CySecurity News - Latest Information Security and Hacking Incidents: Artificial Intelligence

AI news AI technology Artificial Intelligence Technology

DBS Bank to Cut 4,000 Jobs Over Three Years as AI Adoption Grows

Singapore’s largest bank, DBS, has announced plans to reduce approximately 4,000 temporary and contract roles over the next three years as artificial intelligence (AI) takes on more tasks currently handled by human workers.

The job reductions will occur through natural attrition as various projects are completed, a bank spokesperson confirmed. However, permanent employees will not be affected by the move.

The bank’s outgoing CEO, Piyush Gupta, also revealed that DBS expects to create around 1,000 new positions related to AI, making it one of the first major financial institutions to outline how AI will reshape its workforce.

Currently, DBS employs between 8,000 and 9,000 temporary and contract workers, while its total workforce stands at around 41,000. According to Gupta, the bank has been investing in AI for more than a decade and has already integrated over 800 AI models across 350 use cases.

These AI-driven initiatives are projected to generate an economic impact exceeding S$1 billion (approximately $745 million) by 2025. Leadership at DBS is also set for a transition, with Gupta stepping down at the end of March.

His successor, Deputy CEO Tan Su Shan, will take over the reins. The growing adoption of AI across industries has sparked global discussions about its impact on employment. The International Monetary Fund (IMF) estimates that AI could influence nearly 40% of jobs worldwide, with its managing director Kristalina Georgieva cautioning that AI is likely to exacerbate economic inequality.

Meanwhile, Bank of England Governor Andrew Bailey has expressed a more balanced outlook, suggesting that while AI presents certain risks, it also offers significant opportunities and is unlikely to lead to widespread job losses. As DBS advances its AI-driven transformation, the bank’s restructuring highlights the evolving nature of work in the financial sector, where automation and human expertise will increasingly coexist.

AI-Driven Changes Lead to Workforce Reduction at Major Asian Bank



 

Technology

AI-driven cyberattacks Artificial Intelligence Bank CyberCrime Cyberhackers DBS Technology

AI-Driven Changes Lead to Workforce Reduction at Major Asian Bank

Over the next three years, DBS, Singapore's largest bank, has announced plans to reduce the number of employees by approximately 4,000 by way of a significant shift toward automation. A key reason for this decision was the growing adoption of artificial intelligence (AI), which will gradually replace human employees in performing functions previously performed by humans.

Essentially, these job reductions will occur through natural attrition as projects conclude, affecting primarily temporary and contract workers. However, the bank has confirmed that this will not have any adverse effects on permanent employees. A spokesperson for DBS stated that artificial intelligence-driven advances could reduce the need for temporary and contract positions to be renewed, thereby resulting in a gradual decrease in the number of employees as project-based roles are completed.

According to the bank's website, the bank employs approximately 8,000-9,000 temporary and contract workers and has a total workforce of around 41,000 workers. Former CEO Piyush Gupta has highlighted the bank's longstanding investment in artificial intelligence, noting that DBS has been leveraging artificial intelligence technology for over a decade. According to him, DBS has employed over 800 artificial intelligence models in 350 applications in the bank, with the expected economic impact surpassing S$1 billion by 2025 (US$745 million; £592 million).

DBS is also changing leadership as Gupta, the current CEO of the bank, is about to step down at the end of March, and his successor, Tan Su Shan, will take over from him. Artificial intelligence is becoming increasingly widely used, which has brought about a lot of discussion about its advantages and shortcomings. According to the International Monetary Fund (IMF), artificial intelligence will influence approximately 40% of global employment by 2050, with Managing Director Kristalina Georgieva cautioning that, in most scenarios, AI could worsen economic inequality.

According to the International Monetary Fund (IMF), AI could lead to a reduction in nearly 40% of global employment in the future. Several CEOs, including Kristalina Georgieva, have warned that, in many scenarios, artificial intelligence has the potential to significantly increase economic inequality. For this reason, concerns are being raised about its long-term social implications. The Governor of the Bank of England, Andrew Bailey, told the BBC in an interview that artificial intelligence shouldn't be viewed as a 'mass destruction' of jobs, but that human workers will adapt to evolving technologies as they become more advanced.

Bailey acknowledged the risks associated with artificial intelligence but also noted its vast potential for innovation in a wide range of industries by highlighting its potential. It is becoming increasingly apparent that Artificial Intelligence will play a significant role in the future of employment, productivity, and economic stability. Financial institutions are evaluating the long-term effects on these factors as it grows. In addition to transforming workforce dynamics, the increasing reliance on artificial intelligence (AI) is also delivering significant financial advantages to the banking sector as a whole.

Investing in artificial intelligence could potentially increase the profits of banks by 17%, which could increase to $180 billion in combined earnings, according to Bloomberg. According to Digit News, this will increase their collective earnings by $170 billion. Aside from the substantial financial incentives, banks and corporations are actively seeking professionals with AI and data analytics skills to integrate AI into their operations.

According to the World Economic Forum's Future of Work report, technological skills, particularly those related to artificial intelligence (AI) and big data, are expected to become among the most in-demand skills within the next five years, especially as AI adoption accelerates. As an evolving labor market continues to evolve, employees are increasingly being encouraged to learn new skills to ensure job security.

The WEF has recommended that companies invest in retraining programs that will help employees adjust to the new workplace environment; however, some organizations are reducing existing positions and recruiting AI experts to fill the gaps left by the existing positions. They are taking a more immediate approach than the WEF has recommended. AI has become increasingly prevalent across various industries, changing employment strategies as well as financial priorities as a result.

With artificial intelligence continuing to change industries in several ways, its growing presence in the banking sector makes it clear just how transformative it has the potential to be and the challenges that come with it. It is clear that AI is advancing efficiency and financial performance of companies; however, this integration is also forcing organizations to reevaluate their workforce strategies, skill development, and ethical considerations related to job displacement and economic inequality.

There must be a balance struck between leveraging technological advancements and ensuring a sustainable transition for employees who will be affected by automation. To prepare the workforce for the future of artificial intelligence, governments, businesses, and educational institutions must all play a critical role. A significant amount of effort must be put into reskilling initiatives, policies that support equitable workforce transitions, and an ethical AI governance framework to mitigate the risks associated with job displacement. In addition, the advancement of artificial intelligence, industry leaders, and policymakers can help promote a more inclusive and flexible labor market.

Financial institutions continue to embrace the technology for its efficiency and economic benefits, but they must also remain conscious of its impact on society at large. For technological progress to become a significant factor in long-term economic and social stability, it will be essential to plan for the workforce early, ethically deploy ethical AI, and upskill employees.

Apps Illegally Sold Location Data of US Military and Intelligence Personnel



 

Privacy

Apple Artificial Intelligence Cyberattacks Cybersecurity CyberThreat DPA Google Military Privacy

Apps Illegally Sold Location Data of US Military and Intelligence Personnel

Earlier this year, news reports revealed that a Florida-based data brokerage company had engaged in the sale of location data belonging to US military and intelligence personnel stationed overseas in the course of its operations. While at the time, it remained unclear to us as to how this sensitive information came into existence.

