Samsung, SK Hynix back South Korea's 6 billion AI-chip investment plan

Samsung, SK Hynix back South Korea's $576 billion AI-chip investment plan


South Korean President Lee Jae Myung attends a briefing announcing the government’s three mega projects at Yeongbingwan, the Blue House, in Seoul, South Korea, June 29, 2026. Kim Min-Hee/Kyodonews/Pool via Reuters


South Korea rolled out sweeping semiconductor and artificial intelligence (AI) investment projects on Monday, as President Lee Jae Myung pledged to cement the country’s industry leadership with investments worth more than $576 billion over several years.

 


The announcement marks Lee’s boldest push yet to align South Korea’s AI and semiconductor ambitions with his pledge to narrow regional disparities and revive economies beyond the Seoul metropolitan area.

 


Lee was joined by the leaders of Samsung Electronics and SK Hynix, the world’s two largest memory chipmakers, for the televised announcement.

 


“We must secure the core elements of AI faster than any other country,” the president said. “Semiconductors, physical AI, and AI data centres are the triple axis for our great leap forward.”

 
 


Samsung and SK Hynix will invest 800 trillion won ($517.87 billion), along with suppliers, to build two new chip fabrication plants each in South Korea’s southwestern region, he said.

 


Lee said the country’s southwestern city of Gwangju and South Jeolla province will also invest 5 trillion-20 trillion won in the projects, with a further 81 trillion won expected for a chip packaging cluster in the Chungcheong region near Seoul.

 


Lee said the southwest would host major semiconductor production clusters, drawing on abundant underutilised power.

 


“To meet the rapidly increasing demand for semiconductors, we need to quickly complete the production hubs that are currently under construction,” he said.

First Published: Jun 29 2026 | 10:49 PM IST



Source link

WhatsApp begins username reservations, feature to roll out later this year

WhatsApp begins username reservations, feature to roll out later this year



WhatsApp is rolling out username reservation for users, beginning Monday, June 29. This will allow users to create and reserve a username, which they can share with others instead of their phone number. The feature will be available in the app later this year.

 


“Starting this week, you can reserve a username to use later this year when we launch this feature. With over 3 billion people on WhatsApp, a lot of names overlap, which is why we’re opening reservations early so everyone has the opportunity to select the username that matters to them,” the company said in a blog post.

 
 


Once reservations become available, users will be notified in the app. For most people, choosing a WhatsApp username should be something unique that only people they want to contact will know.

 


“Your phone number is protected. You can now share your unique username instead of your digits. There’s no public directory and no suggestions – people need to know your exact username to find you. You can update your username right in the app,” the company said.

 


The company said this will further enhance its privacy features. “Usernames are our latest step to make WhatsApp even more private. There’s no directory to browse and no suggestions – people will need to know your exact username to contact you for the first time. To help control who can reach you on WhatsApp with your username, we’ve built an optional username key that others will need to know to message you,” the company said.

 



Source link

AI models can 'lend false confidence' to blind spots in data: P K Mishra

AI models can 'lend false confidence' to blind spots in data: P K Mishra



The growing use of artificial intelligence (AI) in official statistics carries the risk of models faithfully reproducing the biases and gaps in their training data, and could lend false confidence to the very blind spots we intend to remove, cautioned Principal Secretary to the Prime Minister P K Mishra on Monday. He said these were “not reasons for hesitation” but reasons for a more rigorous approach to data.

 


Speaking at the 20th Statistics Day celebrations, Mishra said that the incorporation of AI is among the frontiers that analytical institutions must pursue. But the commitment to AI-driven datasets by the Ministry of Statistics and Programme Implementation (MoSPI) also warranted a look at the hard questions it poses.

 
 


“If a figure is imputed or nowcast by a model, can the statistical system audit it, explain it, and own it as it owns a survey result?” he asked, adding that the model “learns only from the data it is given, and it will faithfully reproduce whatever biases and gaps it contains.”

