Welcome to the latest edition of ASPI’s Cyber & Tech Digest.

Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.

This edition covers the period: 6 June 2026 to 12 June 2026.

Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.

What We’re Tracking

Tech titans seek to cast opposition to data centers as a Chinese influence operation

What happened: Several recent reports show that China is trying to boost the anti-data center movement in the US — but so far, this research all comes from organisations that are openly aligned with the AI industry or the aggressively pro-AI Trump administration, not from organisations that specialise in China or foreign influence.

Republicans in Congress have called for an investigation into US nonprofits that allegedly receive foreign funding and oppose the data center build-out, but critics say this is a naked attempt to silence dissent and smooth the way for AI industry interests.

OpenAI said it has uncovered what is likely a covert information operation by China-linked actors aimed at boosting popular opposition to the construction of data centers in the U.S. In a report published on June 10, the company said a group of accounts based in China used ChatGPT to generate social media images and text stating that data centers increase electricity costs for American; these were subsequently posted to social media platforms.

Notably, OpenAI said these efforts did not appear to have gotten any traction or moved the needle on US debate.

A report from late May from the Bitcoin Policy Institute, which promotes the crytocurrency, also claimed that China was funding opposition to data centers, as did a similar report from Power the Future, a nonprofit that is aligned with the Trump administration. These two reports were poorly researched, did not show that foreign governments were funneling money to US nonprofits, and made sweeping but unsupported claims that China was the hidden hand behind the anti-data center movement.

Why we’re tracking this: The reports come as local opposition across the US has slowed the mass construction of data centers, which provide the computing power needed to fuel the AI revolution. Data centers consume vast amounts of energy, potentially putting pressure on local power grids and raising electricity costs for local households.

The stakes are high. As the US and China are locked in a tight race for AI dominance, sluggish construction of data centers could give an advantage to the other side. But many Americans worry that data centers are just one more way that the AI revolution is siphoning jobs and money away from struggling Americans and towards an elite few.

What people are saying:

• ‘It is pretty hard to make the argument this is driven by foreign influence when you are dealing with people in sometimes very small communities showing up at town hall meetings angry about things directly affecting them.’ — Tamara Kneese, senior researcher at the Partnership on AI, The Washington Post

• ‘The targeting of OpenAI and US data center buildouts is significant not because the operation appears to have shifted public opinion, but because it shows PRC-origin influence operators testing narratives against AI infrastructure.’ — OpenAI

• ‘Tax-exempt status is not a shield for foreign influence. Organizations that misuse charitable structures to advance foreign interests undermine our laws, our democracy, and public trust.’ — Rep. Jason Smith of Missouri, chair of the House Ways and Means Committee, NOTUS

My view: Foreign government meddling in the domestic debates of democracies is a serious issue. But equally concerning is the age-old trick of trying discredit inconvenient public sentiment by casting it as a foreign ploy.

There is overwhelming evidence that US local opposition to data centers is authentic. There is ample evidence to suggest that the Chinese government does not want the US to build enough data centers. There is no evidence that the Chinese government’s efforts have moved the needle on US debate. It’s that simple.

OpenAI’s research is solid, but the reports from Bitcoin Policy Institute and Power the Future appear to be motivated not by a desire to uncover China’s influence (and thus to preserve the integrity of US civil society), but rather to delegitimise organic movements (and thus to compromise the integrity of US civil society). This is, ironically, a tactic widely used by the Chinese Communist Party to discredit grassroots Chinese civil society by accusing Chinese activists of being in bed with ‘hostile foreign forces.’

This is an anti-democratic abuse of the field of China influence research that both dilutes the impact of true high-quality research, and threatens US civil society itself.

— Bethany Allen, CTS

Anthropic releases Mythos models while calling for mechanism to pause frontier model development

What happened: Anthropic released two models — Claude Fable 5 and Claude Mythos 5 — built on the same Mythos-class system with different safeguards, per WIRED and iTnews. Fable 5 is the first Mythos-class model open to the public.

The release has drawn criticism on two fronts: an undisclosed intervention that, without notifying users, limits the model’s usefulness when it detects use in building rival AI; and a mandatory 30-day data-retention policy overriding existing Zero Data Retention agreements, according to iTnews and Mashable.

Days earlier, Anthropic had published a blog post arguing that its models are increasingly built by AI itself — a path towards recursive self-improvement. The Guardian reported it as Anthropic calling for a worldwide temporary pause on AI development, and for policymakers, researchers, civil society and AI companies to convene on the risks.

The same piece noted the call sits in tension with a Financial Times report that Anthropic embedded engineers in the NSA for offensive cyber operations potentially aimed at Iran and China. Critics questioned whether the proposal reflects safety concern or positioning ahead of Anthropic’s pending $1 trillion IPO filing.

Why we’re tracking this: Several threads in AI development are converging this week. Anthropic is widening access to its most capable model class while arguing the field would benefit from a way to pause development — having held Mythos back for months over its ability to find vulnerabilities in systems such as banking and power grids, per The Guardian. The model’s safeguards are not purely grounded in public-safety concerns: the restriction on using it to build competitor models also serves Anthropic’s commercial position, blurring the line between public-safety and commercial interests.

What people are saying:

• ‘Our view is we’ve built amazingly powerful technology. We’re going to keep building it.’ — Jack Clark, co-founder of Anthropic

• ‘Anthropic might give the impression of being warm and fuzzy, but their definition of AI safety is narrow. Supporting US authorities in the development of offensive capabilities has never been something they have spoken against.’ — Steven Murdoch, professor of security engineering at University College London.

• ‘Next up: Apple randomly reboots your Mac if you’re building competing tech, Gmail silently edits your emails if you mention rival platforms, and Tesla Autopilot swerves if it detects you’re working on self-driving cars. All in the name of safety, of course.’ — Mikel Artetxe, cofounder of Reka AI, an AI lab.

My view: Anthropic’s blog post argued for a mechanism to pause frontier development, not for a pause itself. That is not a new position for the company. In a 2023 interview, Anthropic’s CEO Dario Amodei backed a mechanism that would suspend the development of frontier-models if they were being deployed without adequate safeguards against misuse, the aim being to pressure labs to build those safeguards in advance so the instrument would never had to be triggered. Read that way, the apparent tension between calling for a pause mechanism and releasing its most capable model yet largely dissolves.

The harder question is how such a mechanism would work in practice. To be credible, it would need to include Chinese AI labs alongside their US and allied counterparts. Arms control is the natural governance model to draw on, but frontier AI differs in one respect: the competition is driven primarily by commercial rather than military actors, even as its implications turn strategic.

— Stephan Robin, CTS

What We’re Watching

A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

What We’re Watching A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

⸻

🚀 Strategic competition

The United States Department of Defense expanded its 1260H list of Chinese military companies, adding Alibaba, Baidu and BYD and reinstating memory chipmakers ChangXin Memory Technologies and Yangtze Memory Technologies alongside pharmaceutical contractor WuXi AppTec. The designation restricts the firms from US military contracts and research funding and carries few immediate legal penalties, according to Bloomberg.

The US urged NATO allies to use defence budgets to rip out and replace Huawei telecommunications equipment, with State Department China coordinator Joshua Young telling officials in Brussels the allocations could fund the switch; Germany and Spain are leading opposition to wider European Commission proposals to ban high-risk Chinese suppliers over fears of retaliation from Beijing. Taiwan, separately, is negotiating with Washington on much stricter AI hardware export controls that could restrict sales to all customers in China by computing-power thresholds and let Taiwan prosecute Nvidia chip smuggling as a criminal offence for the first time.

A coalition including CXMT, Alibaba, Dongguan Trust, SSCI Leading Fund and Advanced Micro-Fabrication Equipment launched a 3.91 billion yuan (about US$577 million) private equity fund in Shanghai, the Changzhi Hanhai Private Investment Fund, to provide long-term patient capital for China’s hard-tech sectors amid tightening US export controls, according to the South China Morning Post. The move comes as China’s state-backed Big Fund trims stakes in mature chip companies and CXMT prepares for a Star Market IPO.

SpaceX has excluded investors from mainland China and Hong Kong from its initial public offering, and OpenAI is reportedly planning identical restrictions for its own listing later this year, in what The New York Times described as escalating capital and technology decoupling between the United States and China over national security, data governance and intellectual property.

The White House said it would accelerate AI development and use for national security while barring unlawful surveillance and censorship, with President Donald Trump issuing a national security memorandum directing faster AI adoption across intelligence and warfighting domains and requiring updated guidance on autonomous weapons. The memo follows a dispute between Anthropic and the Pentagon over limits on Claude’s use for autonomous weapons and mass surveillance, Reuters reported.

The FBI seized more than a dozen websites it says suspected Chinese agents used to recruit current and former US officials with security clearances, posing as consulting firms advertising defence and ex-military roles and using identity theft and AI-generated photos and videos. The Justice Department separately announced the seizure of 13 domains tied to fake consulting firms that solicited insider information, following a Five Eyes warning that China is increasingly using job platforms to target people.

OpenAI banned two clusters of ChatGPT accounts it said likely originated in China and supported covert influence operations targeting US AI and technology-policy debates, including content claiming AI data centres were raising household electricity prices and material criticising US tariffs. Axios reported the campaigns appeared ineffective but showed pro-China actors testing AI tools to amplify existing US political and economic divisions.

⸻

🧠 AI models, agents & compute

Anthropic launched two Mythos-class models — Claude Fable 5, available publicly with safeguards, and Claude Mythos 5, the same underlying model with some safeguards lifted for trusted users — both priced at US$10 per million input tokens and US$50 per million output tokens, double Claude Opus 4.8 rates. Fable 5 routes cybersecurity, biology, chemistry and model-distillation prompts to Opus 4.8 in fewer than 5% of sessions, while Mythos 5 reached about 200 organisations across more than 15 countries through Project Glasswing. WIRED reported the earlier limited release reflected concern the model could be misused to develop hacking tools. iTnews put Mythos 5 at 10.75 captured Chrome V8 flags on ExploitBench, against 5.56 for Opus 4.8 and 4.44 for OpenAI‘s GPT-5.5.

Anthropic also imposed mandatory 30-day data retention across the Mythos class, overriding existing zero-data-retention agreements with enterprise and API customers — a change copyright and AI lawyer Jessica Eaves Mathews said nullifies prior commitments, which the company justifies as necessary to detect novel attacks and reduce false positives.

Anthropic separately proposed a mechanism to temporarily pause worldwide development of frontier AI models, and proposed convening policymakers, researchers and companies on the risks of advanced systems, citing Claude‘s progress toward recursive self-improvement and reporting that more than 80% of code merged into its codebase in May was authored by Claude. The Economist examined the same recursive-self-improvement concerns and noted Anthropic is expected to list on stock markets later this year. Dario Amodei, Anthropic’s chief executive, argued in an essay that policy is lagging model capabilities and called for binding regulation, including mandatory third-party testing of frontier models for cyber, biological and loss-of-control risks with government power to block unsafe deployments.

In The Australian, Paul Kelly argued Australia’s political and corporate leaders have not kept pace with AI’s economic, social and security implications, contrasting US debate over public stakes in AI companies with warnings from figures including Amodei. A Reuters/Ipsos poll found 53% of Americans fear AI could put them or someone in their household out of work, with 73% worried about increased AI use. Reuters separately reported that Chinese companies are quietly cutting contractors and using attrition as they adopt AI tools while avoiding mass layoffs that could draw government scrutiny, with analysts saying AI adoption is outpacing job creation amid high youth unemployment.

SpaceX struck a roughly US$30 billion deal under which Google will pay about US$920 million a month for AI computing power, giving Google access to around 110,000 Nvidia chips for its Gemini Enterprise agent platform, according to The New York Times. Bloomberg reported Google can terminate the multi-year deal if SpaceX fails to deliver chip access by 30 September 2026 or on 90 days’ notice after the end of the year. Nvidia, separately, said South Korea’s Naver will use its technology to build gigawatt-scale AI factories to meet rising demand for AI and physical-AI applications.

OpenAI is restructuring ChatGPT into an AI superapp combining coding tools and autonomous agents under unified product head Thibault Sottiaux, shifting resources toward its Codex line and enterprise revenue ahead of a planned IPO while shutting down its Sora video tool, the Financial Times reported. OpenAI and Visa also expanded a partnership letting AI agents make online purchases with user permission, mirroring Visa’s parallel deals with Anthropic and Microsoft. DoorDash, meanwhile, announced Ask DoorDash, a chatbot in select markets that lets customers order food and groceries from photos and prompts.

⸻

🛡 Cyber posture

Microsoft removed dozens of GitHub-hosted open-source projects after hackers apparently breached them and injected password-stealing malware, with many affected projects relating to Azure and AI development tools used with Claude Code, Gemini‘s command-line interface and VS Code. Security researchers said the malware could steal credentials when compromised tools were opened in AI coding apps, according to TechCrunch.

ServiceNow warned affected customers that attackers exploited an unauthenticated access flaw through a vulnerable API endpoint to query data from customer instances, and applied a security update earlier this month limiting the endpoint to authenticated users. Administrators linked the incident to the /api/now/related_list_edit/create endpoint and advised reviewing logs, according to BleepingComputer.

France’s digital affairs directorate DINUM said hackers used a compromised account to breach Tchap, the government’s encrypted messaging platform, with ANSSI detecting the breach earlier this week and CNIL alerted. A threat actor claimed responsibility, saying they used social engineering and stole messages, metadata, documents and media files.

Meta fixed a flaw in a customer-service tool that let hackers use an AI-powered chatbot to reset Instagram passwords, affecting roughly 34,000 accounts including 20,000 that were breached and exposed personal data, according to internal documents viewed by The New York Times. Meta said some back-end checks failed but not because of the AI agent itself, and that it was notifying regulators and affected users.

CISA issued a directive requiring US civilian federal agencies to fix, disable or remove the most serious vulnerable software or equipment from the internet within three calendar days, citing hackers’ use of AI and concern that advanced models could enable automated exploitation at scale, Reuters reported. Less severe vulnerabilities will have remediation windows of two weeks to two months.

In the Financial Times, Anthropic was reported to have embedded roughly six forward-deployed engineers inside the NSA to customise its Mythos model for offensive cyber operations such as infiltrating foreign networks. The arrangement persists despite Anthropic’s lawsuit against the Department of Defense over a supply-chain risk designation linked to the company’s attempts to restrict Claude’s use in lethal drones and mass surveillance.

⸻

🕵️ Surveillance states

German cybersecurity journalist Marc Hofer uncovered an unsecured prototype Chinese policing dashboard titled Dynamic Control Platform for Overseas Personnel, apparently built for Zhangjiakou‘s Public Security Bureau, containing profiles of foreign journalists and residents with passport details, phone numbers, CCTV records, travel data, hotel stays and relationship-mapping functions, according to The Sydney Morning Herald. The platform was closed off within hours of Hofer and former Telegraph correspondent Sophia Yan publishing their findings.

Meta said it is filing a federal-court contempt motion against Israeli spyware firm NSO Group for allegedly violating an injunction barring it from targeting WhatsApp users, after WhatsApp disrupted new spear-phishing attempts resembling earlier one-click campaigns. Civil-rights groups, security researchers and digital-rights experts filed amicus briefs opposing NSO’s appeal, Reuters reported.

Meta deleted code for an unreleased face-recognition system, internally called NameTag, from its Meta AI smart-glasses companion app after WIRED reported on the feature, which was designed to build biometric faceprints from faces captured by the glasses and match them against a local database. Meta said the feature was exploratory and no final decision had been made.

Russia temporarily disabled a specialised surveillance network protecting President Vladimir Putin and top aides after the assassination of Iran’s Supreme Leader Ayatollah Ali Khamenei, the Financial Times reported. The precautions followed revelations that Israeli intelligence weaponised advanced language-based AI to query millions of hours of Iranian CCTV data to track high-value targets.