However, recent investigations indicate that the data was collected in part through various mobile applications operating under revenue-sharing agreements with an advertising technology company. An American company later resold this data, which was then resold by that firm. Location data collection is one of the most common practices among mobile applications. It is an essential component of navigation and mapping, but it also enhances the functionality of various other applications.

There are concerns that many applications collect location data without a clear or justified reason. Apple’s iOS operating system mandates that apps request permission before accessing location data. Regulations ensure privacy by providing transparency and control over the collection and use of location-related sensitive information.

After revelations about the unauthorized sale of location data, Senator Ron Wyden (D-WA) requested clarification from Datastream regarding the source of the data. Wyden’s office also reached out to an ad-tech company but did not receive a response. Consequently, the senator escalated the matter to Lithuania’s Data Protection Authority (DPA) due to national security concerns.

The Lithuanian DPA launched an official investigation into the incident. However, the results remain pending. This case highlights the complexities of the location data industry, where information is often exchanged between multiple organizations with limited regulation.

Cybersecurity expert Zach Edwards pointed out during a conference that "advertising companies often function as surveillance companies with better business models." This growing concern over data collection, sharing, and monetization in the digital advertising industry underscores the need for stricter regulations and accountability.

Security experts recommend that users disable location services when unnecessary and use VPNs for added protection. Given the vast amount of location data transmitted through mobile applications, these precautions are crucial in mitigating potential security risks.

Cybercriminals Are Now Targeting Identities Instead of Malware



 

malware

Artificial Intelligence Hackers Identity Fraud malware

Cybercriminals Are Now Targeting Identities Instead of Malware

The way cybercriminals operate is changing. Instead of using malicious software to break into systems, they are now focusing on stealing and exploiting user identities. A recent cybersecurity report shows that three out of four cyberattacks involve stolen login credentials rather than traditional malware. This trend is reshaping the way security threats need to be addressed.

Why Hackers Are Relying on Stolen Credentials

The underground market for stolen account details has grown rapidly, making user identities a prime target for cybercriminals. With automated phishing scams, artificial intelligence-driven attacks, and social engineering techniques, hackers can gain access to sensitive data without relying on malicious software.

According to cybersecurity experts, once a hacker gains access using valid credentials, they can bypass security barriers with ease. Many organizations focus on preventing external threats but struggle to detect attackers who appear to be legitimate users. This raises concerns about how companies can defend against these invisible intrusions.

Speed of Cyberattacks Is Increasing

Another alarming discovery is that hackers are moving faster than ever once they gain access. The shortest recorded time for a cybercriminal to spread through a system was just over two minutes. This rapid escalation makes it difficult for security teams to respond in time.

Traditional cybersecurity tools are designed to detect malware and viruses, but identity-based attacks leave no obvious traces. Instead, hackers manipulate system tools and access controls to remain undetected for extended periods. This technique, known as "living-off-the-land," enables them to blend in with normal network activity.

Attackers Are Infiltrating Multiple Systems

Modern cybercriminals do not confine themselves to a single system. Once they gain access, they move between cloud storage, company networks, and online services. This flexibility makes them harder to detect and stop.

Security experts warn that attackers often stay hidden in networks for months, waiting for the right moment to strike. Organizations that separate security measures—such as cloud security, endpoint protection, and identity management—often create loopholes that criminals exploit to maintain access and avoid detection.

AI’s Role in Cybercrime

Hackers are also taking advantage of artificial intelligence to refine their attacks. AI-driven tools help them crack passwords, manipulate users into revealing information, and automate large-scale cyber threats more efficiently than ever before. This makes it crucial for organizations to adopt equally advanced security measures to counteract these threats.

How to Strengthen Cybersecurity

Since identity theft is now a primary method of attack, organizations need to rethink their approach to cybersecurity. Here are some key strategies to reduce risk:

1. Enable Multi-Factor Authentication (MFA): This adds extra layers of protection beyond passwords.

2. Monitor Login Activities: Unusual login locations or patterns should be flagged and investigated.

3. Limit Access to Sensitive Data: Employees should only have access to the information they need for their work.

4. Stay Updated on Security Measures: Companies must regularly update their security protocols to stay ahead of evolving threats.

As hackers refine their techniques, businesses and individuals must prioritize identity security. By implementing strong authentication measures and continuously monitoring for suspicious activity, organizations can strengthen their defenses and reduce the risk of unauthorized access.

FBI Alerts Users of Surge in Gmail AI Phishing Attacks



 

phishing

Artificial Intelligence Cyber Fraud FBI Gmail Hack phishing

FBI Alerts Users of Surge in Gmail AI Phishing Attacks

Phishing scams have been around for many years, but they are now more sophisticated than ever due to the introduction of artificial intelligence (AI).

As reported in the Hoxhunt Phishing Trends Report, AI-based phishing attacks have increased dramatically since the beginning of 2022, with a whopping 49% increase in total phishing attempts. These attacks are not only more common, but also more sophisticated, making it challenging for common email filters to detect them.

Attackers are increasingly using AI to create incredibly convincing phoney websites and email messages that deceive users into disclosing sensitive data. What makes Gmail such an ideal target is its interaction with Google services, which keep massive quantities of personal information.

Once a Gmail account has been compromised, attackers have access to a wealth of information, making it a tempting target. While users of other email platforms are also vulnerable, Gmail remains the primary target because of its enormous popularity.

Phishing has never been easier

The ease with which fraudsters can now carry out phishing attacks was highlighted by Adrianus Warmenhoven, a cybersecurity specialist at Nord Security. According to Warmenhoven, "Phishing is easier than assembling flat-pack furniture," and numerous customers fall for phishing attempts in less than 60 seconds.

Hackers no longer require coding knowledge to generate convincing replicas of genuine websites due to the widespread availability of AI tools. With only a few clicks, these tools can replicate a website, increasing the frequency and potency of phishing attacks.

The fact that these attacks are AI-powered has made it easier for cybercriminals to get started, according to Forbes. Convincing emails and websites that steal private information from unwary victims can be simply created by someone with little technological expertise.

Here's how to stay safe

Employ a password manager: By automatically entering your login information on trustworthy websites, a password manager keeps you from entering it on phishing websites. Before auto-filling private data, verify that your password manager requires URL matching.
Monitor your accounts regularly: Keep an eye out for signs of unauthorised activity on your accounts. Take quick action to safeguard your data if you see anything fishy.
Turn on two-factor authentication: Make sure your Google account is always turned on for two-factor authentication (2FA). Even if hackers are able to get your password, this additional security makes it far more challenging for them to access your account.
Verify requests for private details: Whether via phone calls, texts, or emails, Gmail users should never reply to unsolicited demands for personal information. Always check the request by going directly to your Google account page if you are unsure.

Why European Regulators Are Investigating Chinese AI firm DeepSeek



 

Privacy

Artificial Intelligence Data Regulation DeepSeek European Union Privacy

Why European Regulators Are Investigating Chinese AI firm DeepSeek

European authorities are raising concerns about DeepSeek, a thriving Chinese artificial intelligence (AI) company, due to its data practices. Italy, Ireland, Belgium, Netherlands, France regulators are examining the data collection methods of this firm, seeing whether they comply with the European General Data Protection Regulation or, if they also might consider that personal data is anyway transferred unlawfully to China.

