This week:
3 – Let’s stop pesky regulations from hindering AI innovation.
2 – You’re only as strong as your weakest supplier.
1 – No, they don’t have a recording of you accessing dodgy sites.
3 – Let’s stop pesky regulations from hindering AI innovation
“no state or political subdivision may enforce any law or regulation regulating artificial intelligence models, artificial intelligence systems, or automated decision systems during the 10-year period beginning on the date of the enactment of this Act”
Source: Tech Policy Press
What’s the story?
In the U.S., Republicans are attempting to place a 10-year moratorium on state and local enforcement of AI regulations.
While this may look like a blatant attempt to allow AI to develop without the hassle of regulations to protect humanity from obvious risks, they are assuring the public that this moratorium is just the first step in the adoption of a unified federal approach to prevent a fragmented regulatory landscape.
Critics, including Democratic lawmakers and consumer advocacy groups, contend that the moratorium would strip U.S. states of their ability to protect citizens from AI-related harms, such as deepfakes and discrimination.
So what?
This proposed moratorium would centralise AI regulations at the federal level, at a time when the current US administration is actively cutting the budgets and powers of many federal regulators.
2 – You’re only as strong as your weakest supplier
“The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.”
Source: The Register
What’s the story?
Verizon’s 2025 Data Breach Investigations Report reveals that breaches involving third-party relationships surged from 15% to 30% year-over-year.
Cybercriminals are targeting vendors like software providers, accountants, and law firms to infiltrate larger organisations.
So what?
When I help regulated firms to ensure they have appropriate security controls in place, a frequent challenge emerges when I start asking their key third parties about their security controls. Many service providers are not regulated entities, and their focus on client service means they do not actively think about their own security.
That’s why attackers attack your third party service providers: They’re weak links and great stepping stones into valuable targets (i.e. you!).
1 – No, they don’t have a recording of you accessing dodgy sites
“Action Fraud UK are urging the public to look out for phishing emails that relate to extortion [after it] received over 2,924 reports [of these scams] in March 2025, a staggering increase compared to only 133 reports made in February.“
Source: Action Fraud UK
What’s the story?
Reports to Action Fraud UK of extortion phishing emails have recently surged. Many of these scams are ‘Financially Motivated Sexual Extortion’ (FMSE) emails, which claim to have compromising recordings of the recipient visiting dodgy websites and demand cryptocurrency payments to prevent the release of these recordings. These emails frequently include personal details like passwords or addresses, which were really sourced from past data breaches. Victims are advised not to engage with the attacker and to change any passwords mentioned in the dodgy emails.
So what?
If you receive these dodgy emails, ignore them.
And if you visit dodgy websites, make sure you block your webcam!