Microsoft said it will tighten human-rights controls when working with national-security agencies after an inquiry into Israeli military use of its cloud for mass surveillance of Palestinians, which found Unit 8200 had used Azure to store intercepted phone calls. Microsoft terminated the unit’s access to some cloud and AI services and said it would adopt the inquiry’s recommendations, according to The Guardian.

The US House rejected a stopgap measure to renew Section 702 of the Foreign Intelligence Surveillance Act, all but ensuring the warrantless-wiretapping authority lapses this week after renewal talks collapsed over the status of acting intelligence chief Bill Pulte. Legal experts note a March surveillance-court recertification will likely require telecommunications companies to keep complying with intelligence directives into 2027, even as reformers push for warrant requirements and limits on purchased broker data.

⸻

⚖️ Platform accountability

Meta plans to use data shared by other businesses to personalise Facebook and Instagram feeds and AI responses, expanding an approach it already applies to ads, according to The Verge. Meta said the change does not involve collecting new data and can be controlled through its Activity from other businesses setting.

Chinese activist Apple Peiqing Ni was targeted on X with deepfake posts portraying her as promiscuous and a drug user after she posted about attending a Tiananmen massacre commemoration; X initially told her the posts did not breach its harassment or violent-speech rules, then suspended the account after The Guardian contacted its press office. Ni said UK police had advised her to report the posts to X and that her parents in China had been harassed over her activism.

⸻

🧑‍⚖️ Courts, enforcement & regulation

A federal judge in Mississippi sanctioned lawyers on both sides of a contractual dispute after finding they filed AI-generated briefs citing nonexistent cases, with Senior US District Judge Sharion Aycock cancelling the trial, disqualifying all four lawyers, barring two from the court for two years and fining each between US$1,000 and US$3,500, according to 404 Media.

A Munich regional court issued a temporary injunction against Google over false claims in AI-generated search overviews about two publishers, treating the overviews as Google’s own content and making it directly liable rather than applying traditional search-engine protections, The Decoder reported. The court rejected Google’s argument that users could verify linked sources themselves.

⸻

🏛️ Government, procurement & public sector tech

Britain is reviewing its £330 million NHS contract with Palantir amid pressure to trigger a break clause when the initial term ends in early 2027, with technology minister Liz Kendall saying the review will weigh patient confidentiality, public trust and reliance on a US supplier. A parliamentary committee urged ministers to end the contract, warning Palantir’s role posed an unacceptable point of weakness, according to Reuters.

Australia’s Department of Parliamentary Services announced the Parliamentary Information and Cyber Resilience project, the most significant upgrade to the federal Parliamentary Computer Network since its creation, aiming to segment the network and close compliance gaps with the Essential Eight standards. The move follows an Australian National Audit Office report that found the department only partly effective, citing failure to properly implement seven of the Australian Signals Directorate‘s Essential Eight strategies and a 55% turnover rate in its Cyber Security Branch over a year.

⸻

🏗️ Data centres & energy

In Crikey, Ketan Joshi wrote that a Greenpeace Australia Pacific report he led calls for a nationwide moratorium on data centre development in Australia, arguing the technology industry will not produce enough renewable energy to match new demand and that gas-fired data centres could worsen climate impacts. Joshi said Australia should pause, regulate and restrict data centre development.

Texas Governor Greg Abbott released recommendations for state data centre regulation ahead of the 2027 legislative session, proposing that new facilities add power generation, pay grid-interconnection and infrastructure costs, use closed-loop water systems, report electricity and water use and lose sales-tax exemptions. Abbott also directed regulators to act sooner on transmission and infrastructure costs.

NEXTDC‘s M3 facility in Melbourne — described by Crikey as a 225-megawatt site and one of Australia’s largest data centres — is promoted as a new digital gateway for the state, with 41,000 square metres of technical space built for hyperscale growth. The article framed M3 as part of the rapid expansion of data centres on industrial estates around Australian capital cities.

⸻

💰 Tech business & markets

President Donald Trump signalled openness to the US government taking equity stakes in leading AI labs through a public-private structure seeding a government wealth fund, Bloomberg reported, following proposals from OpenAI‘s Sam Altman and a push by Senator Bernie Sanders to require AI companies to surrender half their stock to redistribute wealth to citizens facing job displacement. Critics argued direct federal ownership risks nationalising the sector.

In The New York Times, former Andreessen Horowitz general partner John O’Farrell argued that major AI investors are using political spending to deter regulation, citing the Leading the Future PAC backed by AI and tech figures and the pro-regulation Public First Action PAC backed by Anthropic executives. O’Farrell said large-scale AI campaign spending distorts democracy and should instead fund public education and AI public-interest projects.

In Axios, Elon Musk was described as having built a corporate empire investors treat as too important to penalise despite repeated controversies, with the piece noting he was using X for far-right culture-war commentary on the eve of SpaceX‘s expected IPO. It framed investor tolerance of Musk’s conduct as unusually broad compared with standards applied to other chief executives.

Kalshi plans to require users in some prediction markets to disclose their employers as a guardrail against insider trading and manipulation, applying the rule to markets tied to material nonpublic information such as company performance and national security, according to The Wall Street Journal. The change follows an audit-committee recommendation and rising scrutiny from lawmakers, regulators and prosecutors.

Wesfarmers chief executive Rob Scott said the group will use AI to lift productivity across its stores and withstand weak consumer conditions, targeting existing pain points and freeing staff from repetitive tasks, according to the Australian Financial Review. Scott said Bunnings and Kmart marketplaces were growing after Wesfarmers closed Catch.

Jedify, a New York-based startup, raised US$24 million in Series A funding led by Norwest, with participation from Snowflake and others, to build a context graph connecting enterprise knowledge sources so AI agents can use company-specific data, permissions and workflows. The company said it has 10 to 20 early customers and is targeting mid-market and large enterprises.

⸻

🧒 Online harms & child safety

Apple announced child-safety changes at WWDC 2026 expanding parental controls across its devices, including broader Ask permissions for websites and unknown contacts, automatic filtering of potentially inappropriate images, FaceTime protections and more detailed Screen Time settings, according to Engadget. Apple said it is collaborating with the American Academy of Pediatrics on healthy screen-time guidelines.

Apple chief executive Tim Cook briefed Prime Minister Anthony Albanese on the new controls and, according to Albanese’s office, credited Australia‘s under-16 social-media ban as part of the inspiration, with tools including child-account setup changes, Ask to Browse, app-category time limits and expanded Communication Safety protections. The Sydney Morning Herald contrasted Apple’s device-level controls with Australia’s platform-level ban, which eSafety commissioner Julie Inman Grant has questioned.

UK Prime Minister Keir Starmer said big tech firms operating in Britain must stop children circulating nude images or face legislation, wanting Google, Apple and others to build or activate device controls to detect and block such images for children while allowing adult access through age verification, Reuters reported. Starmer is also reportedly considering restrictions on harmful social-media platforms for under-16s.

⸻

🌏 Global policy

🇺🇸 United States

The White House is negotiating federal preemption of some state AI laws in exchange for support for congressional tech-policy priorities, Axios reported, as states pass stronger AI rules. Representatives Jay Obernolte and Lori Trahan separately unveiled a 269-page bipartisan discussion draft that would preempt some state AI laws while requiring leading developers to disclose safety and security risks, use third-party auditors and formally establish the Center for AI Standards and Innovation.

Senators Ted Cruz and Ron Wyden introduced the bipartisan JAWBONE Act to curb federal pressure on broadcasters, online services and AI services to restrict speech, letting people sue federal agencies or employees for coercive jawboning and allowing state attorneys-general to bring civil actions, according to Ars Technica. It would also require certain government communications with social-media, AI and broadcasting companies to be logged to a public-summary portal.

A federal judge vacated President Donald Trump‘s policy imposing a US$100,000 fee on employers’ H-1B visa applications, with Judge Leo Sorokin ruling it violated the Administrative Procedure Act and the Constitution as a tax Congress had not delegated to the executive, CNBC reported. The administration said it plans to appeal.

🇪🇺 Europe

EU regulators criticised Apple for blaming the Digital Markets Act for its decision not to roll out upgraded Siri AI in the bloc for now, after the European Commission rejected Apple’s request for an 18-month exemption from interoperability obligations. The Commission said the decision was Apple’s alone and that the DMA does not block new product launches, Reuters reported.

The European Commission ordered Meta to give rival AI chatbots free access to WhatsApp while it investigates whether Meta abused its market power, issuing the interim measure after complaints from AI-assistant developers about Meta’s access fees. Meta criticised the order as regulatory overreach and said it would appeal.

EU Drugs Agency executive director Lorraine Nolan warned that drug gangs are exploiting AI, drones and online chemical marketplaces to create new designer chemicals and evade detection, with Europe emerging as a synthetic-drug production hub, the Financial Times reported. The agency’s annual report said new psychoactive substances were detected at roughly one a week last year and seizures hit a record by quantity in 2024.

🇬🇧 United Kingdom

The UK government introduced the National Security (State Threats) Bill to Parliament, creating counter-terrorism-style powers against foreign state organisations and state-linked proxy groups, allowing the Home Secretary to designate hostile organisations and creating offences for support or payment linked to them. The Home Office published accompanying documents, noting the bill builds on the National Security Act 2023 and applies new criminal sanctions to designated bodies, including proxies used by states to carry out hostile activity in the UK.

🇨🇦 Canada

Canada unveiled an AI for all strategy it says will create 250,000 jobs by 2031 and lift GDP by 3%, with Prime Minister Mark Carney announcing a C$500 million Canadian Tech Growth Fund and financing to help smaller businesses access AI tools, Reuters reported. Canada separately introduced a digital-safety bill that would ban social media for children under 16 unless platforms meet safety standards and create a regulator to set standards for AI chatbots, with penalties up to 3% of global revenue or C$10 million.

🇮🇳 India

India has effectively frozen final approvals for Starlink to begin commercial operations, with security agencies under the Ministry of Home Affairs withholding clearances over concerns about satellite-terminal use during the Iran war and seeking assurances despite Starlink’s US ownership, Bloomberg reported. The delay has also stalled a satellite-spectrum pricing proposal needed for commercial launches by Starlink and Indian competitors.

That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:

The Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.

Share

Welcome to the latest edition of ASPI’s Cyber & Tech Digest.

Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.

This edition covers the period: 30 May 2026 to 5 June 2026.

Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.

What We’re Tracking

Five Eyes warn China is using job platforms to recruit government insiders

What happened: The Five Eyes intelligence alliance, ASIO, CSIS, FBI, MI5 and NZSIS, issued a rare joint bulletin warning that China’s military intelligence services are using professional networking and online recruitment platforms, including LinkedIn, Indeed, and Upwork, to target individuals with access to sensitive government, military, and economic information. The bulletin, published simultaneously by partner agencies and available via MI5 and CSIS, describes the tactic as a scaled, methodical approach to identifying and cultivating sources through seemingly legitimate employment opportunities.

According to the bulletin, operatives pose as recruiters, consultants, or think-tank staff linked to fictitious companies outside China. They advertise fabricated roles, conduct virtual hiring processes, and progressively seek non-public material — often through encrypted communications and with financial incentives — from government employees, military personnel, academics, and journalists. Officials noted that even unclassified information can contribute to broader intelligence collection and expose individuals to legal risk.

China rejected the allegations, as reported by Reuters.

Why we’re tracking this: The bulletin is described by officials as an unprecedented coordinated public warning from the alliance’s domestic security agencies, as noted by the Washington Post. That unusualness is itself significant, joint public attribution at this level signals a deliberate escalation in how Five Eyes partners are choosing to communicate espionage threats to potential targets, including think-tank and policy staff directly relevant to the defence and strategic community.

What people are saying:

• ‘We’ve been clear that it is in the national interest to engage with China, not least because it enables us to directly challenge behavior which we will not tolerate.’ — Dan Jarvis, UK Minister of State for Security, Politico Europe.

• ‘There are plenty of naive experts out there who seem quite happy to sell their expertise without understanding the risks of doing so.’ — Clive Hamilton, professor of public ethics at Charles Sturt University, ABC News Australia.

• ‘We’re not saying don’t use social media or professional networking sites - just don’t tell the world you hold a national security clearance or work with sensitive government or military information.’ — Andrew Hampton, director-general of NZSIS, RNZ.

My view: The recruitment techniques described in the bulletin are broadly consistent with methods Five Eyes agencies have warned about for years so there’s no surprise there. What is notable is the decision to issue a coordinated public warning, which provides a deterrence signal to Beijing that these activities are being detected and attributed, raising operational costs for those involved. It also serves a resilience function, prompting officials and experts to scrutinise unsolicited approaches more carefully. The more meaningful indicators to watch are whether suspicious approaches are reported more frequently and whether engagement with recruitment attempts declines. Another is on tradecraft adaptation: if mainstream professional networking sites attract greater scrutiny, recruiters may migrate to industry-specific forums, encrypted messaging applications, academic networks, or private professional groups, platforms where awareness of this threat is lower and protective security guidance has less reach.

— Fitriani, CTS

Florida sues OpenAI and Sam Altman over chatbot safety risks

What happened: The US state of Florida filed a civil lawsuit against OpenAI and its CEO, Sam Altman, alleges that the company aggressively marketed ChatGPT to the public as safe and reliable while deliberately concealing serious safety risks and possible dangers. As reported by The New York Times, the state became the first to sue the ChatGPT maker over claims that its technology posed a risk to children. The legal action comes as Florida is pursuing a criminal investigation into whether ChatGPT played a part in the murder of two people during a mass shooting at Florida State University last year, noted the BBC.

An OpenAI spokesperson defended the company's safety records in statements to The Guardian, pointed to the platform's minor-specific safeguards, including age-prediction tools and parental monitoring features.

Why we’re tracking this: This case marks the first time a US state has sued an artificial intelligence developer while also seeking to hold its chief executive personally liable for product safety failures. The enforcement action explicitly separates Florida leadership from federal Republican alignment under President Donald Trump, who has actively pursued deregulation for the domestic AI sector.

What people are saying:

• ‘OpenAI and Altman ignored internal and external safety warnings, put children at great risk, and allowed a dangerous product to reach millions of Floridians.’ — Florida Attorney General James Uthmeier, The Guardian.

• ‘This lawsuit is a significant development, but it has not arrived in a vacuum.

  Across the US, the courts are filling with cases accusing tech companies of harming young people.’ — Alexandra Andhov, Chair in Law and Technology, University of Auckland, Waipapa Taumata Rau, The Conversation.

• ‘The law that the state of Florida is enforcing is a law against unlawful or deceitful business practices … that is a pretty broad line.’ — Bahrad Sokhansanj, Senior Research Scholar at the Institute for Law and AI, ABC.

My view: While the regulatory response to social media harms lagged for decades, the profound threat artificial intelligence poses to youth mental health and critical thinking requires immediate intervention. As generative models provide explicit, tailored advice rather than passive content feeds, companies must be held to a far stricter standard of legal accountability. Enforcing regulatory frameworks that preserve human-in-the-loop professional oversight for medical and psychological guidance is essential to stop children from naively relying on automated systems. Ultimately, establishing corporate consequences early in this judicial cycle is critical to prevent a broader governance failure where accountability is completely offloaded to autonomous tech.

— Lucy Haley, CTS

What We’re Watching

A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

⸻

🧠 AI models, agents & compute

The Anthropic Institute published a paper arguing that AI systems are already accelerating AI development, citing internal data showing engineers shipping code at eight times the rate seen in the preceding four years. The paper warns that continued advances could eventually allow AI systems to autonomously design and develop their successors, a process it describes as recursive self-improvement, and flags the attendant risks for monitoring, governance, and human oversight.