Hence, due to these issues, the Italian authority has released a temporary restrainment to access the DeepSeek chatbot R1 for the time-being under which investigation will be conducted on what and how data get used, and how much has affected training in the AI model.

What Type of Data Does DeepSeek Actually Collect?

DeepSeek collects three main forms of information from the user:

1. Personal data such as names and emails.

2. Device-related data, including IP addresses.

3. Data from third parties, such as Apple or Google logins.

Moreover, there is an action that an app would be able to opt to take if at all that user was active elsewhere on those devices for "Community Security." Unlike many companies I have said where there are actual timelines or limits on data retention, it is stated that retention of data can happen indefinitely by DeepSeek. This can also include possible sharing with others-advertisers, analytics firms, governments, and copyright holders.

Noting that most AI companies like the case of OpenAI's ChatGPT and Anthropic's Claude have met such privacy issues, experts would observe that DeepSeek doesn't expressly provide users the rights to deletion or restrictions on its use of their data as mandated requirement in the GDPR.

The Collected Data Where it Goes

One of major problems of DeepSeek is that it saves user data in China. Supposedly, the company has secure security measures in place for the data set and observes local laws for data transfer, but from a legal perspective, there is no valid basis being presented by DeepSeek concerning the storing of data from its European users outside the EU.

According to the EDPB, privacy laws in China lay more importance on "stability of community than that of individual privacy," thus permitting broadly-reaching access to personal data for purposes such as national security or criminal investigations. Yet it is not clear whether that of foreign users will be treated differently than that of Chinese citizens.

Cybersecurity and Privacy Threats

As accentuated by cyber crime indices in 2024, China is one of the countries most vulnerable to cyberattacks. Cisco's latest report shows that DeepSeek's AI model does not have such strong security against hacking attempts. Other AI models can block at least some "jailbreak" cyberattacks, while DeepSeek turned out to be completely vulnerable to such assaults, which have made it softer for manipulation.

Should Users Worry?

According to experts, users ought to exercise caution when using DeepSeek and avoid sharing highly sensitive personal details. The uncertain policies of the company with respect to data protection, storage in China, and relatively weak security defenses could avail pretty heavy risks to users' privacy and as such warrant such caution.

European regulators will then determine whether DeepSeek will be allowed to conduct business in the EU as investigations continue. Until then, users should weigh risks against their possible exposure when interacting with the platform.

Finance Ministry Bans Use of AI Tools Like ChatGPT and DeepSeek in Government Work



 

Technology

Artificial Intelligence ChatGPT DeepSeek Finance ministry Technology

Finance Ministry Bans Use of AI Tools Like ChatGPT and DeepSeek in Government Work

The Ministry of Finance, under Nirmala Sitharaman’s leadership, has issued a directive prohibiting employees from using artificial intelligence (AI) tools such as ChatGPT and DeepSeek for official work. The decision comes over concerns about data security as these AI-powered platforms process and store information externally, potentially putting confidential government data at risk.

Why Has the Finance Ministry Banned AI Tools?

AI chatbots and virtual assistants have gained popularity for their ability to generate text, answer questions, and assist with tasks. However, since these tools rely on cloud-based processing, there is a risk that sensitive government information could be exposed or accessed by unauthorized parties.

The ministry’s concern is that official documents, financial records, and policy decisions could unintentionally be shared with external AI systems, making them vulnerable to cyber threats or misuse. By restricting their use, the government aims to safeguard national data and prevent potential security breaches.

Public Reactions and Social Media Buzz

The announcement quickly sparked discussions online, with many users sharing humorous takes on the decision. Some questioned how government employees would manage their workload without AI assistance, while others speculated whether Indian AI tools like Ola Krutrim might be an approved alternative.

A few of the popular reactions included:

1. "How will they complete work on time now?"

2. "So, only Ola Krutrim is allowed?"

3. "The Finance Ministry is switching back to traditional methods."

4. "India should develop its own AI instead of relying on foreign tools."

India’s Position in the Global AI Race

With AI development accelerating worldwide, several countries are striving to build their own advanced models. China’s DeepSeek has emerged as a major competitor to OpenAI’s ChatGPT and Google’s Gemini, increasing the competition in the field.

The U.S. has imposed trade restrictions on Chinese AI technology, leading to growing tensions in the tech industry. Meanwhile, India has yet to launch an AI model capable of competing globally, but the government’s interest in regulating AI suggests that future developments could be on the horizon.

While the Finance Ministry’s move prioritizes data security, it also raises questions about efficiency. AI tools help streamline work processes, and their restriction could lead to slower operations in certain departments.

Experts suggest that India should focus on developing AI models that are secure and optimized for government use, ensuring that innovation continues without compromising confidential information.

For now, the Finance Ministry’s stance reinforces the need for careful regulation of AI technologies, ensuring that security remains a top priority in government operations.

EU Bans AI Systems Deemed ‘Unacceptable Risk’



 

Technology

AI Act Artificial Intelligence Cyberattacks Cyberhackers CyberThreat EU Bans AI Technology

EU Bans AI Systems Deemed ‘Unacceptable Risk’

As outlined in the European Union's (EU) Artificial Intelligence Act (AI Act), which was first presented in 2023, the AI Act establishes a common regulatory and legal framework for the development and application of artificial intelligence. In April 2021, the European Commission (EC) proposed the law, which was passed by the European Parliament in May 2024 following its proposal by the EC in April 2021.

EC guidelines introduced this week now specify that the use of AI practices whose risk assessment was deemed to be "unacceptable" or "high" is prohibited. The AI Act categorizes AI systems into four categories, each having a degree of oversight that varies. It remains relatively unregulated for low-risk artificial intelligence such as spam filters, recommendation algorithms, and customer service chatbots, whereas limited-risk artificial intelligence, such as customer service chatbots, must meet basic transparency requirements.

Artificial intelligence that is considered high-risk, such as in medical diagnostics or autonomous vehicles, is subjected to stricter compliance measures, including risk assessments required by law. As a result of the AI Act, Europeans can be assured of the benefits of artificial intelligence while also being protected from potential risks associated with its application. The majority of AI systems present minimal to no risks and are capable of helping society overcome societal challenges, but certain applications need to be regulated to prevent negative outcomes from occurring.

It is an issue of major concern that AI decision-making lacks transparency, which causes problems when it comes to determining whether individuals have been unfairly disadvantaged, for instance in the hiring process for jobs or in the application for public benefits. Despite existing laws offering some protection, they are insufficient to address the unique challenges posed by AI, which is why the EU has now enacted a new set of regulations.

It has been decided that AI systems that pose unacceptable risks, or those that constitute a clear threat to people's safety, livelihoods, and rights, should be banned in the EU. Among their plethora are social scoring and data scraping for facial recognition databases through the use of internet or CCTV footage, as well as the use of AI algorithms to manipulate, deceive, and exploit other vulnerabilities in a harmful way. Although it is not forbidden, the EC is also going to monitor the applications categorised as "high risk." These are applications that seem to have been developed in good faith, but if something were to go wrong, could have catastrophic consequences.