 


Mishra placed the AI question alongside two others — of trust and institutional independence — that he said must guide the next phase of reform as India moves to harness administrative data alongside its traditional surveys and censuses.

 


Mishra also flagged an institutional concern arising from the shift towards data generated and owned by different ministries. “For 75 years, the credibility of our statistics has rested in part on our control of the instrument. The ministry designed the survey, it drew the sample, it owned the estimate. As the centre of gravity shifts towards records that other ministries generate and own, we must consider carefully how that independence is preserved,” he said.

 


Describing this year’s Statistics Day theme — Unlocking the Potential of Administrative Data — as marking “an inflection point” for India’s statistical system, Mishra said administrative data must evolve from being a by-product of departmental processes to becoming a strategic national asset, capable of supporting timely, evidence-based decision-making and addressing critical data gaps.

 


The way forward, he said, required “dynamic data catalogues, seamless interoperability across government systems, and a fully integrated data ecosystem where information is generated at source, shared securely, and utilised efficiently for governance and policy analysis”. Trusted and interoperable datasets, he added, would also form the foundation for the responsible and effective adoption of AI in governance.

 


Mishra, however, cautioned that technical investment alone would not suffice. “Building human capacity, data literacy and analytical competencies across institutions will be equally critical for success,” he said, adding that the principles of privacy by design and alignment with existing legal and policy frameworks must guide all efforts towards greater interoperability.

 


“The potential of administrative data will be unlocked not by technology alone, but by the institutional architecture we build around it. The standards and safeguards and the independence that turn raw records into statistics a nation can trust,” he concluded.

 



Source link

Student privacy in the digital age: Why schools need stronger safeguards

Student privacy in the digital age: Why schools need stronger safeguards



Educational institutions begin collecting personal information even before a child enters the classroom. During admissions, they gather names, dates of birth, addresses, identity documents and contact information. As students progress through school, this expands to include attendance records, scores, health records, photographs, videos and participation in extracurricular activities.

 


As schools increasingly adopt digital platforms for learning and administration, the volume of student data being generated and processed has grown. Learning management systems, attendance apps, online examinations, digital report cards and parent communication platforms collect information to support teaching and school operations, adding to a child’s digital footprint.

 


Schools also use websites and social media to showcase classroom activities, competitions and academic achievements. While these updates help keep parents informed and celebrate student success, they also raise questions about how much personally identifiable information should be shared publicly and whether parents fully understand how it may be used or retained. The growing use of third-party edtech platforms has expanded the student data ecosystem.

 
 


Speaking to Business Standard, Ravindra Baviskar, Director, Sales Engineering, Sophos India & SAARC said that the gap between where educational institutions need to be and where they are today remains significant in terms of cybersecurity. More than 60 per cent of schools and colleges in India still lack a formal cybersecurity policy, while many EdTech platforms continue to rely on generic consent checkboxes that fall short of the verifiable parental consent required under the Digital Personal Data Protection (DPDP) Rules.


Digital classrooms bring privacy challenges


As educational institutions become more connected, concerns around privacy are also becoming more complex. Unlike physical records stored within school premises, digital information can be copied, transferred and stored across multiple systems, making it more difficult to control who has access to it and for how long.

 


India’s news platform The Mobile Times has reported that the risks associated with schools sharing children’s personal information online extend beyond privacy concerns. The report notes that once a child’s photograph or personal information becomes publicly accessible, it can be difficult to remove and may be misused for impersonation, image morphing or online harassment. Citing National Crime Records Bureau (NCRB) data, it says India recorded more than 24,000 cybercrime cases involving minors in 2026, underscoring growing concerns around children’s digital safety.

 


The report also highlights that the issue extends beyond schools, with coaching institutes, sports academies and other educational organisations often publishing students’ photographs and achievements online. It adds that the absence of sector-specific compliance guidelines for educational institutions under the DPDP framework may create challenges in ensuring consistent protection of children’s personal data.

 


According to the UNICEF report “Protecting young digital citizens 2025”, as digital tools become more integrated into children’s daily lives, many young users may not fully understand the long-term implications of sharing their personal information online. Data collected through apps, social media platforms, games and educational technologies can include details about a child’s identity, interests and online behaviour.