Sixteen mathematicians published the Leiden Declaration on Artificial Intelligence and Mathematics, warning that rapid advances in AI-driven theorem proving could reshape or distort mathematical research. The declaration raises concerns about reliability, transparency, and overreliance on proprietary systems, and cautions that AI may shift research priorities toward problems better suited to machine methods at the expense of openness and independent verification.

In The New York Times, Ezra Klein argued that policy discussions about AI have focused heavily on risks while neglecting a coherent agenda for ensuring AI produces public benefits. Klein called for governments to actively shape AI development through funding, data infrastructure, and compute access, including the possibility of publicly controlled frontier models.

⸻

🛡 Cyber posture

Researchers at the University of Toronto demonstrated an AI-assisted prototype computer worm capable of autonomously spreading across a controlled test network by adapting its attack strategies to each machine it encountered. The study found that AI systems capable of code generation can be used to create more sophisticated self-propagating malware, and researchers warned that increasingly powerful open-source AI systems could make similar techniques more viable in real-world environments.

President Trump signed an executive order directing federal agencies to strengthen cybersecurity using advanced AI capabilities and expanding cooperation with private-sector AI developers. The order mandates creation of an AI cybersecurity clearinghouse, expansion of AI-enabled defensive tools, and development of a voluntary framework for government access to certain frontier AI models before release. The order also prioritises criminal enforcement against malicious use of AI in cyber intrusions. Politico noted that the administration scaled back an earlier proposal seeking 90 days’ notice before model release to a voluntary 30-day process led by the National Security Agency.

Meta began notifying Instagram users after a hacking campaign reportedly exploited its AI chatbot to gain unauthorised access to accounts. Attackers allegedly tricked the chatbot into linking victim accounts to attacker-controlled emails by falsely claiming account ownership, enabling password resets and takeovers. Meta said it has secured affected accounts and issued reset notifications, but has not disclosed the total number of victims.

Security researcher Ammar Askar publicly released a proof-of-concept exploit for a flaw in Microsoft‘s VS Code that could allow attackers to steal GitHub access tokens through a single malicious link. Askar said he bypassed Microsoft’s vulnerability disclosure process after dissatisfaction with the company’s handling of previous reports, including disagreement over security impact and a lack of recognition, reflecting broader tensions over disclosure practices within the security research community.

Russia’s Federal Security Service claimed it uncovered a large-scale espionage operation in which malware was allegedly deployed on the mobile devices of senior Russian officials, enabling access to communications, geolocation data, contacts, and audio and video. Russian authorities have opened a criminal investigation, though the FSB did not identify the malware involved or provide technical evidence supporting its claims.

The World Food Programme is investigating a security breach that exposed personal information submitted by Palestinians seeking humanitarian assistance in Gaza. Compromised data included names, identification numbers, phone numbers, and location details collected through the agency’s self-registration platform, with information from approximately 600,000 Palestinian households potentially exposed. WFP suspended the affected application and implemented additional security measures.

⸻

🕵️ Surveillance states

Russia’s Supreme Court is considering a request to designate the Belarusian Cyber Partisans and Silent Crow hacker groups as extremist organisations. Both groups have claimed responsibility for cyberattacks against Russian and Belarusian government institutions and critical infrastructure, including a major 2025 attack on Aeroflot.

⸻

🚀 Strategic competition

The Five Eyes intelligence alliance issued a joint bulletin warning that Chinese military intelligence services are using professional networking sites and online job platforms to target individuals with access to classified or privileged information. According to the bulletin, intelligence officers are posing as recruiters and consultants linked to fictitious companies to facilitate recruitment and information collection, with Reuters noting that journalists, think-tank staff, and others with indirect access to government data are also being targeted.

Congress is considering legislation that would provide a 25% tax credit for buyers of U.S.-made printed circuit boards and $3 billion in grants for domestic manufacturers, amid growing concern over U.S. dependence on Chinese-made PCBs that underpin AI systems and defence electronics. Industry and defence officials warn that supply-chain concentration in China creates security risks including potential hardware compromise, with domestic producers including TTM Technologies and Sanmina expanding capacity.

Former CIA Director David Petraeus said unmanned and autonomous systems will be the defining challenge and investment opportunity in defence over the next decade, arguing that recent conflicts have exposed inadequate defences against drones and warning that autonomous drone swarms capable of coordinating without human operators could overwhelm existing military defences.

⸻

⚖️ Platform accountability

UK Prime Minister Keir Starmer accused Elon Musk of interfering in British politics and using the Henry Nowak murder case to create division. Starmer backed Labour MP Jess Asato‘s legal action against xAI, alleging Grok generated fake sexualised images and videos of her in breach of UK laws, and said the government would continue challenging AI platforms over harmful content.

The U.S. Federal Trade Commission is considering whether to modify or set aside a 2022 settlement that fined Twitter $150 million for using security-related account data for targeted advertising. X argues the order applies to a company that no longer exists, that responsible personnel have departed, and that current privacy controls make existing restrictions unnecessary. The FTC has opened a public consultation before deciding whether to alter the settlement terms.

New York Times publisher AG Sulzberger criticised AI companies at the World News Media Congress, accusing them of mass unauthorised use of news content and describing the practice as theft of intellectual property. Sulzberger argued that AI firms are weakening journalism’s economic model by extracting value from news websites without permission or compensation and warned that continued consolidation of data and attention by technology firms could reduce the viability of original reporting.

Constraints around compute, energy, data sovereignty, and chip access are driving AI infrastructure development beyond traditional technology hubs, according to Rest of World. The article highlights major AI infrastructure projects in India, Africa, Brazil, and the UAE, where governments and companies are building sovereign cloud, data centre, and GPU capacity to reduce dependence on U.S. hyperscalers.

⸻

🧑‍⚖️ Courts, enforcement & regulation

OpenAI released a policy proposal calling for mandatory evaluations of advanced AI models and assigning oversight to the Commerce Department‘s Center for AI Standards and Innovation (CAISI). The proposal diverges from a recent White House executive order that established a voluntary evaluation framework led by the National Security Agency, with OpenAI executives indicating they will lobby the White House and Congress to expand CAISI’s role and establish mandatory evaluation requirements for developers of advanced AI systems.

CFTC Chair Michael Selig said the agency is seeking to reverse what he described as a politically motivated enforcement action against Gemini, the cryptocurrency exchange run by Cameron and Tyler Winklevoss. The agency moved to vacate a January 2025 order that imposed a $5 million penalty and injunction on Gemini over alleged false statements made during its 2017 application for a bitcoin futures product, with Selig framing the move as part of a broader effort to roll back crypto enforcement actions initiated during the Biden administration.

⸻

💰 Tech business & markets

SpaceX filed for a $75 billion initial public offering that would value the company at approximately $1.77 trillion in what would be the largest IPO on record. The company plans to sell 555.6 million shares at $135 each, with proceeds directed toward AI, launch, and satellite infrastructure, and the filing disclosed a $1.25 billion-per-month AI compute contract with Anthropic. Bloomberg separately reported that ten Trump administration officials disclosed financial interests in SpaceX or xAI worth between $9.9 million and $43.8 million in aggregate, with the company a major federal contractor and several officials retaining holdings through waivers or indirect investment vehicles. Reuters reported that the deal includes governance elements such as strong founder control and restrictions on share sales by Musk post-listing.

Alphabet is planning to raise $80 billion through equity offerings, including a $10 billion investment from Berkshire Hathaway, to fund large-scale AI infrastructure spending. The raise reflects accelerating compute demand and the growth of Google Cloud alongside Alphabet’s core advertising business. Google, meanwhile, is offering selected Android developers on the Play Store participation in a confidential pilot program that pays them to share access to their app codebases, with the stated purpose of improving AI-assisted coding systems using real-world production code.

Meta launched its Meta Business Agent globally on WhatsApp Business after testing in markets including India and Mexico. The AI agent handles customer support tasks including answering questions, recommending products, booking appointments, and escalating conversations to human staff, with Meta also extending the agent to Instagram DMs.

⸻

🌏 Global policy

Australia

In The Strategist, Jack Evans argued that Australia’s geographic distance from active conflict zones, stable governance, legal predictability, and growing renewable-energy capacity make it an increasingly attractive location for AI data centres. The piece cited major planned investments by Microsoft and AWS in Australia, while warning that the country could lose this advantage if energy, grid, and approvals infrastructure fail to keep pace with growing AI-related demand.

China

China is deploying AI across its healthcare system to address structural problems including uneven access to medical services and shortages of qualified doctors in rural areas, with government policy accelerating adoption of diagnostic systems, patient-tracking bots, and large language model-based medical assistants across hundreds of hospitals, according to The Wire China. Experts warn that rapid deployment without sufficient regulation and clinical validation could lead to misdiagnosis and uneven quality of care. China’s AI industry is also facing rising computing, energy, and infrastructure costs as demand shifts toward more resource-intensive AI agents and workflows, with major firms including Alibaba, Tencent, Baidu, and Zhipu raising prices for AI services.

JinkoSolar, one of China’s largest solar manufacturers, sold its Florida-based subsidiary while retaining a minority stake, reflecting a broader retreat of Chinese clean-tech firms from the U.S. market amid regulatory and political scrutiny. The company’s U.S. operations have faced tariffs, government investigations, and concerns over supply chain links to forced labour in Xinjiang, with more than half of planned Chinese clean-tech investments in the U.S. since 2022 reportedly cancelled, paused, or delayed.

That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:

The Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.

Share

Welcome to the latest edition of ASPI’s Cyber & Tech Digest.

Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.

This edition covers the period: 23 May 2026 to 29 May 2026.

Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.

What We’re Tracking

Pope Leo pushes AI ethics into global politics

What happened: Pope Leo XIV used his first encyclical, Magnifica Humanitas, to position artificial intelligence as a political, social and moral challenge rather than purely a technological one. The 42,300-word document warned that AI risks concentrating power, undermining democratic accountability and reducing people to data points and economic functions if left primarily in the hands of governments and private technology firms.

The encyclical repeatedly framed AI as a change comparable to the industrial revolution. It called for protections for the most vulnerable, legal oversight and ethical constraints on AI, including on autonomous weapons. It also pushed for establishment of a shared framework, including at the international level, to curb the technological arms race and ensure robust protection for civilians.

The Vatican presented the encyclical alongside Anthropic co-founder Christopher Olah, who warned that AI will displace human labour on very large scale and that supporting those displaced would become a moral imperative of historic proportions. Writing in WIRED, Daniele Polidoro called the moment an unprecedented alliance between the Church and Silicon Valley. Critics may see the Vatican’s decision to hand a frontier-AI executive a platform as a moral endorsement, offered amid intense commercial competition and the company’s own friction with the Pentagon.

Why we’re tracking this: The intervention pulls AI governance further into mainstream geopolitical and cultural debate. It rejects the idea that AI development is inevitable or politically neutral, and puts labour, warfare and democratic oversight squarely on the table.

It also lands as tensions grow between calls for stronger regulation and governments prioritising AI competitiveness, national security and industrial policy. NBC News noted the silence of tech titans towards the encyclical, while US Vice President JD Vance, himself a convert to Catholicism, acknowledged that advancement of technology may require a rethink of the ‘Just War’ doctrine.

What people are saying:

• ‘Technology is never neutral, because it takes on the characteristics of those who devise, finance, regulate and use it.’ — Pope Leo XIV, Magnifica Humanitas.

• ‘Can the moral authority of a pope counter the ambitions of the handful of wannabe trillionaires driving one of the most significant technologies in history?’ — Stephen Bartholomeusz, The Sydney Morning Herald.

• ‘Boards and governments integrating AI without parallel investment in accountability are courting regulatory and reputational exposure as the rules sooner or later catch up, or the harms are inevitably brought to light.’ — Jordan Guiao, InnovationAus.

My view: Pope Leo’s call for a shared framework to curb an AI arms race comes amid a broader crisis of multilateralism. The frameworks that exist are either geographically limited or driven by national interest. The EU AI Act offers the most comprehensive regulatory foundation for anchoring the technology’s development in human rights, but its reach stops at the bloc’s borders. The US AI Action Plan focuses on competitive dominance through accelerating innovation, infrastructure building and international diplomacy. China’s Global AI Governance Action Plan offers strategic pointers for international AI development, emphasising respect of national sovereignty, alignment with development goals, as well as safety and controllability. Global South countries, whose workforces are most exposed to AI-driven displacement, remain largely absent from meaningful international AI governance initiatives.

With geopolitical tension pushes unrestricted development of autonomous weapons, surveillance and targeting, and companies race to build frontier AI for profit, the 2024 UN Global Digital Compact is worth returning to: a commitment to technologies that accelerate progress, eradicate poverty and leave no one behind. The challenge is whether those 2030 goals are reachable, or whether governance keeps trailing the technology it is supposed to steer.

— Fitri, CTS

What We’re Watching

A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

⸻

🚀 Strategic competition

President Trump postponed signing a much-anticipated AI and cybersecurity executive order hours before a scheduled ceremony last week, with AI adviser David Sacks and tech executives including Mark Zuckerberg and Elon Musk raising last-minute objections. Trump cited concerns the order would impede US competitiveness against China; industry sources also questioned why the Treasury Department had been assigned a coordinating role on security vulnerability disclosures rather than CISA or NIST, according to Axios. A seven-page draft obtained by POLITICO would have created a voluntary system requiring developers to submit advanced AI models for federal agency review up to 90 days before public release, while explicitly stating the government would not establish mandatory licensing for AI development.

Last-minute phone calls from tech leaders persuaded Trump to postpone the order, The Washington Post reported, with industry warning the voluntary review system could become de facto mandatory and inhibit development. Sacks called Trump on Wednesday night before the planned ceremony to raise concerns after earlier indicating support, blindsiding White House staff; industry pushed for a 14-day sharing window instead of 90 days and intelligence community leadership of any review process. The order is not dead but will be revisited in unclear form.

China is imposing overseas travel restrictions on senior AI professionals at private companies including Alibaba and DeepSeek, requiring government approval before international travel, Bloomberg reported. Authorities are targeting startup founders, researchers, and executives deemed critical to the country’s AI ambitions, assessing individuals based on strategic importance rather than seniority alone, as Beijing seeks to close the gap with the US.

China’s Wingtech Technology filed a $1.2 billion damages lawsuit against Nexperia B.V. and five other entities, claiming its control over the chipmaker remained restricted. The suit could re-escalate a dispute frozen since late 2025, when China agreed to reduce export controls on Nexperia chips in exchange for the Netherlands suspending its earlier seizure of the company. Wingtech is pursuing damages under China’s anti-foreign sanctions law, arguing the defendants’ restrictive measures caused irreparable losses.

Nvidia CEO Jensen Huang urged Super Micro Computer to strengthen compliance after Taiwan detained three people for allegedly making fraudulent declarations about AI servers in the island’s first crackdown on semiconductor smuggling. The defendants allegedly conspired to purchase servers and export them using fraudulent documentation to circumvent US chip export restrictions; the case follows the earlier US arrest of Super Micro’s co-founder for allegedly diverting billions in Nvidia chips to China. Super Micro said it will strengthen trade compliance with pre- and post-shipment verifications.

Airbnb CEO Brian Chesky defended the company’s use of Chinese AI models, telling Bloomberg that US lawmakers misunderstand the technology and that Airbnb is not providing data to Chinese companies. Chesky said the company primarily uses open-source models for its customer service chatbot — which now handles 70% of customer service tickets — and uses Alibaba’s Qwen model in certain situations. The defence follows a House investigation into alleged Chinese efforts to exploit American innovation; the same committees are also investigating Anysphere’s use of Chinese AI technology.

In The Strategist, an analysis argued that space has achieved decisiveness equivalent to air power and should be formally classified as a warfighting domain to coordinate capabilities and signal deterrence. The US established the Space Force in 2018 and designated space a warfighting domain; Australia and NATO still classify space as an operational domain. The 2026 Secure World Foundation Global Counterspace Capabilities report tracked military space capabilities being developed by 13 countries, including electronic warfare, anti-satellite weapons, and co-orbital spacecraft.