The use of artificial intelligence in critical infrastructures, such as transportation, that are susceptible to failure, which could lead to human life or death citizens; AI solutions used in education institutions, which can have a direct impact on someone's ability to gain an education and their career path. An example of where AI-based products will be used, such as the scoring of exams, the use of robots in surgery, or even the use of AI in law enforcement with the potential to override people's rights, such as the evaluation of evidence, there may be some issues with human rights.

AI Act is the first piece of legislation to be enforced in the European Union, marking an important milestone in the region's approach to artificial intelligence regulation. Even though the European Commission has not yet released comprehensive compliance guidelines, organizations are now required to follow newly established guidelines concerning prohibited artificial intelligence applications and AI literacy requirements, even though no comprehensive compliance guidelines have yet been released.

It explicitly prohibits artificial intelligence systems that are deemed to pose an “unacceptable risk,” which includes those that manipulate human behaviour in harmful ways, take advantage of vulnerabilities associated with age, disability, and socioeconomic status, as well as those that facilitate the implementation of social scoring by the government. There is also a strong prohibition in this act against the use of real-time biometric identification in public places, except under specified circumstances, as well as the creation of facial recognition databases that are based on online images or surveillance footage scraped from online sources.

The use of artificial intelligence for the recognition of emotions in the workplace or educational institutions is also restricted, along with the use of predictive policing software. There are severely fined companies found to be using these banned AI systems within the EU, and the fines can reach as high as 7% of their global annual turnover or 35 million euros, depending on which is greater. In the days following the enactment of these regulations, companies operating in the AI sector must pay attention to compliance challenges while waiting for further guidance from the EU authorities on how to accomplish compliance.

There is an antitrust law that prohibits the use of artificial intelligence systems that use information about an individual's background, skin colour, or social media behaviour as a way of ranking their likelihood of defaulting on a loan or defrauding a social welfare program. A law enforcement agency must follow strict guidelines to ensure that they do not use artificial intelligence (AI) to predict criminal behaviour based only on facial features or personal characteristics, without taking any objective, verifiable facts into account.

Moreover, the legislation also forbids AI tools which extract facial images from the internet, or CCTV footage, indiscriminately to create large-scale databases that can be accessed by any surveillance agencies, as this is a form of mass surveillance. An organization is restricted from using artificial intelligence-driven webcams or voice recognition to detect the emotions of its employees, and it is forbidden to use subliminal or deceptive AI interfaces to manipulate the user into making a purchase.

As a further measure, it is also prohibited to introduce AI-based toys or systems specifically designed to target children, the elderly, or vulnerable individuals who are likely to engage in harmful behaviour. There is also a provision of the Act that prohibits artificial intelligence systems from interpreting political opinions and sexual orientation from facial analysis, thus ensuring stricter protection of individuals' privacy rights and privacy preferences.

Italy Takes Action Against DeepSeek AI Over User Data Risks



 

Technology

Artificial Intelligence China DeepSeek Garante Italy Technology

Italy Takes Action Against DeepSeek AI Over User Data Risks

Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear that the chatbot’s data practices could pose security risks, leading to its removal from Italian app stores.

Why Did Italy Ban DeepSeek?

The main reason behind the ban is DeepSeek’s lack of transparency regarding its data collection policies. Italian regulators reached out to the company with concerns over whether it was handling user information in a way that aligns with European privacy laws. However, DeepSeek’s response was deemed “totally insufficient,” raising even more doubts about its operations.

Garante stated that DeepSeek denied having a presence in Italy and claimed that European regulations did not apply to it. Despite this, authorities believe that the company’s AI assistant has been accessible to Italian users, making it subject to the region’s data protection rules. To address these concerns, Italy has launched an official investigation into DeepSeek’s activities.

Growing Concerns Over AI and Data Security

DeepSeek is an advanced AI chatbot developed by a Chinese startup, positioned as a competitor to OpenAI’s ChatGPT and Google’s Gemini. With over 10 million downloads worldwide, it is considered a strong contender in the AI market. However, its expansion into Western countries has sparked concerns about how user data might be used.

Italy is not the only country scrutinizing DeepSeek’s data practices. Authorities in France, South Korea, and Ireland have also launched investigations, highlighting global concerns about AI-driven data collection. Many governments fear that personal data gathered by AI chatbots could be misused for surveillance or other security threats.

This is not the first time Italy has taken action against an AI company. In 2023, Garante temporarily blocked OpenAI’s ChatGPT over privacy issues. OpenAI was later fined €15 million after being accused of using personal data to train its AI without proper consent.

Impact on the AI and Tech Industry

The crackdown on DeepSeek comes at a time when AI technology is shaping global markets. Just this week, concerns over China’s growing influence in AI led to a significant drop in the U.S. stock market. The NASDAQ 100 index lost $1 trillion in value, with AI chipmaker Nvidia alone suffering a $600 million loss.

While DeepSeek has been removed from Italian app stores, users who downloaded it before the ban can still access the chatbot. Additionally, its web-based version remains functional, raising questions about how regulators will enforce the restriction effectively.

As AI continues to make new advancements, countries are becoming more cautious about companies that fail to meet privacy and security standards. With multiple nations now investigating DeepSeek, its future in Western markets remains uncertain.

DeepSeek’s Rise: A Game-Changer in the AI Industry



 

Technology

Anthropic Artificial Intelligence DeepSeek NVIDIA OpenAI Technology

DeepSeek’s Rise: A Game-Changer in the AI Industry

January 27 marked a pivotal day for the artificial intelligence (AI) industry, with two major developments reshaping its future. First, Nvidia, the global leader in AI chips, suffered a historic loss of $589 billion in market value in a single day—the largest one-day loss ever recorded by a company. Second, DeepSeek, a Chinese AI developer, surged to the top of Apple’s App Store, surpassing ChatGPT. What makes DeepSeek’s success remarkable is not just its rapid rise but its ability to achieve high-performance AI with significantly fewer resources, challenging the industry’s reliance on expensive infrastructure.

DeepSeek’s Innovative Approach to AI Development

Unlike many AI companies that rely on costly, high-performance chips from Nvidia, DeepSeek has developed a powerful AI model using far fewer resources. This unexpected efficiency disrupts the long-held belief that AI breakthroughs require billions of dollars in investment and vast computing power. While companies like OpenAI and Anthropic have focused on expensive computing infrastructure, DeepSeek has proven that AI models can be both cost-effective and highly capable.

DeepSeek’s AI models perform at a level comparable to some of the most advanced Western systems, yet they require significantly less computational power. This approach could democratize AI development, enabling smaller companies, universities, and independent researchers to innovate without needing massive financial backing. If widely adopted, it could reduce the dominance of a few tech giants and foster a more inclusive AI ecosystem.

Implications for the AI Industry

DeepSeek’s success could prompt a strategic shift in the AI industry. Some companies may emulate its focus on efficiency, while others may continue investing in resource-intensive models. Additionally, DeepSeek’s open-source nature adds an intriguing dimension to its impact. Unlike OpenAI, which keeps its models proprietary, DeepSeek allows its AI to be downloaded and modified by researchers and developers worldwide. This openness could accelerate AI advancements but also raises concerns about potential misuse, as open-source AI can be repurposed for unethical applications.