 


UNICEF notes that such information may be used for purposes such as profiling or targeted advertising, potentially affecting children’s privacy and shaping their digital experiences over time.

 


Another area of concern is cybersecurity. Schools hold large volumes of sensitive personal information but may not always have the same cybersecurity resources as sectors such as banking or healthcare. Phishing attacks, weak passwords, accidental file sharing and unauthorised access to school systems can expose confidential student records. As more classroom activities move online, securing educational platforms becomes increasingly important.

 

“The single biggest risk is third-party vendor blind spots. Schools today operate an ecosystem of platforms like learning management systems, attendance apps, assessment tools and parent communication platforms. Each vendor independently processes children’s data, often on cloud infrastructure the school has never audited. Attackers know this. They do not need to breach the school directly. They breach the weakest vendor in the chain and access data belonging to thousands of children across dozens of institutions in one operation,” said Baviskar. 


DPDP Act compliance and digital safeguards


The Digital Personal Data Protection (DPDP) Act, 2023, brings schools, edtech companies and other organisations that process children’s personal data within a national compliance framework. Under the law, such entities are treated as Data Fiduciaries and are required to obtain verifiable parental consent before processing the personal data of individuals under 18. The Act also mandates that data be collected only for defined purposes, protected through enhanced security safeguards and handled with transparency, particularly when shared with third-party service providers. It further prohibits behavioural tracking and targeted advertising directed at children.

 


The Act also provides for a Data Protection Board to oversee compliance, investigate breaches and impose penalties for violations. As schools increasingly rely on digital platforms and third-party vendors for learning and administration, the framework is expected to encourage educational institutions to strengthen their consent mechanisms, review how student information is collected and shared, and improve overall data governance and accountability.

 


Concerns around children’s digital privacy are also driving policy changes beyond schools. Governments across the world are tightening safeguards for minors online as worries extend beyond cyberbullying to grooming, harmful content, scams and the misuse of children’s digital identities.

 


Countries such as Australia, the UK, France, Malaysia and Indonesia have introduced or proposed age-based restrictions on social media access, while India has also begun debating similar measures at both the state and national levels. The broader trend reflects a growing recognition that protecting children online requires stronger safeguards around both access to digital platforms and the way their personal data is collected and processed.


Why protecting children’s data requires shared responsibility


Compliance alone, however, may not be sufficient to safeguard children’s data, particularly as multiple stakeholders now play a role in digital education. Protecting children’s personal data in digital classrooms extends beyond schools.

 


According to UNICEF’s policy brief on Child Protection in Digital Education, digital learning offers significant educational benefits but also introduces risks that need to be managed by, schools, technology providers and families. As schools increasingly adopt educational technology, UNICEF recommends embedding child protection and privacy considerations into the selection, deployment and use of digital learning tools, rather than treating them as an afterthought.

 


Research by the Digital Futures for Children centre at the London School of Economics also highlights that EdTech platforms process children’s personal and, in some cases, sensitive data. The research notes that schools may struggle to assess complex vendor contracts and fully understand how student data is processed, underscoring the need for stronger data governance and greater transparency from technology providers.


Protecting student data requires more than compliance


While regulation provides the legal framework, protecting children’s personal data also depends on the day-to-day practices adopted by schools, technology providers and parents

 


“Compliance with the DPDP Act is the floor, not the ceiling. Schools must first map the data they collect, where it is stored, who can access it, and which third-party vendors process it. You cannot protect what you cannot see. Vendor risk assessments should become standard before adopting any EdTech tool, and schools should collect only the data necessary for a platform to function,” said Baviskar.

 


Meanwhile, according to US-based edtech company “Ascend Education”, schools can strengthen student data security by implementing role-based access controls, enabling multi-factor authentication, enforcing strong password policies and regularly reviewing user access. The company also recommends encrypting sensitive records, using secure cloud storage, maintaining regular backups and avoiding unsecured file-sharing methods.