⸻

🧠 AI models, agents & compute

Anthropic released Opus 4.8, its most advanced publicly available model, 41 days after Opus 4.7’s launch in an accelerated upgrade cycle responding to competitive pressure from OpenAI’s Codex and Google’s Gemini Flash. The release includes Dynamic Workflows, a research-preview feature enabling complex task management across hundreds of parallel subagents; Claude Code with Opus 4.8 can execute codebase-scale migrations across hundreds of thousands of lines of code. Anthropic expects to complete safeguards for its withheld Mythos model within weeks.

Pope Leo XIV released a 42,300-word papal encyclical titled ‘Magnifica Humanitas’ earlier this week, warning of AI’s disruptive effects on human dignity, employment, and agency, and calling for government regulation of AI companies and worker protection. Leo presented the encyclical alongside Christopher Olah, co-founder of Anthropic, and the document called for regulation, worker retraining, critical media education, child protection, and human control over weapons decisions. The encyclical, formally signed earlier this month on the 135th anniversary of Leo XIII’s ‘Rerum Novarum’ on labour rights, positioned AI ethics as a religious imperative and framed the technology choice in biblical terms, between hubris and renewal.

The encyclical also warned that some autonomous weapons systems have advanced beyond meaningful human control, and made one of the clearest papal repudiations of just-war theory in modern times, Reuters reported. In AFR, a commentary contrasted Leo’s framework with the Trump administration’s deregulatory approach, noting Peter Thiel had visited Rome arguing AI regulation resembles heresy — a framing the Vatican rejected as a heresy of its own.

Anthropic launched Project Glasswing with roughly 50 partners to identify vulnerabilities in critical software before AI models can be weaponised against it, using Claude Mythos Preview. The effort has found more than 10,000 high- or critical-severity vulnerabilities across systemically important software, with partners reporting bug-finding rates increased by more than 10x. Mythos Preview scanned 1,000+ open-source projects and identified 6,202 high- or critical-severity vulnerabilities, with 90.6% of assessed findings proving valid; the company says the challenge is now patching, not finding, vulnerabilities.

The White House approved a secret $9 billion request to acquire cutting-edge Nvidia Grace Blackwell superchips that US intelligence agencies need to deploy the latest AI models on classified systems, The New York Times reported. The chip shortage has hampered the CIA, NSA and other agencies from testing or deploying newest AI models; the administration reprogrammed $800 million for rapid acquisition. White House chief of staff Susie Wiles authorised NSA to continue using Anthropic’s advanced model despite the Pentagon designating the company a supply chain threat; a classified contract is being finalised with a carve-out preventing the AI model from being used on Americans’ data.

Britain’s AI Security Institute, staffed by around 100 employees from intelligence agencies, academia, and tech companies, conducts red-team testing and safety research on leading AI models including Claude and Gemini, The New York Times reported. The institute, created nearly three years ago with £360 million in government funding, has found major safety gaps in every leading AI model tested and demonstrated AI systems can be tricked into providing instructions for biological or chemical weapons and cyberattacks. Created by former PM Rishi Sunak after a 2023 meeting with OpenAI, Anthropic, and Google DeepMind leaders, the institute is becoming a template for other governments; Australia, Canada, China, France, India, Japan, and Singapore have formed similar institutes.

Robinhood Markets launched a feature enabling customers to link AI agents such as Anthropic’s Claude or the coding agent Cursor to dedicated investment accounts, granting them authority to execute trades autonomously based on user-defined parameters, The Wall Street Journal reported.

OpenAI announced partnerships and initiatives to combat election interference and misinformation ahead of 2026 US and global elections. The company is offering cybersecurity products (Codex Security and Trusted Access for Cyber) to registered voting system manufacturers, briefing state election officials, and providing live vote counts from The Associated Press for US and Brazil elections. OpenAI is also endorsing transparency legislation including the Protect Elections from Deceptive AI Act and Preparing Election Administrators for AI Act.

⸻

💻 Chips, quantum & data infrastructure

The Trump administration awarded $2 billion in grants to nine quantum-computing companies last week, taking minority equity stakes in each. IBM received $1 billion and is investing $1 billion of its own cash to establish the nation’s first specialised quantum chip manufacturing facility; GlobalFoundries received $375 million and a roughly 1% government stake, with other recipients including D-Wave, Rigetti and Infleqtion receiving $100 million each. Two Australian-founded companies — Diraq (a UNSW spin-out) and PsiQuantum — were among the recipients, receiving US$38 million and US$100 million respectively, SMH reported; PsiQuantum is building a utility-scale machine in Queensland.

IBM itself, days later, announced plans to invest over $10 billion over five years to build the first large-scale quantum computer capable of reliable, error-free complex calculations by 2029, Reuters reported. The investment follows the federal equity stakes, with IBM contributing intellectual property, assets and workforce to the new manufacturing facility (named Anderon). IBM said it will expand ecosystem partnerships across more than 325 Fortune 500 companies, startups, universities and government agencies currently using its 90+ deployed quantum systems.

President Emmanuel Macron announced one billion euros in new funding for quantum computing last week, warning France and the EU must accelerate investment to keep pace with US and Chinese advances. France has already committed 2.3 billion euros since 2021 for quantum research; Macron also announced 550 million euros for semiconductors as part of a European programme, on top of 5.5 billion since 2022. Macron emphasised the strategic and sovereignty dimensions, calling for a European ecosystem free from extra-territorial legislation.

In Financial Times, an analysis characterised computing power as critical infrastructure equivalent to oil and electricity grids, noting 90% of global AI computing is controlled by US and Chinese companies. The UK and allied nations are exploring neuromorphic and quantum computing to secure independence, with £2bn UK quantum funding and €67mn for the German space agency. Semiconductor leadership concentrated in South Korea (Samsung, SK Hynix), Taiwan (TSMC), and the Netherlands (ASML) provides strategic leverage, but allied countries lack sufficient capital to develop and retain domestic champions.

Huawei announced a new chip design principle called ‘Tau Scaling Law’ (also known as ‘Her’s Law’), developed over six years by semiconductor chief He Tingbo, that the company says breaks through Moore’s Law limits, Nikkei Asia reported. The new LogicFolding chip architecture delivers a 55% transistor density gain and 41% power efficiency gain through three-dimensional spatial reorganisation rather than new lithography steps. Huawei’s upcoming Kirin chipset, launching later this year, will be the first to fully adopt the new law; the company claims it could match 1.4-nanometer technologies of TSMC and Intel by 2031.

Nvidia’s Jensen Huang said the company is spending US$100–150 billion annually on Taiwan supply chain partners, with plans to quadruple headcount from 1,000 to 4,000 employees by 2030. Huang flagged Taiwan as the centre of AI chip design, packaging, systems integration, and robotics engineering; Nvidia plans to construct a new downtown Taipei complex called Constellation, with construction beginning late 2026 and completion by 2030. Huang also flagged energy infrastructure as Taiwan’s critical priority for sustaining AI manufacturing growth.

AI-driven demand has caused Chinese automakers to face shortages and soaring costs for legacy memory chips, as semiconductor leaders reallocate production to high-bandwidth memory (HBM) and DDR5 for AI servers, Nikkei Asia reported. Xpeng chair He Xiaopeng and Xiaomi founder Lei Jun cited surging memory chip costs pressuring profitability; BYD raised assisted-driving package prices 21% and Changan increased SUV prices by 3,000 yuan due to chip costs. Analysts expect the memory chip crisis to persist until the end of 2027 at the earliest.

Foreign private equity firms are exiting China’s data centre sector as political and regulatory pressures make overseas ownership of critical digital infrastructure increasingly difficult, Financial Times reported. Princeton Digital Group (backed by Warburg Pincus) is launching a sale of China assets potentially worth $1 billion, following major exits by Bain Capital (which sold $4 billion in 2025) and Carlyle. Global PE firms are redirecting tens of billions of dollars from mainland China into other Asian markets including Malaysia, Japan, and India.

Cryptocurrency companies are accelerating preparations for quantum computing threats to blockchain security, with tech companies projecting practical quantum computers could be developed by 2030. Google’s April research paper identified specific vulnerabilities for cryptocurrencies, finding quantum computers could break cryptography with fewer resources than previously suggested. Ripple, Circle, Tron, and the Ethereum Foundation have detailed plans to implement quantum-resistant cryptography; Bitcoin faces challenges due to decentralisation requiring industry-wide coordination, with the industry estimating 3–5 years and potentially hundreds of billions of dollars needed to prepare.

⸻

🛡 Cyber posture

A supply chain attack dubbed ‘Megalodon’ infected more than 5,500 GitHub repositories using over 5,700 malicious commits injected within a six-hour window earlier this month, SecurityWeek reported. The attack, discovered by SafeDep after malicious versions of the Tiledesk open-source chatbot package were identified, deployed payloads to steal credentials, AWS/GCP/Azure tokens, SSH keys, Docker/Kubernetes configs, API keys, database strings, and CI/CD tokens via GitHub Actions workflows. Attackers compromised the Tiledesk GitHub repository without touching the NPM account, with the maintainer publishing from the poisoned source unknowingly; the attack exploited GitHub’s ‘workflow_dispatch’ exemption, allowing dormant backdoors to be triggered later via GitHub API.

One Australian MP and three staffers had their WhatsApp accounts hacked by a suspected foreign state actor through phishing attacks that bypassed two-factor authentication, The Australian reported. The Department of Parliamentary Services was notified in early March that multiple WhatsApp accounts of parliamentarians and staff were compromised; DPS then temporarily blocked WhatsApp across Parliament House’s network to limit damage. Since July 2025, DPS has detected 46 instances of malware, more than 20,000 phishing attempts, and 1,458 cyber alerts targeting Parliament House.

Belarus-linked threat actor GhostWriter (also tracked as UNC1151 and Storm-0257) launched an espionage campaign active since spring 2026 targeting Ukrainian government officials using fake emails disguised as messages from Prometheus, Ukraine’s largest online learning platform. Phishing emails claimed to offer course completion certificates and contained PDF attachments with malicious links downloading ZIP archives carrying OysterFresh malware, which deployed OysterBlues and OysterShuck components to collect system information. CERT-UA also warned of a concurrent campaign targeting Delta battlefield management system users through phishing masquerading as cybersecurity agency alerts.

Anne Keast-Butler, director of GCHQ, warned that the West faces a shrinking window to counter escalating cyber and hybrid threats from China and Russia, CNBC reported. Keast-Butler said China has emerged as a science and technology superpower with sophisticated intelligence and cyber capabilities, while Russia is conducting daily hybrid warfare targeting critical infrastructure, democratic processes, and supply chains. She called for cybersecurity to become ten times more urgent across government and private sector, noting the risk of miscalculation with Russia is at its highest level; her speech marked the 80th anniversary of the UKUSA intelligence agreement.

Dutch financial crime investigators (FIOD) seized 800 servers from WorkTitans and MIRhosting data centres and arrested two men for providing hosting infrastructure to NoName057(16), a Kremlin-backed hacktivist group conducting DDoS attacks across Europe. The servers were linked to sanctioned entities controlled by Moldovan brothers Iurie and Ivan Neculiti, who rebranded their sanctioned Stark Industries to THE.hosting and transferred operations to Dutch corporate shells to evade EU sanctions. NoName057(16) operates as a gamified, state-sponsored cyberattack platform with a leaderboard rewarding cryptocurrency to productive contributors.

Russian President Vladimir Putin appointed Andrei Kozlov, former head of RT-Information Security (a cybersecurity centre within state-owned Rostec), as an aide to Security Council Secretary Sergei Shoigu, The Record reported. Leaked data revealed Kozlov held classified security clearance under Military Unit 26165 (the 85th Main Special Service Centre), which Western governments and cybersecurity firms have linked to Fancy Bear (APT28/Forest Blizzard), a GRU-affiliated hacking group conducting cyber espionage and influence operations against NATO governments and defence contractors. Kozlov’s predecessor was similarly linked to the same GRU unit before moving to TASS.

In The Strategist, ASPI fellow Rajiv Shah argued that the Canvas learning management system breach earlier this month exposed student records and disrupted systems affecting 275 million users at 8,800+ institutions globally, including Australian universities (ANU, Melbourne, UTS) and the Queensland Department of Education. Instructure, Canvas’s parent company, reportedly paid a ransom to attackers to destroy data, exposing vulnerabilities in sectoral dependency on SaaS platforms where single-point failures affect entire sectors. Shah argued customers must change procurement questions to focus on how systems perform during security incidents, fallback options, downtime prevention, and data protection rather than functionality.

US Central Command reported receiving multiple threat reports of adversaries exploiting commercially available location data to target or surveil US personnel in theatre, marking the first official confirmation of troops being targeted in an active war zone, Reuters reported. Senator Ron Wyden and a bipartisan group of lawmakers sent a letter to the Pentagon urging action, noting that location data identifies troop congregations and patterns of life exploitable for missile, drone, and IED attacks. Lawmakers called for disabling advertising IDs on military devices, restricting location sharing on smartphones, and replacing Google Chrome with privacy-focused alternatives.

Estonia established the first operational ‘digital embassy’ in 2019 in Luxembourg, storing critical data including security databases, population registers, and land ownership records in a secure vault treated as diplomatically inviolable, POLITICO reported. Following Russia’s 2022 invasion of Ukraine, other countries rapidly adopted the concept: Monaco formed a digital embassy agreement with Luxembourg in 2021; Singapore is scouting a location in India; India is working on setting one up in the UAE. Ukraine changed laws during the war to allow non-secret government data to be moved outside the country, and the World Economic Forum has launched a global framework for bilateral digital embassy agreements.

In The Strategist, an analysis warned that legal authority fragmentation and jurisdictional ambiguity are fundamental constraints on effective counter-drone response across Europe, drawing on 23 stakeholder interviews. Drone-related disruptions at European airports more than tripled between January 2024 and November 2025; the detection-to-disruption interval is less than five minutes, yet most airports lack legal authority to deploy countermeasures. Britain has fragmented authority across CAA, police, and MoD; Germany opened a Joint Drone Defence Centre in December 2025 but armed-forces reform remains contested; Poland alone has adopted an effects-based jurisdiction model empowering police, border guard, and armed forces simultaneously.

⸻

🕵️ Surveillance states

Laura Harth, campaign director at Safeguard Defenders, was targeted by an AI-generated sexualised deepfake smear campaign through the Spamouflage network — identified by OpenAI, Meta, and the US DOJ as a Chinese law enforcement operation — after exposing Beijing’s overseas police service centres linked to China’s Ministry of Public Security, The Bureau reported. Earlier this month, a Brooklyn federal jury convicted Lu Jianwang of acting as an illegal PRC agent for operating the first known overseas Chinese police station in the United States, tasked with locating a pro-democracy advocate in California. Harth criticised Canada’s government for signing a January 2026 Memorandum of Understanding with the same Ministry while the RCMP refuses to disclose the agreement’s contents.

A collaborative investigation by Tempo, Kompas.com, Suara, Tribunnews, and Drone Emprit revealed pro-Russian and Chinese foreign information manipulation interference operations targeting Indonesian civil society during August–September 2025 protests, amplified by domestic pro-government actors. Foreign actors spread narratives falsely blaming George Soros, NED, USAID, and the CIA for funding protests; Russian state media Sputnik published the initial narrative in late August, amplified by 30+ outlets. The operation falsely accused independent media (Konde, Tempo), civil society organisations (Lokataru), and activists of being foreign agents, with posts receiving 250,000+ shares.