Another significant benefit of DeepSeek’s approach is its potential to reduce the environmental impact of AI development. Training AI models typically consumes vast amounts of energy, often through large data centers. DeepSeek’s efficiency makes AI development more sustainable by lowering energy consumption and resource usage.

However, DeepSeek’s rise also brings challenges. As a Chinese company, it faces scrutiny over data privacy, security, and censorship. Like other AI developers, DeepSeek must navigate issues related to copyright and the ethical use of data. While its approach is innovative, it still grapples with industry-wide challenges that have plagued AI development in the past.

A More Competitive AI Landscape

DeepSeek’s emergence signals the start of a new era in the AI industry. Rather than a few dominant players controlling AI development, we could see a more competitive market with diverse solutions tailored to specific needs. This shift could benefit consumers and businesses alike, as increased competition often leads to better technology at lower prices.

However, it remains unclear whether other AI companies will adopt DeepSeek’s model or continue relying on resource-intensive strategies. Regardless, DeepSeek has already challenged conventional thinking about AI development, proving that innovation isn’t always about spending more—it’s about working smarter.

DeepSeek’s rapid rise and innovative approach have disrupted the AI industry, challenging the status quo and opening new possibilities for AI development. By demonstrating that high-performance AI can be achieved with fewer resources, DeepSeek has paved the way for a more inclusive and sustainable future. As the industry evolves, its impact will likely inspire further innovation, fostering a competitive landscape that benefits everyone.

AI-Powered Personalized Learning: Revolutionizing Education



 

Technology

AI Learning Artificial Intelligence Data Privacy Personalised learning Technology

AI-Powered Personalized Learning: Revolutionizing Education

In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a distant dream but a rapidly emerging reality, thanks to the revolutionary impact of artificial intelligence (AI). Personalized learning, once a buzzword, has become a game-changer, with AI at the forefront of this transformation. In this blog, we’ll explore how AI is driving the personalized learning revolution, its benefits and challenges, and what the future holds for this exciting frontier in education.

Personalized learning is an educational approach that tailors teaching and learning experiences to meet the unique needs, strengths, and interests of each student. Unlike traditional one-size-fits-all methods, personalized learning aims to provide a customized educational experience that accommodates diverse learning styles, paces, and preferences. The goal is to enhance student engagement and achievement by addressing individual characteristics such as academic abilities, prior knowledge, and personal interests.

The Role of AI in Personalized Learning

AI is playing a pivotal role in making personalized learning a reality. Here’s how:

Adaptive Learning Platforms: These platforms use AI to dynamically adjust educational content based on a student’s performance, learning style, and pace. By analyzing how students interact with the material, adaptive systems can modify task difficulty and provide tailored resources to meet individual needs. This ensures a personalized learning experience that evolves as students progress.
Analyzing Student Performance and Behavior: AI-driven analytics processes vast amounts of data on student behavior, performance, and engagement to identify patterns and trends. These insights help educators pinpoint areas where students excel or struggle, enabling timely interventions and support.

Benefits of AI-Driven Personalized Learning

The integration of AI into personalized learning offers numerous advantages:

Enhanced Student Engagement: AI-powered personalized learning makes education more relevant and engaging by adapting content to individual interests and needs. This approach fosters a deeper connection to the subject matter and keeps students motivated.
Improved Learning Outcomes: Studies have shown that personalized learning tools lead to higher test scores and better grades. By addressing individual academic gaps, AI ensures that students master concepts more effectively.
Efficient Use of Resources: AI streamlines lesson planning and focuses on areas where students need the most support. By automating repetitive tasks and providing actionable insights, AI helps educators manage their time and resources more effectively.

Challenges and Considerations

While AI-driven personalized learning holds immense potential, it also presents several challenges:

Data Privacy and Security: Protecting student data is a critical concern. Schools and technology providers must implement robust security measures and transparent data policies to safeguard sensitive information.
Equity and Access: Ensuring equal access to AI-powered tools is essential to prevent widening educational disparities. Efforts must be made to provide all students with the necessary devices and internet connectivity.
Teacher Training and Integration: Educators need comprehensive training to effectively use AI tools in the classroom. Ongoing support and resources are crucial to help teachers integrate these technologies into their lesson plans.

AI is revolutionizing education by enabling personalized learning experiences that cater to each student’s unique needs and pace. By enhancing engagement, improving outcomes, and optimizing resource use, AI is shaping the future of education. However, as we embrace these advancements, it is essential to address challenges such as data privacy, equitable access, and teacher training. With the right approach, AI-powered personalized learning has the potential to transform education and unlock new opportunities for students worldwide.

Rising Cyber Threats in the Financial Sector: A Call for Enhanced Resilience



 

Technology

AI news AI-technology Cybersecurity news Artificial Intelligence Technology

Rising Cyber Threats in the Financial Sector: A Call for Enhanced Resilience

The financial sector is facing a sharp increase in cyber threats, with investment firms, such as asset managers, hedge funds, and private equity firms, becoming prime targets for ransomware, AI-driven attacks, and data breaches. These firms rely heavily on uninterrupted access to trading platforms and sensitive financial data, making cyber resilience essential to prevent operational disruptions and reputational damage. A successful cyberattack can lead to severe financial losses and a decline in investor confidence, underscoring the importance of robust cybersecurity measures.

As regulatory requirements tighten, investment firms must stay ahead of evolving cyber risks. In the UK, the upcoming Cyber Resilience and Security Bill, set to be introduced in 2025, will impose stricter cybersecurity obligations on financial institutions. Additionally, while the European Union’s Digital Operational Resilience Act (DORA) is not directly applicable to UK firms, it will impact those operating within the EU market. Financial regulators, including the Bank of England, the Financial Conduct Authority (FCA), and the Prudential Regulation Authority, are emphasizing cyber resilience as a critical component of financial stability.

The Growing Complexity of Cyber Threats

The rise of artificial intelligence has further complicated the cybersecurity landscape. AI-powered tools are making cyberattacks more sophisticated and difficult to detect. For instance, voice cloning technology allows attackers to impersonate executives or colleagues, deceiving employees into granting unauthorized access or transferring large sums of money. Similarly, generative AI tools are being leveraged to craft highly convincing phishing emails that lack traditional red flags like poor grammar and spelling errors, making them far more effective.

As AI-driven cyber threats grow, investment firms must integrate AI-powered security solutions to defend against these evolving attack methods. However, many investment firms face challenges in building and maintaining effective cybersecurity frameworks on their own. This is where partnering with managed security services providers (MSSPs) can offer a strategic advantage. Companies like Linedata provide specialized cybersecurity solutions tailored for financial services firms, including AI-driven threat detection, 24/7 security monitoring, incident response planning, and employee training.