 


Access control is the first line of defence. Not every staff member needs access to every record — a finance team needs billing data, a counsellor needs support notes, a teacher needs grades and attendance. Role-based access, strong password policies, multi-factor authentication, and the prompt removal of accounts when staff leave are baseline measures that significantly reduce exposure from the start.

 


Secure storage matters equally. Schools often hold student records across multiple systems, making it essential to encrypt sensitive files, use secure cloud platforms, create regular backups, and audit vendor security settings. Compromised systems can leak data even when the institution itself has done nothing wrong — which is why third-party vendor relationships need the same scrutiny as internal systems.

 


Staff training is persistently underestimated. A single phishing email can expose login credentials for thousands of student records. Training should cover how to identify phishing attempts, handle student records appropriately, avoid unsafe file sharing, and understand why personal devices used for school work create risk.

 


The deeper shift is one of institutional mindset. Schools should regularly ask why a certain type of student data is being collected, who needs access to it, how long it should be kept, which vendors can access it, and whether students or parents understand how it is being used. A data audit — identifying what personal data is collected, where it is stored, and who can access it — is the single most useful first step for any institution beginning this process.



Source link

Apple accuses CCI of 'copy-pasting' rivals' claims in antitrust probe

Apple accuses CCI of 'copy-pasting' rivals' claims in antitrust probe



Apple has accused Indian antitrust investigators of “copy-pasting” its rivals’ claims and failing to properly conduct its own investigation in concluding the US tech giant breached competition laws, calling for the findings to be quashed, regulatory papers reviewed by Reuters showed.

 


The June 25 Apple submission, being reported for the first time, marks the sharpest escalation yet in Apple’s fight with the Competition Commission of India (CCI), where Tinder-owner Match and Indian startups are among its opponents.

 


In 2024, CCI investigators privately issued a report saying Apple engaged in “abusive conduct” on the apps platform of its iOS operating system, and wrongly mandated the use of its payment system.

 
 


Apple has denied the allegations. It said in its submission that it was a “minuscule player” with an under 6 per cent share of India’s smartphone market, and the investigation conclusions were built on rivals’ claims rather than on the CCI’s independent analysis.

 


Apple said any “forced alterations to Apple’s carefully designed App Store could disrupt its integrated business model,” and argued against any penalties and behavioural remedies that could force it to change its approach.

 


“The imposition of remedies would create regulatory uncertainty and could deter investments in India’s digital economy,” the company added.

 


The CCI and its head of investigations did not respond to Reuters queries. Apple also did not respond to requests for comment.

 


Similar arguments by other big companies have failed to sway the CCI. In 2023, Alphabet’s Google argued in its antitrust case that CCI’s order risked stalling its growth, but the company was later forced to make changes to the way it promoted its Android system, which dominates the Indian smartphone market.

 


Senior officials from the CCI are due to hold a closed-door hearing with all parties in the case on July 21.


‘Copy-pasting’ allegations


In its submission, Apple drew up tables to argue the CCI investigation team had not done its own analysis and instead indulged in “copy-pasting” many submissions from opponents in the case such as Match, Walmart’s Indian payments app PhonePe, and Indian rival Paytm.

 


“The DG (Director General) made no effort whatsoever to independently verify or critically assess these statements, often parroting them verbatim,” Apple said.

 


Match, Paytm and PhonePe did not respond to Reuters requests for comment.

 


Apple also said the CCI investigation reports “blindly replicated” a graphic on worldwide consumer spending on mobile apps and games from an EU ruling against Apple in 2024, even though India faced different market conditions.

 


A Reuters review of footnotes of the EU order and Indian investigation report showed both referenced data from Statista, an online research website.

 


In 2023, Google also argued Indian investigators copied parts of a European ruling. “We have not cut, copy and pasted,” CCI said at the time.


Watchdog says Apple stalling case


Apple is facing antitrust challenges around the world, from Europe to the United States.

 


The Indian case, however, is progressing at a time when Apple faces many supply chain issues, including a data breach at its Indian contract manufacturer Tata.