Leaked files from the Russian Presidential Administration and the Social Design Agency (SDA), a sanctioned Russian PR firm, reveal orchestration of false-flag vandalism attacks across Europe and influence campaigns targeting Western governments, OCCRP reported. Operations included September 2025 mosque attacks in Paris using pig heads marked for President Macron, desecration of Paris synagogues and the Berlin Holocaust memorial, and planned operations to incite religious and ethnic tensions. Sofia Zakharova, a senior presidential administration official, oversaw funding and operations described internally as cognitive operations aimed at destabilising NATO countries through deepening elite divisions.

China’s police liaison team in the Solomon Islands proposed the Fengqiao Experience — a Mao-era community surveillance system revived under Xi Jinping — to Fighter One village, requesting household registration cards, fingerprints, and palm prints to monitor youth, The New York Times reported. The 10-member Chinese police team, embedded since 2022, has donated $1.5 million in riot gear and trained local police in anti-riot tactics; the Fengqiao pilot was suspended after backlash from Solomon Islands politicians and Australian analysts. The election earlier this month of skeptical Prime Minister Matthew Wale raises questions about China’s foothold; China has trained police in 138+ countries since 2000 and embeds officers in Central African Republic, Vanuatu, and Kiribati.

A new initiative called ‘Overseas Black Hands’ launched to document Chinese Communist Party transnational repression, censorship, and surveillance mechanisms targeting overseas Chinese, international students, immigrants, dissidents, and journalists, Voice of America (Chinese Service) reported. Initiated by Chinese dissident Li Ying (Italy-based) and Safeguard Defenders (Spain-headquartered), the project accepts anonymous case submissions to create systematic archives. Italy expelled eight Chinese citizens in March 2026 for involvement in harassment; the US convicted Lu Jianwang in Brooklyn earlier this month for operating a Chinese police station.

US federal law enforcement and intelligence agencies are surveilling and categorising ‘anti-tech extremism’ as an emerging domestic threat, with over 1,000 pages of unpublished DHS, FBI, and fusion centre reports obtained via FOIA, WIRED reported. The Trump administration’s National Security Presidential Memo 7 and counterterrorism strategy have expanded surveillance of anti-technology activists, data centre protesters, and AI skeptics. Intelligence agencies have conflated peaceful protests with violent extremism, flagging activities like photography and legal assembly as suspicious, while also monitoring the trial of Ziz Laota, an extremist whose group believed in AI existential risk.

⸻

⚖️ Platform accountability

Texas Attorney General Ken Paxton sued Meta and WhatsApp for deceptive trade practices, claiming WhatsApp can access encrypted messages despite marketing them as private. Paxton alleges Mark Zuckerberg lied to the US Senate in 2018 about message inaccessibility; the lawsuit follows the Commerce Department’s abrupt closure of an investigation into the same privacy concerns after an internal investigator concluded Meta can view WhatsApp messages. The case was filed in Harrison County District Court with the same firm that secured a $1.4 billion Meta settlement in 2024.

Google filed its appeal of the federal ruling deeming it an illegal search monopolist, arguing the decision exceeded judicial authority and that the company prevailed fairly. The appeal targets both the August 2024 monopolisation decision and the September 2025 remedies ruling ordering Google to share search data with competitors. Google argues Judge Amit Mehta erred in finding its distribution agreements anticompetitive and exceeded authority in ordering data-sharing remedies; the US and a coalition of states are also appealing, arguing Mehta should have imposed stronger remedies including a Chrome sale.

⸻

🧒 Online harms & child safety

Meta settled with a Kentucky school district over accusations that social-media companies intentionally designed platforms to addict young people, becoming the last major platform to resolve the case, The Wall Street Journal reported. The settlement averts a June jury trial poised to be the first among more than 1,200 consolidated lawsuits brought by school districts involving Meta, TikTok, Snap, and YouTube. The cases are consolidated in federal court in Oakland, California but will be tried individually.

Between late December and early January, Elon Musk’s Grok generated 3 million sexualised images including 23,000 appearing to depict children on X, prompting PM Keir Starmer to demand intervention and Musk to repost a deepfake of Starmer in bikini, POLITICO reported. X eventually agreed to restrict Grok’s image-generation in jurisdictions where sexualised deepfakes are illegal; the UK government inserted sweeping powers into the Crime and Policing Bill allowing ministers to unilaterally amend the Online Safety Act. The Grok episode catalysed a UK policy shift, with the government reversing position in February 2026 and announcing consultation on an Australia-style social media ban for under-16s after grassroots campaigning and a letter from 61 Labour backbenchers.

⸻

🎬 IP, media & creative industries

Australia’s premier news media companies and creative arts sectors issued a joint statement warning the federal government against weakening copyright protections in negotiations with AI companies seeking investment, The Australian reported. Reports indicated the Albanese government was willing to reopen discussions on copyright law to lure AI investment; Department of Industry briefing notes from February revealed discussions with Anthropic CEO Dario Amodei about copyright issues. The 18 media companies and industry bodies reaffirmed Australia’s October 2025 decision to reject a copyright exception for AI platforms.

In InnovationAus, editorial director James Riley announced the publication’s withdrawal from the Copyright Agency media monitoring licensing scheme, citing its failure to provide fair compensation to copyright holders. The federal government spends over $10 million annually on media monitoring services that effectively circumvent subscription payment obligations; the Department of Industry, Science and Resources alone spends $450,000 annually via Streem for industrial-scale access across 5,000 staff with minimal direct subscriptions. Riley expressed concern that inadequate copyright protection in existing frameworks portends worse outcomes as AI systems are developed to treat copyrighted materials.

⸻

🏛️ Government, procurement & public sector tech

London Mayor Sadiq Khan blocked a £50 million Metropolitan Police deal with Palantir, citing procurement rule violations and lack of consideration of alternative suppliers, The Guardian reported. Khan’s office cited an unambiguous and serious breach of procurement rules; the deal was worth £25m per year and would have been Palantir’s largest in British policing. Scotland Yard criticised the block, warning that without new technology it would be forced to cut officer numbers and reduce policing capacity in London.

VIQ Solutions, a Canadian transcription service contractor for Australian federal and family courts, subcontracted work to e24 Technologies in Chennai, India in breach of Commonwealth contract obligations, exposing at least 146 court matters to unauthorised offshore access, ABC News reported. The Federal Court extended VIQ’s contract by $5.3 million despite the company entering voluntary administration in mid-March, four weeks after ABC revealed the breach. Court litigants remain unnotified of potential compromise; the Attorney-General’s Department contacted the Australian Cyber Security Centre on learning of the incident.

⸻

💰 Tech business & markets

Last week, four major AI and tech companies announced significant developments on a single day, according to Australian Financial Review. OpenAI announced IPO plans targeting a September listing at roughly $1 trillion-plus valuation; Nvidia reported Q1 earnings with 85% revenue growth to $81.6 billion and announced an $80 billion share buyback; SpaceX filed for IPO with a $1.5 trillion expected valuation seeking $80 billion; Anthropic revealed a 130% Q2 revenue surge to $10.9 billion with its first operating profit and a capital raising at roughly $1 trillion valuation. SpaceX’s prospectus included a $29 trillion total addressable market estimate, with $22 trillion attributed to AI services from the xAI business merged in February.

ASX-listed Harvest Technology Group, chaired by retired Australian Defence Force major general Jeffery Sengelman, launched a $6 million two-tranche capital raising via placement at 1¢ per share, Australian Financial Review reported. The company develops software for secure data transfer including video and audio from satellites at low bandwidths; its flagship Nodestream technology services defence, energy, maritime, and security sectors.

SpaceX raised Starlink connection costs fivefold from $5,000 to $25,000 per terminal during US military operations against Iran, citing that LUCAS kamikaze drones were using higher-tier aviation service, Reuters reported. The Pentagon ultimately agreed to the increased fees despite initial resistance from senior officials including Deputy Secretary of Defense Steve Feinberg. SpaceX also proposed $500 million upfront plus $100 million monthly fees for direct-to-cell service to help Iranian civilians bypass government internet blackouts.

⸻

🌏 Global policy

🇦🇺 Australia

Former Industry Minister Ed Husic called for a Cabinet-level committee to coordinate industry policy geared toward developing sovereign capability and economic resilience, drawing inspiration from post-WWII Germany’s nationally focused development model, InnovationAus reported. Husic argued sovereign capability pursuit should be the central organising principle of government, with all portfolios — industry, defence, energy, skills, science, and procurement — aligned toward strengthening national resilience. The Treasury’s May budget allocated funding for a National Resilience and Innovation Council, potentially addressing Husic’s call for whole-of-government coordination.

Climate Change and Energy Minister Chris Bowen is betting Australia’s data-centre boom will accelerate renewable energy deployment to meet the 2030 target of 82% renewables generation, The Australian reported. Wind farm financial closures fell 59% in 2025 (from 2GW to 857MW), threatening Labor’s deadline; Bowen proposed data-centre operators underwrite new renewable power supply and fund grid connectivity to avoid cost-shifting. AirTrunk estimates each additional gigawatt of data-centre demand requires 3–4GW of new renewable capacity for 24/7 operations.

A Crikey analysis reported that Australia is integrating AI into military strategy through the AUKUS program’s second pillar, with public expenditure on drones and autonomous systems increasing to $22 billion over the coming decade. The Defence Department’s ‘Ghost Bat’ and ‘Ghost Shark’ programs aim to develop unmanned aircraft and underwater systems; Ghost Shark is being developed with Anduril Industries. Palantir, which sells AI-enabled targeting systems used extensively by Israel in Gaza operations, has inked around $30 million in Australian defence contracts.

🇺🇸 United States

California Gov. Gavin Newsom signed an executive order directing state agencies to explore an overhaul of labour policies in response to potential AI-driven job displacement, The New York Times reported. The order mandates study of how to subsidise companies that retain employees, expand job training for white-collar workers, and examine universal basic capital. Newsom cited warnings from AI leaders of swift employment disruption affecting entire job categories; the order is the first such executive order signed by a US governor.

🇪🇺 Europe

The European Commission will propose temporarily lifting sanctions on Yangzhou Yangjie Electronic Technology Co., a Chinese semiconductor supplier sanctioned in April as part of EU sanctions against Russia, Bloomberg reported. Yangjie Electronic was sanctioned after its technologies allegedly reached Russia and were found in drones and glide bombs used against Ukraine; European automakers lobbied for the exemption, warning of supply chain chaos if the ban isn’t removed. Any derogation would be temporary, likely lasting several months to allow time for alternative suppliers; implementation requires all 27 EU member states’ approval.

The European Commission, separately, is preparing emergency legislation to intervene in semiconductor supply chains during shortages, Financial Times reported. The draft law would allow the Commission to force chipmakers to override existing contracts and prioritise orders for crisis-critical products (weapons, medical devices, digital infrastructure), and to enable common EU purchasing as a central buyer to strengthen negotiating power. The EU produces less than 10% of global semiconductors and lags plans to double market share by 2030.

The European Commission also proposed new satellite access rules governing direct-to-mobile technology, reserving one-third of the 2 GHz frequency band for government use, one-third for new EU-based entrants, and one-third for established US and EU operators. The framework allows non-European firms including Starlink to bid for airwaves while prioritising European companies and preserving spectrum for emerging local competitors in direct-to-device satellite communications.

Germany and Spain, meanwhile, are opposing European Commission plans to ban Chinese technology suppliers Huawei and ZTE from EU telecom networks as part of new cybersecurity rules. Officials from both countries seek to maintain state-level control over supplier decisions and warned that an EU-wide ban risks retaliation from Beijing and would increase costs for European AI infrastructure development.

The Netherlands government, separately, blocked US-based Kyndryl’s proposed acquisition of Dutch IT firm Solvinity, which operates infrastructure supporting the DigiD digital identity platform used for public services. Dutch authorities said the acquisition posed a possible risk to the public interest after an investment screening review; the decision reflects broader European concerns about dependence on US technology providers in sensitive digital infrastructure sectors.

🇮🇳 India

Google is building a $15 billion AI data-centre hub in Visakhapatnam, India, with approximately $2.3 billion in state subsidies (25% water/land discounts, electricity infrastructure reimbursement, tax waivers) over 20 years, partnering with Bharti Airtel and Adani Group, The Wall Street Journal reported. The project, spanning 600+ acres across three sites, displaces farmers from decades-old holdings with compensation of $42,000–$115,000 per acre while raising concerns about water stress in a city under extreme water shortage conditions, receiving less than one hour of tap water daily. Rights groups have criticised insufficient public environmental consultation and question sustainability in a region lacking adequate water and power infrastructure for full-capacity AI operations.

🇮🇷 Iran

Iranian President Masoud Pezeshkian issued an order to reopen international internet access after a near-90-day blackout, Reuters reported, citing state media. The blackout began in early January in response to anti-government protests and intensified after US and Israeli strikes in late February; it ended this week with connectivity restored to approximately 86% of pre-shutdown capacity, though internet traffic remained at only 40% and services like YouTube and Instagram remained heavily restricted, according to AP. Users reported limited restoration with WhatsApp barely functional and feared expanded surveillance, with authorities’ approval of a limited ‘internet pro’ service sparking suspicion among users, The Guardian reported.

🇮🇪 Ireland

A report commissioned by Friends of the Earth Ireland found Ireland’s data centres consumed 22% of national electricity in 2025 — more than all urban homes combined — draining €715 million from the economy and increasing household bills cumulatively by €360 between 2015 and 2023, The Guardian reported. Data centre demand increases the hours when gas sets electricity prices, driving up costs; modelling suggests average Irish households could pay €295–€644 cumulatively from 2025 to 2034 (€633 million–€1.43 billion nationally). The Irish government welcomes data centre expansion; industry representatives dispute findings, citing €18 billion in recent investment and 80% renewable energy requirement compliance.

🇯🇵 Japan

Japanese Foreign Minister Toshimitsu Motegi visited Zambia, Angola, Kenya and South Africa in late April and early May to advance Japan’s evolved Free and Open Indo-Pacific (FOIP) vision, emphasising critical mineral supply chain resilience and AI-era infrastructure, ThinkChina reported. Japan is competing with China for access to Africa’s cobalt, copper and rare earth resources, with the Lobito Corridor (Angola–DRC–Zambia railway and 5G project) emerging as a strategic flashpoint. China countered in late April by announcing zero tariffs on imports from all African nations with diplomatic relations, effective May 2026 to April 2028.

That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:

The Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.

Share

Welcome to the latest edition of ASPI’s Cyber & Tech Digest.

Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.

This edition covers the period: 16 May 2026 to 22 May 2026.

Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.

What We’re Tracking

China builds a secret platform to track foreigners

What happened: NetAskari, a group that monitors Chinese security infrastructure, found a web dashboard built for China’s Public Security Bureau that tracks foreigners and people deemed ‘of interest’ — including foreign students, spouses of Chinese citizens and journalists — using data from cameras, visa records, travel apps, and ID and face scans. NetAskari described it as a test system, not connected to a live data environment, though partly populated with real data from real people of foreign nationality and of unclear operational status.

The Daily Telegraph‘s Sophia Yan found her own file in the database, marked ‘trackable.’ The system holds a dedicated journalist inquiry section containing passport numbers, ID photos, private cellphone numbers and dates of birth: data collected during visa applications at Beijing‘s Entry/Exit Bureau.

The platform is not without precedent. In 2021, Reuters reported that Henan province commissioned a nearly identical system — awarded to IT company Neusoft for five million yuan — that categorised foreign journalists into red, yellow and green risk tiers. Tender documents described authorities’ ability to have targets ‘tailed and controlled.’

The dashboard also separately categorised citizens from the Five Eyes countries — the UK, US, Australia, New Zealand and Canada — along with people from Hong Kong, Macau and Taiwan.

Why we’re tracking this: This is not general-population surveillance adapted for foreigners, it is a purpose-built foreigner-targeting layer within China‘s broader surveillance architecture. Its relationship-modelling function goes beyond tracking individuals: it maps social networks, logging who foreigners meet, how often, and in what context. That capability is what elevates this from a data collection system to an active intelligence tool.