Why Investment Firms Are Prime Targets

Investment firms are increasingly attractive targets for cybercriminals due to their high-value transactions and relatively weaker security compared to major banks. Large financial institutions have heavily invested in cyber resilience, making it harder for hackers to breach their systems. As a result, attackers are shifting their focus to investment firms, which may not have the same level of cybersecurity investment. Without robust security measures, these firms face increased risks of operational paralysis and significant financial losses.

To address these challenges, investment firms must prioritize:

Strengthening Cyber Defenses: Implementing advanced security measures, such as multi-factor authentication (MFA), encryption, and endpoint protection.
Rapid Incident Response: Developing and regularly testing incident response plans to ensure quick recovery from cyberattacks.
Business Continuity Planning: Ensuring continuity of operations during and after a cyber incident to minimize disruptions.

By adopting these proactive strategies, investment firms can enhance their cyber resilience and protect their financial assets, sensitive client data, and investor confidence.

As cyber risks continue to escalate, investment firms must take decisive action to reinforce their cybersecurity posture. By investing in robust cyber resilience strategies, adopting AI-driven security measures, and partnering with industry experts, firms can safeguard their operations and maintain trust in an increasingly digital financial landscape. The combination of regulatory compliance, advanced technology, and strategic partnerships will be key to navigating the complex and ever-evolving world of cyber threats.

Cyber Threats in Hong Kong Hit Five-Year Peak with AI’s Growing Influence



 

Software

Artificial Intelligence Cyber Threats Hong Kong Passwords Software

Cyber Threats in Hong Kong Hit Five-Year Peak with AI’s Growing Influence

Hong Kong experienced a record surge in cyberattacks last year, marking the highest number of incidents in five years. Hackers are increasingly using artificial intelligence (AI) to strengthen their methods, according to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT).

The agency reported a spike of 12,536 cybersecurity incidents in 2024, a dramatic increase of 62% from 7,752 cases in 2023. Phishing attacks dominated these incidents, with cases more than doubling from 3,752 in 2023 to 7,811 last year.

AI is aiding in improving phishing campaign effectiveness. Attackers can now use AI tools to create extremely realistic fake emails and websites that even the most skeptical eye cannot easily distinguish from their legitimate counterparts.

Alex Chan Chung-man, a digital transformation leader at HKCERT, commented that phishing attacks targeted the majority of cases for banking, financial, and payment systems, almost 25% of the total cases. Social media, including WhatsApp and messaging apps, was another main target, 22% of the total cases.

AI allows scammers to create flawless phishing messages and generate fake website links that mimic trusted services," Chan explained. This efficiency has led to a sharp rise in phishing links, with over 48,000 malicious URLs identified last year—an increase of 1.5 times compared to 2023.

Hackers are also targeting other essential services such as healthcare and utilities. A notable case involved Union Hospital in Tai Wai, which suffered a ransomware attack. In this case, cybercriminals used a malware called "LockBit" to demand a $10 million ransom. The hospital did not comply with the ransom demand but the incident illustrates the risks critical infrastructure providers face.

Third-party vendors involved with critical sectors are emerging vulnerabilities for hackers to exploit. Leaks through such third-party partners have the potential to cause heavy damages, ranging from legal to reputation-related.

New Risk: Electronic Sign Boards

Digital signboards, once left unattended, are now being targeted by hackers. According to HKCERT, 40% of companies have not risk-assessed these systems. These displays can easily be hijacked through USB devices or wireless connections and display malicious or inappropriate content.

Though Hong Kong has not been attacked this way, such attacks in other countries indicate a new threat.

Prevention for Businesses

HKCERT advises organizations to take the following measures against these threats:

Change passwords regularly and use multi-factor authentication.
Regularly backup important data to avoid loss.
Update software regularly to patch security vulnerabilities.

Chan emphasized that AI-driven threats will develop their methods, and thus robust cybersecurity practices are needed to protect sensitive data and infrastructure.

Why AI-Driven Cybercrime Is the Biggest Threat of 2025



 

Malaysia

Artificial Intelligence Cyber Attacks Deepfake Technology Malaysia

Why AI-Driven Cybercrime Is the Biggest Threat of 2025

AI in Cybercrimes: Rising Threats and Challenges

Kuala Lumpur: The increasing use of artificial intelligence (AI) in cybercrimes is becoming a grave issue, says Datuk Seri Ramli Mohamed Yoosuf, Director of Malaysia's Commercial Crime Investigation Department (CCID). Speaking at the Asia International Security Summit and Expo 2025, he highlighted how cybercriminals are leveraging AI to conduct sophisticated attacks, creating unprecedented challenges for cybersecurity efforts.

"AI has enabled criminals to churn through huge datasets with incredible speed, helping them craft highly convincing phishing emails targeted at deceiving individuals," Ramli explained. He emphasized how these advancements in AI make fraudulent communications harder to identify, thus increasing the risk of successful cyberattacks.

Rising Threats to Critical Sectors

Ramli expressed concern over the impact of AI-driven cybercrime on critical sectors such as healthcare and transportation. Attacks on hospital systems could disrupt patient care, putting lives at risk, while breaches in transportation networks could endanger public safety and hinder mobility. These scenarios highlight the urgent need for robust defense mechanisms and efficient response plans to protect critical infrastructure.

One of the key challenges posed by AI is the creation of realistic fake content through deepfake technology. Criminals can generate fake audio or video files that convincingly mimic real individuals, enabling them to manipulate or scam their targets more effectively.

Another area of concern is the automation of phishing attacks. With AI, attackers can identify software vulnerabilities quickly and execute precision attacks at unprecedented speeds, putting defenders under immense pressure to keep up.

Cybercrime Statistics in Malaysia

Over the past five years, Malaysia has seen a sharp rise in cybercrime cases. Between 2020 and 2024, 143,000 cases were reported, accounting for 85% of all commercial crimes during this period. This indicates that cybersecurity threats are becoming increasingly sophisticated, necessitating significant changes in security practices for both individuals and organizations.

Ramli stressed the importance of collective vigilance against evolving cyber threats. He urged the public to be more aware of these risks and called for greater investment in technological advancements to combat AI-driven cybercrime.

"To the extent cybercriminals will become more advanced, we can ensure that people and organizations are educated on how to recognize and deal with these challenges," he stated.

By prioritizing proactive measures and fostering a culture of cybersecurity, Malaysia can strengthen its defenses against the persistent threat of AI-driven cybercrimes.

A Looming Threat to Crypto Keys: The Risk of a Quantum Hack



 

Threat Landscape

Artificial Intelligence Crypto Hack Quantum computing Technology Threat Landscape

A Looming Threat to Crypto Keys: The Risk of a Quantum Hack

The Quantum Computing Threat to Cryptocurrency Security

The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears is its ability to break the private keys safeguarding cryptocurrency wallets.

While this threat is genuine, it is unlikely to materialize overnight. It is, however, crucial to examine the current state of quantum computing in terms of commercial capabilities and assess its potential to pose a real danger to cryptocurrency security.

Before delving into the risks, it’s essential to understand the basics of quantum computing. Unlike classical computers, which process information using bits (either 0 or 1), quantum computers rely on quantum bits, or qubits. Qubits leverage the principles of quantum mechanics to exist in multiple states simultaneously (0, 1, or both 0 and 1, thanks to the phenomenon of superposition).