 


The watchdog has accused Apple of stalling the case for more than two years by not submitting responses to the investigation findings and pursuing a parallel challenge to India’s antitrust penalty law, which allows for potential fines of up to 10 per cent of company turnover in the previous three years.

 


The CCI has not said which Apple revenues might be considered but any fine could potentially run into millions of dollars.

 


Apple submissions show it has submitted the “relevant turnover of Apple in India” for fiscal years 2022-24 as required – typically used by the watchdog for penalty calculations.

 


In the submissions, Apple is also arguing officials failed to grant the tech firm “a single opportunity to record its statements and provide oral evidence” during the probe.

 


Google was provided several opportunities to defend itself and explain its business model during its Android case, according to the Apple submission.

 


“While desirable, the CCI’s investigation team is under no legal obligation to give an oral hearing if it feels it has conclusive evidence,” said Gautam Shahi, an Indian antitrust lawyer at Dua Associates.

 


“CCI’s members will now decide if Apple should have been given that opportunity.”

 


As Apple diversifies iPhone manufacturing beyond China, India is a key market – the country is set to make 26 per cent of the world’s iPhones in 2026, up from 6 per cent four years ago, according to Counterpoint Research.

 


If CCI does consider penalties, Apple said mitigating factors should be considered, including its “unblemished record” and the fact that it has exported iPhones worth $51 billion from India over the past five years. 


(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

 



Source link

Prompt injection to deepfakes: How AI rewrites rules of enterprise security

Prompt injection to deepfakes: How AI rewrites rules of enterprise security



The most unsettling development in enterprise cybersecurity right now is not that attackers have become more sophisticated. It is that the tools organisations use to run their businesses operations have become part of the attack.

 


AI agents that automate workflows, chatbots that handle customer queries, coding assistants that sit inside developer environments,  each one represents a new surface that did not exist a few years ago and that most security architectures were never designed to protect. At the same time, the same technology is giving attackers capabilities that previously required entire teams.

 


For enterprise security teams, this is not an upgrade problem. The rhythm that defined cybersecurity for decades — find, patch, repeat — has broken. What replaces it is still being worked out.

 


When the attacker also has AI


The most immediate shift is on the offensive side. AI has handed attackers capabilities that previously required significant expertise, time, and coordination to assemble.

 


Phishing, the most common entry point for breaches, has been the most visibly transformed. Campaigns that once relied on poorly worded, mass-distributed emails now arrive as carefully composed, contextually accurate messages that reference an employee’s role, recent activity, or internal terminology. A study published by McKinsey last year found that AI tools are enabling attackers to craft highly personalised phishing messages, fake websites, and deepfake content that can bypass traditional security controls. The volume has scaled too. What once required a team of engineers can now be generated at machine speed.


Deepfakes have given this a particularly damaging dimension at the enterprise level. Generative AI is achieving a state of real-time replication that makes deepfakes increasingly indistinguishable from reality, enabling attackers to produce company executive doppelgangers capable of issuing commands to employees in live video calls or voice messages.

 


According to Pindrop’s 2025 Voice Intelligence and Security Report, which analysed over 1.2 billion customer calls across contact centres, deepfake fraud attempt frequency surged more than 1,300 per cent in 2024 alone — jumping from roughly one attempt per month to seven per day. The jump was sharpest in financial services, with synthetic voice attacks rising 475 per cent at insurance companies and 149 per cent at banks over the same period.

 


But phishing and identity theft is only the surface layer. AI has also compressed what security researchers call breakout time — the window between an attacker gaining initial access and moving laterally across a network. According to Fortinet’s 2026 threat data, this can now occur in under an hour, dramatically narrowing the window for detection and response.

 


Vulnerability discovery has seen an equally stark shift. Anthropic’s Mythos, a frontier AI model being tested with a select group of organisations under Project Glasswing, identified more than 10,000 high- and critical-severity vulnerabilities across widely used software systems within weeks. Partner organisations saw their bug discovery rates increase by more than ten times after using the system. One finding involved a flaw in a widely used cryptography library that could allow attackers to forge digital certificates and impersonate trusted websites.