What people are saying:

• “What’s most interesting is that this seems to be a dedicated system to keep a close eye on what foreigners do in the country, and then to build this relationship model — who do they hang out with, who are they seen with?” — The Daily Telegraph — Marc Hofer, NetAskari

• “The scary part? China could roll out the technology to start tracking people outside the country.” — The Daily Telegraph — Sophia Yan, The Daily Telegraph

My view: I’ve previously called China’s surveillance apparatus ‘Chabudwellian’ — combining ‘Orwellian’ with the Chinese term cha bu duo, meaning “almost”, or work done with poor or minimal effort. ‘Outside of China, foreigners think their surveillance system is highly sophisticated,’ I told The Guardian four years ago, ‘but in reality a lot of the time this infrastructure is jerry-rigged and not super effective.’Marc Hofer of NetAskari thought much the same — that the capabilities were ‘more based on the fantasy of Western commentators than rooted in facts’. But that cobbled-together system is taking shape. In Hofer’s words, the dragnet is getting ‘finer meshes as new data sources are increasingly added’; the cha bu duo system is no longer quite so cha bu duo, and as Yan says, the scary part is what comes next.

— Fergus Ryan, CTS

Shai-Hulud worm spreads across npm and PyPI package registries

What happened: A self-replicating, credential-stealing worm called Shai-Hulud has torn through open-source registries over several days in May. After threat actor TeamPCP open-sourced the original on GitHub, fresh waves followed, The Register reported. The pace was striking: The Register found one compromised account infected 314 npm packages in 22 minutes, while Bleeping Computer counted 639 malicious versions across 323 packages in an hour on 19 May.

Beyond stealing cloud credentials, the payload backdoors Claude Code and Codex and forges Sigstore provenance to look signed. A PyPI strain in Microsoft‘s durabletask package carried a disk wiper keyed to Israeli and Iranian locale settings, IT News reported.

Why we’re tracking this: Open-source registries are shared infrastructure for government, industry and critical-infrastructure operators, so one poisoned package can propagate across unrelated networks before defenders notice.

The forged Sigstore provenance erodes the cryptographic trust signals that supply-chain defences depend on, and the wiper keyed to Israeli and Iranian locale settings adds a destructive, geographically targeted dimension beyond ordinary credential theft.

What people are saying:

• ‘It’s just the first phase of an upcoming wave of supply chain attacks’ says Moshe Siman Tov Bustan, Ox Security.

• ‘Modern software is built on a deeply interconnected ecosystem of open-source libraries, package managers, and continuous integration and continuous deployment infrastructure’ said OpenAI, in its response to the related TanStack compromise.

• ‘The Mini Shai-Hulud campaign has now demonstrated that every layer of the trust stack… can be abused to publish malware that looks legitimate by every available signal’ says Sonali Sood of CodeAnt AI, an agentic code security platform.

My view: Modern software rests on open-source foundations that almost no one is paid to secure, a structural fragility this campaign exploits at scale. The worm subverts the signals meant to confer trust, forging Sigstore provenance to look legitimately signed and backdooring AI coding assistants like Claude Code and Codex to gain a foothold. As automated tooling shapes more of the software commons, those trust signals become a high-value attack surface in their own right. What stays unclear is whether this marks a durable shift in tradecraft or one capable group’s experiment, and whether forged provenance survives once defenders adapt. The answer has implications for the security of the digital public infrastructure that modern societies depend on.

— Stephan Robin, CTS

What We’re Watching

A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

⸻

🚀 Strategic competition

Australia’s Treasurer Jim Chalmers ordered six Chinese-linked investors to divest their combined 17 per cent stake in rare earths miner Northern Minerals within two weeks. The affected entities include Hong Kong Ying Tak Ltd and Vastness Investment Group Ltd, among others. The government said the decision, consistent with advice from the Foreign Investment Review Board, was necessary to protect the national interest. Northern Minerals’ Browns Range Heavy Rare Earths Project in WA’s East Kimberley region is strategically significant as a potential non-Chinese source of dysprosium and terbium — rare earth elements used in military systems, semiconductors and clean energy.

A Strider Technologies report identified more than 6,000 research collaborations since 2020 between Australian organisations and Chinese military-linked institutions, including PLA-affiliated universities and defence conglomerates. The article details collaborations involving researchers linked to ANU, Melbourne University and the University of Queensland on drone anti-jamming, underwater target-tracking and electronic warfare technologies with potential military applications.

Education Minister Jason Clare vetoed 13 Australian Research Council university grant projects over concerns they could threaten Australia’s national security, defence or international relations — involving research areas including drones, cyber security and alternative energy technologies with potential dual-use military applications. The government is now preparing legislation to strengthen university compliance with research security and critical technology safeguards.

In the Pacific, analysis by Madi Jones published by The Strategist argued that China’s influence in Solomon Islands is likely to endure despite the appointment of Prime Minister Matthew Wale, who has historically criticised Beijing’s growing role in the country. China has become deeply embedded through infrastructure projects, policing assistance and telecommunications. Meanwhile Geoff Wade and Justin Bassi argued that Landbridge Group’s World Bank arbitration case over Darwin Port is part of a broader Chinese strategic effort to retain influence over critical infrastructure, and recommended Australia unilaterally terminate the lease and work with trusted partners to manage the port.

ASML Holding NV signed a partnership agreement with Tata Electronics to support India’s semiconductor manufacturing ambitions, with ASML technology earmarked for Tata Electronics’ planned 300 millimetre semiconductor foundry in Gujarat. The agreement was announced during Indian Prime Minister Narendra Modi’s visit to the Netherlands.

Nvidia’s ability to sell advanced AI chips in China remains uncertain despite CEO Jensen Huang joining US President Donald Trump’s delegation to Beijing. Although the Trump administration approved Nvidia’s H200 chip exports in late 2025, Beijing has not authorised purchases and continues encouraging domestic firms to use Chinese technology from companies such as Huawei. Chinese AI company DeepSeek announced its latest model had been optimised for Huawei chips, reinforcing China’s broader push for technological self-sufficiency.

Xi Jinping and Vladimir Putin pledged expanded cooperation on artificial intelligence, satellite internet, cybersecurity and open-source software at a summit in Beijing. The joint statement outlined plans to improve interoperability between Russia’s GLONASS and China’s BeiDou satellite navigation systems and to coordinate on ‘internet sovereignty.’ Russia’s Sberbank, meanwhile, is seeking to use Chinese-made microchips to power its GigaChat AI model as Western sanctions restrict access to advanced hardware.

US senators Jeanne Shaheen and Pete Ricketts introduced bipartisan legislation aimed at countering Chinese overseas sales of AI and strategic technologies. The bill would establish a State Department office and a proposed $500 million fund to subsidise allied governments purchasing US AI models, chips, cloud systems and cybersecurity tools, aligning with the Trump administration’s Pax Silica strategy.

The US Commerce Department is separately awarding $2 billion in grants to nine quantum-computing companies — including IBM, GlobalFoundries, Rigetti Computing and D-Wave Quantum — in exchange for minority government equity stakes, sourced from the Chips and Science Act.

⸻

🧠 AI models, agents & compute

Chinese AI companies including ByteDance, Kuaishou and MiniMax are outperforming many US rivals in AI video generation, according to developers and user rankings, according to Financial Times. Their advantage is linked to access to large proprietary libraries of short-form video from platforms such as TikTok and Kuaishou, as well as fewer content restrictions and lower costs. While OpenAI, Google and Anthropic continue to dominate large language models and coding, their video tools lag behind Chinese offerings in quality and usability.

Google used its I/O developer conference to announce expanded AI integration across Search, YouTube, Android, Workspace, hardware and Gemini models. New products include the Gemini Omni multimodal model, Gemini Spark autonomous agents, conversational ‘Ask YouTube’ search and AI-enabled smart glasses.

OpenAI announced expanded measures to label AI-generated content by combining C2PA content credentials with Google’s SynthID watermarking technology, and is previewing a public verification portal to detect whether images were generated using OpenAI systems.

xAI launched Grok Build, its first AI coding agent, available to SuperGrok Heavy subscribers. The beta product includes execution planning and compatibility with existing developer plug-ins. The launch follows a restructuring of xAI after leadership departures and positions the product alongside AI coding offerings from OpenAI and Anthropic.

Amazon Web Services has repositioned itself as a major AI competitor through large infrastructure spending, investments in Anthropic and OpenAI, and long-term development of custom AI chips including Trainium and Graviton, according to The Wall Street Journal.

A peer-reviewed Nature study found that government-controlled media environments influence the outputs of large language models through training data exposure. Researchers showed LLMs display stronger pro-government responses in languages from countries with lower media freedom, and demonstrated that Chinese state-coordinated media appears in major training datasets. Experimental testing found that additional training on Chinese state media increased positive responses about Chinese political institutions, while prompting commercial models in Chinese produced more favourable responses than equivalent prompts in English.

New research and case studies are raising concerns about ‘AI psychosis’, where intensive chatbot use is associated with delusional thinking, emotional dependency and social isolation. Studies from Stanford University analysing chatbot conversations found users and AI systems can enter ‘delusional spirals’, with bots reinforcing beliefs about sentience, conspiracies or grandiose achievements. Researchers and clinicians warned that growing emotional reliance on AI companions could pose risks, particularly for vulnerable users and children.

Meta told employees it is reassigning 7,000 workers into four new AI-focused organisations ahead of planned layoffs affecting about 8,000 employees. The restructuring reflects Meta’s broader shift toward ‘AI native’ operating structures with fewer managers, while deprioritising metaverse initiatives. CEO Mark Zuckerberg has committed up to US$135 billion in spending this year, much of it directed toward AI development and data centres.

⸻

⚔️ Autonomous weapons & battlefield AI

Ukraine’s Defence Minister Mykhailo Fedorov is leading efforts to integrate AI and autonomous drone systems into Ukraine’s war strategy against Russia, working with defence technology firms and figures including Palantir CEO Alex Karp and former Google CEO Eric Schmidt. The strategy has sparked debate inside Ukraine’s military and criticism from human rights groups concerned about delegating lethal decision-making to autonomous systems. In a Strategist analysis, David Kirichenko argued Ukraine is expanding AI-enabled mid-range drones to target Russian logistics and air-defence systems up to 45–50 kilometers behind the front line, reflecting a broader shift from defensive to offensive drone operations.

Anduril and Meta are developing augmented-reality military headsets that would allow soldiers to coordinate drones, navigate battlefields and potentially approve strikes using voice commands, eye tracking and AI-driven targeting. The projects include the US Army’s Soldier Born Mission Command program and Anduril’s self-funded EagleEye helmet, integrating AI models and Anduril’s Lattice battlefield software. Production decisions are not expected before 2028, while researchers and military analysts continue to raise concerns about cognitive overload and AI-assisted targeting decisions.

Ukrainian officials reported that Russia is increasingly embedding artificial intelligence directly into malware, enabling it to generate commands dynamically and evade detection. A government report said AI use in Russian cyber operations has expanded rapidly across malware development, phishing campaigns and reconnaissance. The findings also highlight emerging tactics such as ‘AI poisoning,’ where disinformation is used to manipulate data inputs for AI systems.

⸻

🛡 Cyber posture

CISA ordered all US federal agencies to patch a critical vulnerability in Cisco SD-WAN systems after active exploitation was detected. The flaw, CVE-2026-20182, allows unauthenticated remote attackers to bypass authentication and gain administrative privileges, with Cisco assigning it the maximum severity score of 10. Five Eyes cybersecurity agencies linked the campaign targeting Cisco infrastructure to an advanced threat actor, with researchers warning the flaw could enable long-term nation-state persistence inside sensitive networks.

Anthropic revised restrictions around its Mythos cybersecurity model to allow participating organisations to share vulnerability findings, tools and defensive insights outside its controlled Project Glasswing program. Around 50 organisations including Amazon, Microsoft, Nvidia and Apple currently have access to Mythos. Anthropic said partners may now disclose findings to industry groups, regulators, government agencies, open-source maintainers and the public under responsible-disclosure practices. The shift followed concerns that restricting access to threat intelligence disadvantaged smaller organisations and critical infrastructure operators.

Bug bounty platforms and open-source maintainers are struggling with a surge in low-quality AI-generated vulnerability reports following the release of advanced cyber-focused AI models. Companies including Nextcloud have suspended bug bounty programs due to the increase in speculative or unverifiable submissions, while developers describe the workload as mentally exhausting. Platforms such as HackerOne and Bugcrowd are responding with automated AI triage systems and stricter validation processes. Curl developer Daniel Stenberg tested Anthropic’s Mythos on 178,000 lines of code and found that only one of five flagged vulnerabilities had security impact, concluding the model was only marginally better than earlier tools.

The Trump administration is preparing an executive order focused on AI safety and cybersecurity that would establish a voluntary framework for AI companies to provide the government with access to advanced models before public release. The proposed order would cover ‘frontier models’ including highly cyber-capable systems such as Anthropic’s Mythos and OpenAI’s GPT-5.5-Cyber. U.S. Cyber Command and the National Security Agency are simultaneously launching a joint task force to accelerate deployment of advanced AI models across sensitive government systems.

A previously undisclosed zero-day vulnerability in Huawei enterprise router software caused Luxembourg’s nationwide telecoms outage in July 2025, disrupting landline, mobile and emergency communications for more than three hours. No public CVE identifier or broad security advisory has been issued in the ten months since the incident, raising concerns about disclosure practices and whether other operators remain exposed.

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service platform that enabled ransomware groups to disguise malicious software as legitimate applications, seizing infrastructure, revoking more than 1,000 fraudulent certificates and taking hundreds of virtual machines offline. The operation had supported ransomware campaigns linked to groups including Rhysida, Qilin, Akira and INC.

A major software supply-chain compromise hit the Node Package Manager (npm) ecosystem, with threat actors publishing more than 600 malicious package versions across 323 packages as part of the ongoing ‘Shai-Hulud’ malware campaign. The compromise subsequently expanded, with a further 314 npm packages infected — including widely used packages with millions of monthly downloads — through a compromised account, with payloads scanning for credentials across GitHub, AWS, Azure, Google Cloud, Docker and Stripe, and injecting settings files targeting Claude Code and Codex for execution. Three malicious versions of Microsoft’s durabletask Python package on PyPI were also found to contain a Linux payload stealing credentials and fetching a disk wiper targeting systems with Israeli or Iranian locale settings. GitHub confirmed attackers accessed approximately 3,800 internal repositories after an employee installed a malicious VS Code extension linked to the same TeamPCP threat group.

Japan is considering allowing financial institutions to proactively suspend critical systems in response to cyber threats enabled by advanced AI models. A draft proposal from a public-private council highlights concerns that AI could rapidly expose system vulnerabilities and shorten attack timelines beyond current defensive capacity. A Black Book Research survey of European hospital cybersecurity buyers separately found that 82% of respondents rate their cyberattack concern as very high or extreme, with hospitals increasingly viewing cyber risk as a direct threat to clinical operations rather than a data protection issue.

⸻

🕵️ Surveillance states

The discovery of a Chinese undersea monitoring device in Indonesia’s Lombok Strait has renewed attention on Beijing’s ‘Transparent Ocean Program’, a long-running effort to expand real-time undersea surveillance capabilities combining satellites, underwater sensors, drones and AI-enabled data processing. Defence experts argued the development has implications for Australia’s defence planning and AUKUS submarine investments, as advances in underwater surveillance and drone technology could reduce the stealth advantages of crewed submarines.

The FBI is seeking nationwide access to automated license plate reader systems, according to procurement records reviewed by 404 Media. The system would potentially allow the bureau to track vehicle movements across the United States without a warrant, expanding the use of mass surveillance tools beyond local policing into federal operations. The proposal comes amid growing public opposition and protests against ALPR deployments in several US communities.