Quantum Computing Risks: Shor’s Algorithm

One of the primary risks posed by quantum computing stems from Shor’s algorithm, which allows quantum computers to factor large integers exponentially faster than classical algorithms. The security of several cryptographic systems, including RSA, relies on the difficulty of factoring large composite numbers. For instance, RSA-2048, a widely used cryptographic key size, underpins the private keys used to sign and authorize cryptocurrency transactions.

Breaking RSA-2048 with today’s classical computers, even using massive clusters of processors, would take billions of years. To illustrate, a successful attempt to crack RSA-768 (a 768-bit number) in 2009 required years of effort and hundreds of clustered machines. The computational difficulty grows exponentially with key size, making RSA-2048 virtually unbreakable within any human timescale—at least for now.

Commercial quantum computing offerings, such as IBM Q System One, Google Sycamore, Rigetti Aspen-9, and AWS Braket, are available today for those with the resources to use them. However, the number of qubits these systems offer remains limited — typically only a few dozen. This is far from sufficient to break even moderately sized cryptographic keys within any realistic timeframe. Breaking RSA-2048 would require millions of years with current quantum systems.

Beyond insufficient qubit capacity, today’s quantum computers face challenges in qubit stability, error correction, and scalability. Additionally, their operation depends on extreme conditions. Qubits are highly sensitive to electromagnetic disturbances, necessitating cryogenic temperatures and advanced magnetic shielding for stability.

Future Projections and the Quantum Threat

Unlike classical computing, quantum computing lacks a clear equivalent of Moore’s Law to predict how quickly its power will grow. Google’s Hartmut Neven proposed a “Neven’s Law” suggesting double-exponential growth in quantum computing power, but this model has yet to consistently hold up in practice beyond research and development milestones.

Hypothetically, achieving double-exponential growth to reach the approximately 20 million physical qubits needed to crack RSA-2048 could take another four years. However, this projection assumes breakthroughs in addressing error correction, qubit stability, and scalability—all formidable challenges in their own right.

While quantum computing poses a theoretical threat to cryptocurrency and other cryptographic systems, significant technical hurdles must be overcome before it becomes a tangible risk. Current commercial offerings remain far from capable of cracking RSA-2048 or similar key sizes. However, as research progresses, it is crucial for industries reliant on cryptographic security to explore quantum-resistant algorithms to stay ahead of potential threats.

Quantum Computing: A Rising Challenge Beyond the AI Spotlight



 

Technology

Artificial Intelligence Cybersecurity Threats Post-Quantum Encryption Quantum computing Technology

Quantum Computing: A Rising Challenge Beyond the AI Spotlight

Artificial intelligence (AI) often dominates headlines, stirring fascination and fears of a machine-controlled dystopia. With daily interactions through virtual assistants, social media algorithms, and self-driving cars, AI feels familiar, thanks to decades of science fiction embedding it into popular culture. Yet, lurking beneath the AI buzz is a less familiar but potentially more disruptive force: quantum computing.

Quantum computing, unlike AI, is shrouded in scientific complexity and public obscurity. While AI benefits from widespread cultural familiarity, quantum mechanics remains an enigmatic topic, rarely explored in blockbuster movies or bestselling novels. Despite its low profile, quantum computing harbors transformative—and potentially hazardous—capabilities.

Quantum computers excel at solving problems beyond the scope of today's classical computers. For example, in 2019, Google’s quantum computer completed a computation in just over three minutes—a task that would take a classical supercomputer approximately 10,000 years. This unprecedented speed holds the promise to revolutionize fields such as healthcare, logistics, and scientific research. However, it also poses profound risks, particularly in cybersecurity.

The most immediate threat of quantum computing lies in its ability to undermine existing encryption systems. Public-key cryptography, which safeguards online transactions and personal data, relies on mathematical problems that are nearly impossible for classical computers to solve. Quantum computers, however, could crack these codes in moments, potentially exposing sensitive information worldwide.

Many experts warn of a “cryptographic apocalypse” if organizations fail to adopt quantum-resistant encryption. Governments and businesses are beginning to recognize the urgency. The World Economic Forum has called for proactive measures, emphasizing the need to prepare for the quantum era before it is too late. Despite these warnings, the public conversation remains focused on AI, leaving the risks of quantum computing underappreciated.

The race to counter the quantum threat has begun. Leading tech companies like Google and Apple are developing post-quantum encryption protocols to secure their systems. Governments are crafting strategies for transitioning to quantum-safe encryption, but timelines vary. Experts predict that quantum computers capable of breaking current encryption may emerge within 5 to 30 years. Regardless of the timeline, the shift to quantum-resistant systems will be both complex and costly.

While AI captivates the world with its promise and peril, quantum computing remains an under-discussed yet formidable security challenge. Its technical intricacy and lack of cultural presence have kept it in the shadows, but its potential to disrupt digital security demands immediate attention. As society marvels at AI-driven futures, it must not overlook the silent revolution of quantum computing—an unseen threat that could redefine our technological landscape if unaddressed.

Meta's AI Bots on WhatsApp Spark Privacy and Usability Concerns



 

AI bots Artificial Intelligence Meta Technology WhatsApp

Meta's AI Bots on WhatsApp Spark Privacy and Usability Concerns

WhatsApp, the world's most widely used messaging app, is celebrated for its simplicity, privacy, and user-friendly design. However, upcoming changes could drastically reshape the app. Meta, WhatsApp's parent company, is testing a new feature: AI bots. While some view this as a groundbreaking innovation, others question its necessity and raise concerns about privacy, clutter, and added complexity.

Meta is introducing a new "AI" tab in WhatsApp, currently in beta testing for Android users. This feature will allow users to interact with AI-powered chatbots on various topics. These bots include both third-party models and Meta’s in-house virtual assistant, "Meta AI." To make room for this update, the existing "Communities" tab will merge with the "Chats" section, with the AI tab taking its place. Although Meta presents this as an upgrade, many users feel it disrupts WhatsApp's clean and straightforward design.

Meta’s strategy seems focused on expanding its AI ecosystem across its platforms—Instagram, Facebook, and now WhatsApp. By introducing AI bots, Meta aims to boost user engagement and explore new revenue opportunities. However, this shift risks undermining WhatsApp’s core values of simplicity and secure communication. The addition of AI could clutter the interface and complicate user experience.

Key Concerns Among Users

1. Loss of Simplicity: WhatsApp’s minimalistic design has been central to its popularity. Adding AI features could make the app feel overloaded and detract from its primary function as a messaging platform.

2. Privacy and Security Risks: Known for its end-to-end encryption, WhatsApp prioritizes user privacy. Introducing AI bots raises questions about data security and how Meta will prevent misuse of these bots.

3. Unwanted Features: Many users believe AI bots are unnecessary for a messaging app. Unlike optional AI tools on platforms like ChatGPT or Google Gemini, Meta's integration feels forced.

4. Cluttered Interface: Replacing the "Communities" tab with the AI tab consumes valuable space, potentially disrupting how users navigate the app.

