did not provide any evidence. The US says it is now investigating the bombing. The Washington Post has reported that the school was on a US target list. US Senate Democrats have written to Secretary of War Pete Hegseth seeking information about the attack, including clarification on any use of AI in target selection. So far there has been no confirmation of whether or not AI was used in planning or executing the strike on the school. Admiral Brad Cooper, the US commander leading the war in Iran, has confirmed the use of ‘a variety of advanced AI tools’ to sift through large amounts of data in the conflict, without naming any tools in particular. He said these tools allowed leaders to make ‘smarter decisions faster than the enemy can react’ and sped up processes from taking hours or days to seconds. Admiral Cooper also stated that: ‘Humans will always make final decisions on what to shoot and what not to shoot, and when to shoot.’ – https://www.chathamhouse.org/2026/03/iran-war-highlights-creeping-use-ai-warfare

Holding state-sponsored hackers and other cyber proxies to account

(Joyce Hakmeh, Harriet Moynihan, Nayana Prakash – Chatham House) In Russia’s war on Ukraine, ‘cyber proxies’ – non-state actors ranging from criminal groups and hacktivists to private entities – have carried out disruptive cyberattacks and other hostile acts against Ukraine and its allies. Russian or pro-Russian proxies operate with varying degrees of state direction and sponsorship. Some proxies have been linked with intelligence services like the GRU, others are sponsored at arm’s length or quietly tolerated by the authorities, while others still are incidentally or opportunistically aligned with Kremlin agendas. Because the identity of these groups is often opaque and their composition fluid, cyber proxy activity is difficult to combat. The use of proxies provides Russia with plausible deniability, complicates attribution of cyberattacks and other hostile operations, and helps insulate the Russian state and individual actors from sanctions. This paper proposes options that states anywhere can use to counter cyber proxies. We explore how proxies work, map the Russian cyber proxy ecosystem, and consider how international and domestic law can be leveraged to bring cyber proxies – whether of Russian or indeed other origin – to account. We consider accountability through the prism of ‘disruption’ and ‘cost imposition’, which together establish deterrence. And we argue that the West’s tactical responses to hostile cyber proxy activity need to be replaced by a strategic approach that integrates ‘core levers’, ‘amplifiers’ and long-term ‘enabling’ policies. – https://www.chathamhouse.org/2026/03/holding-state-sponsored-hackers-and-other-cyber-proxies-account