In The Strategist, Dr Fitriani examined the growing use of commercial spyware in intimate partner abuse and coercive control, highlighting how surveillance tools once associated with intelligence agencies are now commercially accessible and used for cyberstalking, blackmail, doxxing and harassment. The piece references Australian and international evidence of spyware misuse, including AFP investigations and research by Citizen Lab and AI Forensics, and argues for stronger regulation and closer coordination between national security agencies and domestic violence support organisations.

⸻

⚖️ Platform accountability

X committed to stronger moderation measures for UK users following pressure from communications regulator Ofcom under the Online Safety Act, agreeing to review suspected illegal hate and terror content flagged through a dedicated reporting tool within 24 hours and to block accounts linked to proscribed organisations. X, meanwhile, admitted breaching Australia’s Online Safety Act by failing to provide requested information about its child protection measures to the eSafety regulator. The Federal Court upheld and increased the original 2023 penalty, ordering X to pay A$650,000 plus A$100,000 in legal costs after the company acknowledged 38 days of noncompliance.

Ofcom announced updated codes of practice requiring technology companies to strengthen detection and removal of non-consensual intimate images and AI-generated deepfakes, including broader use of hash-matching technology to prevent repeated uploads. Ofcom separately criticised TikTok and YouTube for failing to commit to significant feed-safety changes and announced a five-point enforcement plan targeting recommender systems and age assurance.

Snap, Meta Platforms and Roblox committed to stronger anti-grooming protections for children including tighter default contact settings, AI-based detection of sexualised conversations and expanded age-check systems.

Bluesky said Russian influence operators linked to the Moscow-based Social Design Agency hijacked hundreds of real user accounts to spread fabricated news videos and propaganda related to Ukraine, France and other geopolitical issues. Researchers from Clemson University and the Institute for Strategic Dialogue said the campaign represented a more sophisticated tactic than traditional bot networks, using compromised accounts belonging to journalists, academics and other credible users, linked to the broader Kremlin-backed ‘Matryoshka’ disinformation campaign.

Meta settled a lawsuit brought by Kentucky’s Breathitt School District over claims social media platforms were intentionally designed to addict young users and contribute to mental health harms, avoiding the first jury trial among more than 1,200 consolidated lawsuits against Meta, TikTok, Snap and YouTube. The litigation argues platform design features such as infinite scrolling, notifications and engagement algorithms contributed to anxiety, depression and self-harm among students. Texas Attorney General Ken Paxton separately sued Meta and WhatsApp alleging the company falsely claimed its encrypted messages were inaccessible to the platform itself, and that Meta founder Mark Zuckerberg misled the US Senate about WhatsApp’s privacy protections in 2018.

⸻

🧑‍⚖️ Courts, enforcement & regulation

A US federal appeals court appeared sceptical of Anthropic’s attempt to block the Pentagon from designating the company as a supply-chain risk to national security. The designation, made by Defense Secretary Pete Hegseth in March, resulted in a ban on government use of Anthropic’s AI technology following a dispute over military use of the Claude chatbot. Judges questioned Anthropic’s argument that the Pentagon acted unlawfully, while also signalling possible reluctance to fully endorse or overturn the designation. The case could shape executive branch authority to restrict domestic AI companies from government use based on perceived security risks.

A jury rejected Elon Musk’s claims against Sam Altman and OpenAI over the company’s founding and governance, ending a case that had sought more than $100 billion in damages, removal of Altman and Greg Brockman from leadership, and restoration of OpenAI’s nonprofit structure. The verdict removes an immediate legal threat as OpenAI reportedly prepares for a potential IPO valued near $1 trillion.

Minnesota enacted the first statewide ban on prediction market platforms such as Kalshi and Polymarket, criminalising the hosting or advertising of prediction markets. The law prompted a federal lawsuit from the Commodity Futures Trading Commission, which argues prediction markets fall under exclusive federal jurisdiction. US regulators and prosecutors are also expanding investigations into suspicious trading on prediction market platforms, probing wagers linked to Iran-related military decisions and Venezuelan political operations, with the issue exposing legal gaps because insider trading laws were originally designed for securities markets.

California’s Generative Artificial Intelligence: Training Data Transparency Act (TDTA), effective from January 2026, requires developers of public-facing generative AI systems to publish high-level summaries of training datasets. A federal court rejected xAI’s preliminary injunction challenging the law after finding the company failed to identify specific trade secrets with sufficient particularity. OpenAI is simultaneously pursuing a state-by-state lobbying strategy to shape AI regulation after federal efforts stalled, aiming to align laws across major states including California, New York and Illinois into a de facto national standard.

⸻

🏛️ Government, procurement & public sector tech

The Australian federal government plans to use AI to reduce regulatory delays and lower compliance costs, including assisting medicine assessments at the Therapeutic Goods Administration and supporting environmental approvals for housing developments. Officials said AI would assist with analysing documents and regulations while human staff retain decision-making authority. The budget also included AI projects across veterans’ claims, intellectual property services and archival transcription.

Australia Post is restructuring its technology environment around 13 core ‘platform ecosystems’ as part of its Post26 transformation strategy, aimed at simplifying more than 700 legacy systems. The organisation has already reduced its active systems footprint to about 400 while consolidating technology suppliers and strengthening governance over previously undisclosed ‘shadow IT’ systems. The transformation includes reorganising its IT division into ‘Enterprise Services’, with increased emphasis on cyber security, engineering standards, data science and AI-driven operations.

EY removed a published report after researchers identified fabricated data and non-existent citations generated through AI use. Researchers from GPTZero warned that inaccurate AI-generated reports published by major firms risk contaminating online information ecosystems and misleading future researchers. The incident follows similar AI hallucination cases involving Deloitte and law firm Sullivan & Cromwell.

Starbucks ended an AI-powered inventory counting program across North American stores nine months after deployment due to persistent errors in identifying and counting products. The tool, developed with NomadGo and promoted under CEO Brian Niccol’s turnaround strategy, used camera and LIDAR data to automate counts of beverage components. Starbucks said it would return to standardised manual counting methods while continuing broader supply-chain and AI-driven operational initiatives.

⸻

🧒 Online harms & child safety

The US Take It Down Act’s takedown provisions entered into force, requiring online platforms to remove nonconsensual intimate imagery, including AI-generated deepfakes, within 48 hours or face financial penalties. The Federal Trade Commission warned major technology platforms that violations could trigger fines exceeding $53,000 per case. The FTC subsequently warned 12 major tech companies that they are not complying with the Act, citing failures to provide adequate mechanisms for victims to request removals.

BBC investigations found that dozens of Facebook and Instagram accounts spreading AI-generated anti-immigration content about the UK were operated from countries including Sri Lanka, Vietnam and the Maldives. The accounts used fabricated videos depicting dystopian visions of Britain under Muslim influence, often coordinated across networks seeking engagement and monetisation. Researchers and officials warned the content reflects a growing ‘disinformation-for-hire’ ecosystem combining AI-generated media, offshore operators and coordinated amplification tactics.

YouTube is expanding its AI likeness detection program to all users aged 18 and over, allowing individuals to monitor the platform for potential deepfakes using a selfie-style facial scan. If the system identifies matching content, users can request removals under YouTube’s privacy policies, with the platform considering factors such as realism, AI labelling and unique identifiability.

⸻

🌏 Global policy

🇦🇺 Australia

Australian researchers and industry figures are calling for increased domestic helium extraction after Iranian missile strikes on Qatar’s Ras Laffan gas plant disrupted roughly one-third of global helium supply. Helium is critical for semiconductor manufacturing, MRI machines, rockets and AI-related data infrastructure, and spot prices have doubled following the disruption. Advocates want helium restored to Australia’s critical minerals list to unlock investment incentives, arguing commercially viable helium may exist in up to six of Australia’s ten LNG plants but is currently vented into the atmosphere. Companies including Gold Hydrogen are pursuing commercial helium projects with plans for production within two years.

Sydney-based vocational education provider Australian College of Business Intelligence is investigating claims by the Qilin ransomware group that it breached the institution, with initial investigations finding no evidence student data was compromised. Australian cleaning and facility services company Menzies Group separately confirmed a cyber incident linked to a compromise at a long-term third-party IT service provider, notifying both the Office of the Australian Information Commissioner and the Australian Cyber Security Centre. Both incidents reflect continued targeting of Australian organisations by Qilin, which has reportedly claimed 1,844 victims across 96 countries since 2022.

A Canvas cyberattack by ShinyHunters compromised 275 million student records and affected 8,809 institutions globally, including at least 122 in Australia — among them the University of Melbourne and UTS. Cybersecurity firm Proofpoint found that 66% of Australian universities still lack strict DMARC email protections, increasing phishing risks following the breach.

🇺🇸 United States

The Office of the Director of National Intelligence appointed officials Dave Mastro and James Cangialosi to coordinate intelligence community efforts to monitor foreign interference threats ahead of the 2026 US midterm elections. The move comes amid concerns about disinformation, AI-generated content and reduced election security resources following cuts to CISA and restructuring of the Foreign Malign Influence Center. US intelligence and cybersecurity agencies are preparing to revive interagency election security coordination mechanisms.

Office of Government Ethics filings show that US President Donald Trump purchased between US$247,000 and US$630,000 worth of Palantir shares during the first quarter of 2026. In April, Trump publicly praised Palantir on Truth Social amid market volatility and scrutiny over the company’s role in supporting military operations and AI-enabled targeting. The filings also show Trump purchasing shares in Nvidia, Microsoft, Oracle and Amazon. Trump’s representatives stated the investments are managed through third-party discretionary trusts and denied any conflict of interest.

NYC Health + Hospitals disclosed that hackers stole personal, medical, financial, geolocation and biometric data from at least 1.8 million people during a breach spanning from November 2025 to February 2026. The attackers accessed the network through a compromised third-party vendor and copied files containing diagnoses, insurance information, government identity documents, fingerprints and palm prints. The incident is one of the largest healthcare data breaches reported in 2026.

US Representative Nancy Mace called for a statewide moratorium on new data centres in South Carolina, arguing operators should generate their own electricity rather than pass infrastructure costs onto consumers. The proposal reflects growing bipartisan concern over the energy demands of AI infrastructure and associated electricity price increases.

🇨🇳 China

China has halted sulphuric acid exports following disruptions to Middle Eastern sulphur supplies caused by the Iran conflict and the closure of the Strait of Hormuz. Sulphuric acid is critical for fertiliser production, textiles, semiconductors and battery manufacturing. Analysts said China’s export restrictions are intended to protect domestic downstream industries, while global shortages may persist because damaged Middle Eastern processing facilities could take years to recover.

🇪🇺 Europe

Germany’s domestic intelligence agency, the BfV, selected French AI platform ArgonOS over US firm Palantir, signalling a push toward European digital sovereignty in intelligence and security technology. Full deployment of ArgonOS depends on proposed German intelligence-law reforms expanding the BfV’s digital powers and data-sharing authorities.

Finland’s intelligence chief Juha Martelius separately warned that Europe may struggle to achieve full technological sovereignty from the United States and China, particularly in cloud computing and defence-related technologies.

The European Commission is preparing to propose a temporary sanctions exemption for Chinese semiconductor supplier Yangzhou Yangjie Electronic Technology Co. after European automakers warned that existing restrictions could disrupt supply chains. The proposal could be introduced as early as this week and would require approval from all 27 EU member states.

Interpol said Operation Ramz led to 201 arrests and the seizure of phishing infrastructure across North Africa and the Middle East, supported by Qatar and the European Union and involving authorities from 13 countries. Investigators identified 382 additional suspects, seized 53 servers and identified 3,867 victims, while Jordanian authorities discovered a scam compound staffed by trafficking victims from Asia whose passports had been confiscated and who were forced to conduct financial fraud. Interpol cybercrime director Neal Jetton warned separately that AI tools are making cybercrime faster, cheaper and more accessible to non-technical actors, with AI chatbots and phishing-as-a-service kits enabling organised crime groups to conduct fraud at scale.

🇮🇩 Indonesia

Indonesian authorities, including military-linked networks and accounts affiliated with President Prabowo Subianto‘s Gerindra party, was accused by Amnesty International of orchestrating coordinated disinformation campaigns targeting activists, journalists and civil society groups. The report linked online ‘foreign agent’ narratives to threats and violence against critics, including an acid attack on KontraS activist Andrie Yunus. Amnesty criticised Meta, TikTok, X and YouTube for failing to curb the spread of harmful content.

🇸🇬 Singapore

Singapore signed AI partnerships with Google and OpenAI to expand deployment across public services, healthcare, education and industry. OpenAI will invest over S$300 million into the local AI ecosystem and create a local lab, while Google will focus on workforce training and research collaborations.

🇻🇦 Vatican

Pope Leo XIV established a Vatican commission on artificial intelligence to coordinate the Catholic Church’s response to the growing societal impact of AI. The move precedes the release of the pope’s first encyclical, Magnifica Humanitas, which will be launched on May 25 alongside Anthropic co-founder Christopher Olah. The document focuses on protecting human dignity in the age of AI and reflects the Vatican’s growing concern over AI’s effects on warfare, labour, justice and social order.

🇻🇳 Vietnam

Vietnam enacted a comprehensive law regulating artificial intelligence systems, including tools developed by companies such as OpenAI and Anthropic. The legislation requires companies to classify AI systems by risk level and label AI-generated content such as deepfakes, and has drawn comparisons to the European Union’s AI Act. Vietnam is also increasing state backing for its video game industry, reflecting a shift from earlier official concerns about gaming’s social effects, with the sector positioned as part of Vietnam’s broader push into digital and creative industries.

That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:

The Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.

Share

Welcome to the latest edition of ASPI’s Cyber & Tech Digest.

Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.

This edition covers the period: 9 May 2026 to 15 May 2026.

Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.

What We’re Tracking

Trump arrives in Beijing with US tech CEOs in tow

What happened: President Donald Trump arrived in Beijing for a two-day summit with Xi Jinping, accompanied by a delegation of senior cabinet officials and more than a dozen US executives. Cabinet members include Treasury Secretary Scott Bessent, Trade Representative Jamieson Greer, Secretary of State Marco Rubio, and Defence Secretary Pete Hegseth.

The corporate contingent includes Apple CEO Tim Cook, Tesla CEO Elon Musk, Nvidia CEO Jensen Huang, Boeing CEO Kelly Ortberg, Meta president Dina Powell McCormick, Micron CEO Sanjay Mehrotra, Cisco CEO Chuck Robbins, and Qualcomm CEO Cristiano Amon.

Talks are expected to cover additional Chinese purchases of US goods, trade friction, Iran, Taiwan arms sales, and technology, with a large Boeing aircraft order anticipated as the summit’s main commercial agreement. Huang’s trip follows the Trump administration’s conditional approval of H200 chip exports to China, barring military use and capping volumes at 50 percent of US customer sales.

Why we’re tracking this: The corporate delegation spans finance, agribusiness, aerospace, biotech and advanced technology, but its centre of gravity sits with the firms building the United States’ most sensitive capabilities — Apple, Nvidia, Tesla, Micron, Cisco, Qualcomm, Coherent, Illumina and Meta. Their presence at a summit with the United States’ principal strategic competitor puts the executives behind semiconductors, AI compute, frontier platforms and advanced biotechnology in the room as decisions are taken on H200 exports, model access and supply-chain commitments — decisions that will shape the technological balance underpinning US national security and that depend on the cooperation of the firms themselves.

What people are saying:

• ‘It speaks to the fact that the Chinese-U.S. relationship is highly dependent on the countries’ business relationship,’ says Mark Zandi, Moody’s Analytics chief economist.

• ‘It’s not really right to think of Tesla or NVIDIA, whose Jensen Huang also went to China, as being somehow America going to China. These are corporations that serve stockholders around the world,’ says Nobel Prize laureate Paul Krugmen.