The Bigger Picture

Meta may eventually allow users to create custom AI bots within WhatsApp, a feature already available on Instagram. However, this could introduce significant risks. Poorly moderated bots might spread harmful or misleading content, threatening user trust and safety.

WhatsApp users value its security and simplicity. While some might welcome AI bots, most prefer such features to remain optional and unobtrusive. Since the AI bot feature is still in testing, it’s unclear whether Meta will implement it globally. Many hope WhatsApp will stay true to its core strengths—simplicity, privacy, and reliability—rather than adopting features that could alienate its loyal user base. Will this AI integration enhance the platform or compromise its identity? Only time will tell.

Ensuring Governance and Control Over Shadow AI



 

Technology

Artificial Intelligence ChatGPT CyberCrime CyberThreat Cyersecurity GitHub Shadow AI Technology

Ensuring Governance and Control Over Shadow AI

AI has become almost ubiquitous in software development, as a GitHub survey shows, 92 per cent of developers in the United States use artificial intelligence as part of their everyday coding. This has led many individuals to participate in what is termed “shadow AI,” which involves leveraging the technology without the knowledge or approval of their organization’s Information Technology department and/or Chief Information Security Officer (CISO).

This has increased their productivity. In light of this, it should not come as a surprise to learn that motivated employees will seek out the technology that can maximize their value potential as well as minimize repetitive tasks that interfere with more creative, challenging endeavours. It is not uncommon for companies to be curious about new technologies, especially those that can be used to make work easier and more efficient, such as artificial intelligence (AI) and automation tools.

Despite the increasing amount of ingenuity, some companies remain reluctant to adopt technology at their first, or even second, glances. Nevertheless, resisting change does not necessarily mean employees will stop secretly using AI in a non-technical way, especially since tools such as Microsoft Copilot, ChatGPT, and Claude make these technologies more accessible to non-technical employees.

Known as shadow AI, shadow AI is a growing phenomenon that has gained popularity across many different sectors. There is a concept known as shadow AI, which is the use of artificial intelligence tools or systems without the official approval or oversight of the organization's information technology or security department. These tools are often adopted to solve immediate problems or boost efficiency within an organization.

If these tools are not properly governed, they can lead to data breaches, legal violations, or regulatory non-compliance, which could pose significant risks to businesses. When Shadow AI is not properly managed, it can introduce vulnerabilities into users' infrastructure that can lead to unauthorized access to sensitive data. In a world where artificial intelligence is becoming increasingly ubiquitous, organizations should take proactive measures to make sure their operations are protected.

Shadow generative AI poses specific and substantial risks to an organization's integrity and security, and poses significant threats to both of them. A non-regulated use of artificial intelligence can lead to decisions and actions that could undermine regulatory and corporate compliance. Particularly in industries with very strict data handling protocols, such as finance and healthcare, where strict data handling protocols are essential.

As a result of the bias inherent in the training data, generative AI models can perpetuate these biases, generate outputs that breach copyrights, or generate code that violates licensing agreements. The untested code may cause the software to become unstable or error-prone, which can increase maintenance costs and cause operational disruptions. In addition, such code may contain undetected malicious elements, which increases the risk of data breach and system downtime, as well.

It is important to recognize that the mismanagement of Artificial Intelligence interactions in customer-facing applications can result in regulatory non-compliance, reputational damage, as well as ethical concerns, particularly when the outputs adversely impact the customer experience. Consequently, organization leaders must ensure that their organizations are protected from unintended and adverse consequences when utilizing generative AI by implementing robust governance measures to mitigate these risks.

In recent years, AI technology, including generative and conversational AI, has seen incredible growth in popularity, leading to widespread grassroots adoption of these technologies. The accessibility of consumer-facing AI tools, which require little to no technical expertise, combined with a lack of formal AI governance, has enabled employees to utilize unvetted AI solutions, The 2025 CX Trends Report highlights a 250% year-over-year increase in shadow AI usage in some industries, exposing organizations to heightened risks related to data security, compliance, and business ethics.

There are many reasons why employees turn to shadow AI for personal or team productivity enhancement because they are dissatisfied with their existing tools, because of the ease of access, and because they want to enhance the ability to accomplish specific tasks. In the future, this gap will grow as CX Traditionalists delay the development of AI solutions due to limitations in budget, a lack of knowledge, or an inability to get internal support from their teams.

As a result, CX Trendsetters are taking steps to address this challenge by adopting approved artificial intelligence solutions like AI agents and customer experience automation, as well as ensuring the appropriate oversight and governance are in place. Identifying AI Implementations: CISOs and security teams, must determine who will be introducing AI throughout the software development lifecycle (SDLC), assess their security expertise, and evaluate the steps taken to minimize risks associated with AI deployment.

In training programs, it is important to raise awareness among developers of the importance and potential of AI-assisted code as well as develop their skills to address these vulnerabilities. To identify vulnerable phases of the software development life cycle, the security team needs to analyze each phase of the SDLC and identify if any are vulnerable to unauthorized uses of AI.

Fostering a Security-First Culture: By promoting a proactive protection mindset, organizations can reduce the need for reactive fixes by emphasizing the importance of securing their systems from the onset, thereby saving time and money. In addition to encouraging developers to prioritize safety and transparency over convenience, a robust security-first culture, backed by regular training, encourages a commitment to security.

CISOs are responsible for identifying and managing risks associated with new tools and respecting decisions made based on thorough evaluations. This approach builds trust, ensures tools are properly vetted before deployment, and safeguards the company's reputation. Incentivizing Success: There is great value in having developers who contribute to bringing AI usage into compliance with their organizations.

For this reason, these individuals should be promoted, challenged, and given measurable benchmarks to demonstrate their security skills and practices. As organizations reward these efforts, they create a culture in which AI deployment is considered a critical, marketable skill that can be acquired and maintained. If these strategies are implemented effectively, a CISO and development teams can collaborate to manage AI risks the right way, ensuring faster, safer, and more effective software production while avoiding the pitfalls caused by shadow AI.

As an alternative to setting up sensitive alerts to make sure that confidential data isn't accidentally leaked, it is also possible to set up tools using artificial intelligence, for example, to help detect when a model of artificial intelligence incorrectly inputs or processes personal data, financial information, or other proprietary information.

It is possible to identify and mitigate security breaches in real-time by providing real-time alerts in real-time, and by enabling management to reduce these breaches before they escalate into a full-blown security incident, adding a layer of security protection, in this way.

When an API strategy is executed well, it is possible to give employees the freedom to use GenAI tools productively while safeguarding the company's data, ensuring that AI usage is aligned with internal policies, and protecting the company from fraud. To increase innovation and productivity, one must strike a balance between securing control and ensuring that security is not compromised.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

DeepSeek’s Innovative Approach to AI Development

Implications for the AI Industry

A More Competitive AI Landscape

The Role of AI in Personalized Learning

Benefits of AI-Driven Personalized Learning

Challenges and Considerations

The Growing Complexity of Cyber Threats

Why Investment Firms Are Prime Targets

Rising Threats to Critical Sectors

Cybercrime Statistics in Malaysia

Quantum Computing Risks: Shor’s Algorithm

Future Projections and the Quantum Threat