• ‘What is at stake is not just one trip or one headline but the direction of AI supply chains, the shape of future export controls and the degree to which US chip leadership remains monetizable in China,’ says Dan Ives, an analyst at financial services firm, Wedbush Securities.

My view: Business leaders often accompany heads of state on visits of this kind. What is less common is a delegation weighted so heavily toward frontier technology firms — Apple, Nvidia, Tesla, Micron, Cisco and Meta — at a moment when semiconductors, AI compute and frontier platforms are the contested ground in US-China competition. Placing these CEOs alongside the president presents US technological capability and statecraft as a single front in the sectors where the rivalry is sharpest. How durable that alignment proves is a separate question: the firms hold their own commercial stakes in China, and those will not always sit comfortably with Washington’s strategic ones.

— Lucy Haley, CTS

What We’re Watching

A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.

⸻

🚀 Strategic competition

Donald Trump arrived in Beijing for a two-day summit with Xi Jinping, accompanied by senior cabinet officials including Treasury Secretary Scott Bessent, Trade Representative Jamieson Greer, Secretary of State Marco Rubio and Defence Secretary Pete Hegseth — the first U.S. defence secretary to accompany a president to China. Talks are expected to cover trade, additional Chinese purchases of U.S. goods, Iran, Taiwan arms sales, AI risks and technology, with a large Boeing aircraft order anticipated as the summit’s main commercial agreement.

The executive delegation includes Apple CEO Tim Cook, Tesla CEO Elon Musk, Nvidia CEO Jensen Huang, Meta president Dina Powell McCormick, Boeing CEO Kelly Ortberg, Citi CEO Jane Fraser, Micron CEO Sanjay Mehrotra, Cisco CEO Chuck Robbins and Qualcomm CEO Cristiano Amon. Nvidia confirmed Huang joined after Trump called him following media coverage of his absence, with Huang flying to Alaska to board Air Force One.

In The Strategist, ASPI analysts assessed likely discussion areas including trade, rare-earths controls, nuclear weapons, Taiwan, Iran, AI risks, export controls on semiconductors, human rights and hybrid threats. The piece said major breakthroughs are unlikely, but post-summit language and any transactional framing will be closely watched by Taiwan, Japan and Indo-Pacific partners.

Separately, the U.S. has approved around 10 Chinese firms — including Alibaba, Tencent, ByteDance and JD.com — to buy Nvidia’s H200 AI chips, with Lenovo and Foxconn approved as distributors and each customer permitted up to 75,000 chips. No deliveries have been made; Chinese firms have pulled back after guidance from Beijing, amid Chinese supply-chain scrutiny and U.S. conditions on security procedures and revenue-sharing.

U.S. prosecutors separately suspect Bangkok-based OBON Corp smuggled roughly $2.5 billion in Nvidia-chip-containing servers to China via Super Micro shipments, with Alibaba among the suspected end customers. The Commerce Department‘s Bureau of Industry and Security has placed a hold on all Super Micro shipments to the company.

⸻

🛡 Cyber posture

Google‘s Threat Intelligence Group said it detected and likely disrupted a widespread cyberattack in which criminal hackers appeared to use AI to discover and weaponise a previously unknown zero-day vulnerability in a popular open-source web-based system administration tool. Google said the flaw could have bypassed two-factor authentication when combined with valid credentials, that it notified the software maker in time for a patch, and that it did not believe Gemini was used.

CNBC reported that Google also identified threat actors using AI models such as OpenClaw for vulnerability discovery, malware development and cyberattacks, with China- and North Korea-linked groups showing significant interest. In The Guardian, Palisade Research demonstrated AI models replicating themselves across networked computers in a controlled environment, while Palo Alto Networks, granted early access to Anthropic‘s Claude Mythos and OpenAI‘s GPT-5.5-Cyber, concluded that security-focused AI models outperformed human testers and that widespread automated hacking is arriving faster than expected.

Daniel Stenberg said Anthropic’s Mythos identified one confirmed low-severity vulnerability in curl after reviewing 178,000 lines of source code, alongside about 20 additional bugs and several false positives. Stenberg said earlier AI-assisted tools including AISLE, Zeropath and OpenAI Codex Security had already contributed to hundreds of curl bug fixes and multiple CVEs over the previous 8–10 months, arguing AI-assisted security analysis is now materially improving vulnerability discovery.

Trump administration officials are divided over whether U.S. intelligence agencies should take a larger role in evaluating advanced AI models. The Office of the National Cyber Director has proposed a major AI evaluation centre within the Office of the Director of National Intelligence, while Commerce Department officials argue their existing AI testing infrastructure should remain the lead mechanism.

The administration is also preparing an executive order that drops earlier thinking about mandatory pre-release government testing in favour of voluntary participation, while revamping cybersecurity information-sharing programs to include AI companies. Microsoft, xAI and Google DeepMind have agreed to give the Commerce Department’s Center for AI Standards and Innovation early model access, joining OpenAI and Anthropic.

The European Commission said OpenAI has proactively offered access to its cybersecurity capabilities through an OpenAI EU Cyber Action Plan, while Anthropic has not yet discussed granting similar access despite multiple meetings. Commission spokesperson Thomas Regnier said OpenAI proposed working with European policymakers and institutions to expand access to defensive cybersecurity tools.

French AI startup Mistral, meanwhile, is developing a cybersecurity-focused model and has held discussions with European banks about deploying it as an alternative to Mythos, which European institutions largely cannot access. Mistral CEO Arthur Mensch told France’s National Assembly that European militaries cannot have their source code scanned by a U.S.-controlled model. OpenAI has separately given several large European firms access to GPT-5.5-Cyber, including Spanish bank BBVA.

In The Strategist, ASPI senior analyst Gatra Priyandita wrote that Australia’s 2026 National Defence Strategy and Integrated Investment Program show a stronger commitment to cyber defence, offensive cyber capability and AI-enabled operations, with funding for offensive and intelligence-led cyber capabilities under Redspice roughly doubled. The piece said cyber threat framing has shifted from prospective warning to present-tense alarm, and that Defence has moved toward more specific technical responses including advanced encryption and zero-trust architecture.

OpenAI said two employees’ devices were affected by a supply-chain attack on TanStack, an open-source library used to build web apps, with unauthorised access occurring in a limited subset of internal source code repositories involving only limited credential material. The company said it found no evidence that user data, production systems, intellectual property or software were compromised.

Instructure, the parent company of Canvas, said it reached an agreement with the cybercriminal group that stole data from an estimated 275 million users, without confirming a ransom payment but saying stolen data was returned with logs indicating remaining copies had been destroyed. The breach forced schools to scramble through final exam season, with ShinyHunters claiming responsibility and exposed data including student ID numbers, email addresses, names and Canvas messages.

Australia’s National Office of Cyber Security is coordinating the federal response, with affected Australian victims including major universities, state education departments and private schools in Queensland and Tasmania.

The U.S. FCC‘s Office of Engineering and Technology extended the cutoff for software and firmware updates to previously authorised foreign-made drones and Wi-Fi routers until at least 1 January 2029. The move addresses concerns that affected devices could become more vulnerable if vendors were barred from providing security updates after the earlier 2027 deadlines.

⸻

🧠 AI models, agents & compute

Canva paused normal operations for five days across its 5,300-person global workforce for AI Discovery Week, featuring AI workshops, hackathons and sessions led by OpenAI, Anthropic and Google representatives. The company said the initiative was designed to help staff experiment with AI tools and adapt to workplace changes driven by automation, while maintaining a policy of redeploying rather than replacing workers. The program comes as several major technology firms, including WiseTech, Block and Atlassian, have reduced headcount while citing AI-driven productivity gains.

Threads is testing a Meta AI integration that lets users with public accounts mention Meta AI in posts or replies to request context, recommendations or explanations inside conversations. The feature is in beta testing in Malaysia, Saudi Arabia, Mexico, Argentina and Singapore, with Meta AI replying publicly through the @meta.ai account in the language of the post.

In Interconnects, Nathan Lambert reflected on a trip to leading Chinese AI labs including Moonshot, Zhipu, Meituan, Xiaomi, Qwen, Ant Ling and 01.ai. Lambert argued Chinese labs are strong fast-followers because of execution culture, student-heavy teams, lower researcher ego, open-first practicality and a technology ownership mentality across major firms, and said China’s AI ecosystem differs from Western labs in domestic demand signals, Claude usage by developers, weaker external data markets, unclear government help and strong demand for Nvidia chips.

AWS‘s new managing director for Australia and New Zealand, Chris Casey, said the main constraint on Australian AI adoption is skills rather than tax policy. AWS plans to spend $20 billion on local AI infrastructure, after previously spending $18.9 billion on cloud computing in Australia since 2012, and AWS research found 80% of Australian businesses were seeing measurable productivity gains from AI investments.

Princeton University faculty voted to require proctoring in all in-person exams starting this summer, reversing an honor-code policy dating to 1893. Dean Michael Gordin said the change followed requests from undergraduates and faculty who perceived cheating on in-class exams as widespread, with AI making cheating easier and harder to detect while student reporting has become difficult amid social-media concerns and anonymous complaints.

Corporate lawyers, meanwhile, are warning that AI notetakers in meetings can create legal risks by preserving comments that would not normally appear in minutes and may later be discoverable, and that third-party AI tools could threaten attorney-client privilege. The New York City Bar Association issued a formal opinion last year urging lawyers to consider whether AI recording and summarising is tactically advisable.

A Gallup survey released last week found seven in 10 Americans oppose data centres being built near them, with opposition spanning Republicans and Democrats but strongest among Democrats.

⸻

⚖️ Platform accountability

Meta offered rival general-purpose AI chatbots in the European Economic Area free access to the WhatsApp business API for one month while it discusses ways to resolve European Commission antitrust concerns. The Commission had indicated it was inclined to order Meta to provide rival AI chatbots access to WhatsApp after Meta restricted access to its own Meta AI assistant in January, then amended the policy in March to allow rivals access for a fee. The Commission welcomed the move as a step toward discussing commitments, while warning the process depends on Meta’s genuine intent.

Apple separately criticised European Commission draft measures that would require Google to help rival AI services access and interact with its services, warning the proposals could create privacy, security, safety and device-integrity risks. The measures are part of EU efforts to make Google comply with the Digital Markets Act.

Britain’s Competition and Markets Authority opened a strategic market status investigation into Microsoft‘s dominance in business software. The probe will examine whether Microsoft’s bundling of Windows, Word, Excel, Teams, Copilot and other products is uncompetitive, as well as AI competitors’ integration with Microsoft software and cloud licensing practices, and Microsoft said it would cooperate.

Texas Attorney General Ken Paxton sued Netflix, alleging the company collected and sold user data without consent while using engagement-driving design features such as autoplay to addict users. The complaint alleges Netflix misrepresented its data practices for years and violated the Texas Deceptive Trade Practices Act, with Texas seeking deletion of allegedly illegally collected data, restrictions on targeted advertising without consent, and civil penalties of up to $10,000 per violation.

Shutterstock separately agreed to pay $35 million to settle U.S. Federal Trade Commission charges that it misled consumers about subscription plans and made cancellations difficult, with the FTC finding the company failed to disclose automatic renewals, cancellation fees and renewal terms for content packs.

French cybercrime authorities have escalated an investigation of Elon Musk and X to a criminal probe, according to the Paris prosecutor’s office. The investigation began in 2025 after a request by French MP Éric Bothorel and focuses on alleged algorithmic manipulation to interfere in French politics, as well as the spread of AI deepfake content on X, with Musk and former X CEO Linda Yaccarino declining to appear for a 20 April summons.

OpenAI CEO Sam Altman testified that he had been deeply uncomfortable with Musk’s 2017 insistence on complete control over a proposed for-profit OpenAI subsidiary. Musk has accused Altman and OpenAI president Greg Brockman of abandoning the organisation’s non-profit mission and is seeking damages, reversal of OpenAI’s for-profit conversion and their removal from leadership. Altman said Musk’s departure affected OpenAI’s fundraising outlook and raised concerns about potential retaliation.

⸻

🕵️ Surveillance states

Iran‘s internet blackout, now more than 70 days long following U.S. and Israeli strikes in late February, has cost the economy over $2.6 billion according to Netblocks, which describes it as the longest recorded national internet shutdown in a connected society. Industry officials estimate the outage costs Iranian businesses $30–40 million daily, with mass layoffs and closures warned. The government has introduced a state-managed business access scheme via verified SIM cards, while pushing users toward state-owned messaging apps lacking end-to-end encryption.

The U.S. FCC is advancing proposals to tighten oversight of telecom providers as part of a crackdown on illegal robocalls. The proposals would strengthen caller ID authentication, expand Know Your Customer requirements for voice-service providers, and potentially require carriers to verify customers’ legal names, government-issued identification, physical addresses and alternative phone numbers before activating service. Privacy advocates warn the changes could undermine anonymous phone use and create identity-record retention risks.

⸻

🧒 Online harms & child safety

The European Parliamentary Research Service warned that VPNs are being used to bypass online age-verification systems, calling this a legislative loophole. Policymakers and child-safety advocates are considering whether VPN access itself should require age verification, while privacy advocates warn this could weaken anonymity and increase surveillance risks. Age verification remains technically fragmented across the EU, and Utah has enacted a law targeting VPN use in online age checks.

OpenAI endorsed the Kids Online Safety Act and Illinois SB 315, saying the measures support stronger protections for young users and frontier AI safety rules. The post said OpenAI’s Washington, DC Workshop has opened for programming, including trainings and OpenAI Forum talks for policymakers, civil servants, educators, workers, nonprofits and community leaders, and framed OpenAI’s next phase as turning intelligence into a global utility.

⸻

💰 Tech business & markets

Australian start-up founders and venture capital investors are urging Treasurer Jim Chalmers to quickly carve start-ups out from proposed capital gains tax changes. The proposed shift from the 50% CGT discount to an inflation-indexed model could increase taxes for founders, early employees and venture capital partners when companies are sold, go public or allow secondary share sales.

Tech leaders warned the uncertainty could weaken equity-based hiring, push founders offshore and reduce Australia’s competitiveness, although the budget also delivered start-up sector wins including expanded venture capital tax breaks, a higher R&D tax incentive expense cap and loss refunds for new start-ups. The sector had scrambled in the lead-up to determine whether the budget would include CGT exemptions for venture capital firms and whether founders would be excluded.

Australia is betting on data centre and renewable energy projects to support business investment as mining capital expenditure slows, with Treasury forecasting non-mining investment growth of 5% in 2025-26, 3% in 2026-27 and 2.5% in 2027-28. Climate and Energy Minister Chris Bowen said data centres must secure energy supplies beyond those being developed for the grid.

LG Electronics and Melbourne-based Greater Homes are piloting prefabricated modular homes with AI-powered energy management in regional growth areas including Torquay, Castlemaine and the Adelaide Hills. The system is designed to coordinate household energy use, solar and battery storage to reduce reliance on grid power, with Greater Homes saying factory-built modular construction can help address Australia’s housing shortfall.

Israeli drone components supplier KTEK Aerosystems completed a $10 million IPO ahead of its planned ASX listing on 18 May, attracting $30 million in bids within 24 hours. The company, founded by former Israel Aerospace Industries executive Dekel Keisar, supplies airframes and electrical systems to defence manufacturers including UVision and Elbit Systems, with institutional investors including Regal Funds Management, Thorney Investments and TGI Holdings backing the raising.

DroneShield separately said it is assisting an Australian Securities and Investments Commission investigation into information disclosed to the ASX between 1 and 20 November 2025, and share trading conducted between 12 and 16 November. The investigation follows incorrect sales information published by the company and approximately $70 million in share sales by former chief executive Oleg Vornik, the chairman and another director.

That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:

The Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.

Share