 


The implication is uncomfortable: if a safety-focused AI lab is finding vulnerabilities at this speed using a controlled, restricted model, what happens when similar capabilities reach the open market? Anthropic has said that models with comparable cybersecurity capabilities are likely to become more widely available in the near future.


The insider threat that enterprises didn’t plan for


The threats emerging from within organisations are less discussed but no less significant. Many enterprises have adopted AI tools rapidly, often without fully understanding what those tools are doing, what data they are processing, or how they are behaving across systems.

 


This is the black box problem. Most mainstream AI tools in enterprise use today are pre-trained, proprietary systems that provide outputs without explanation. According to a McKinsey survey, 40 per cent of organisations identified explainability as a key blocker to trusting AI, yet only 17 per cent said they were actively working to address it. The gap between acknowledgment and action is itself a security risk.

 


AI agents — systems capable of reasoning, taking actions, and operating across tools on an organisation’s behalf — make this worse. Unlike a chatbot that answers questions, an agent executes tasks. It can access files, send emails, call APIs, and interact with external services. If its behaviour cannot be observed or audited, an organisation effectively has an autonomous actor operating inside its systems with limited oversight.

 


This is not hypothetical. Talking to Forbes, Matan Bar-Efrat, co-founder and CEO of Rein Security, has argued that enterprises are increasingly unable to account for the decisions their AI agents make, creating gaps in both security and legal accountability. In generative AI, agents tackle each problem anew and do not always follow consistent strategies, making their behaviour harder to predict or reconstruct after the fact.


Shadow AI compounds this further. Employees deploying AI tools that have not been vetted or approved by IT — to automate tasks, summarise documents, or draft communications — can inadvertently expose sensitive data to third-party systems that security teams have no visibility into. IBM’s 2025 Cost of a Data Breach Report, based on 600 breached organisations globally, found that one in five organisations experienced a breach linked to shadow AI.

 


A related threat is AI session hijacking. As employees use web-based AI tools directly in their browsers, the session tokens that authenticate those interactions have become high-value targets. An attacker who hijacks an active AI session needs no password, they gain full access to the user’s interaction history and can use the live session to extract proprietary data, from source code to confidential financial analysis, through an interface that most security tools have no visibility into.


AI platforms are themselves becoming targets


A less anticipated development is that the AI tools employees use every day have become attack surfaces in their own right. According to IBM’s 2026 X-Force Threat Index, Infostealer malware led to the exposure of over 300,000 ChatGPT credentials in 2025 alone, signalling that AI platforms have reached the same credential risk profile as other core enterprise SaaS solutions.

 


Compromised chatbot credentials create AI-specific risks beyond simple account access — attackers can manipulate outputs, exfiltrate sensitive data, or inject malicious prompts into sessions containing proprietary information.

 


Prompt injection has emerged as a key attack class in the AI era. To understand why, consider what an AI agent actually does: unlike a chatbot that answers questions, an agent executes tasks autonomously — accessing files, sending emails, calling APIs, browsing the web. Prompt injection exploits this by feeding the agent malicious instructions disguised as normal input, overriding its original programming and turning it against the organisation it serves.

 


According to research by AI security firm Lakera, prompt injection now appears in over 73 per cent of production AI deployments and caused an estimated $2.3 billion in losses globally in 2025, with current detection tools catching only 23 per cent of sophisticated injection attempts.

 


The more dangerous variant — indirect prompt injection — does not even require an attacker to reach the agent directly. Malicious instructions are instead embedded in documents, emails, or web pages that the agent ingests during normal operation.

 


Data poisoning represents a related but distinct threat. Adversaries can manipulate training data at its source to create hidden backdoors in AI models — an evolution from data exfiltration where the attack is embedded in the very intelligence the enterprise is building on. The traditional perimeter is irrelevant when the corruption lives inside the model itself.


Emerging threats


The threats described so far are, in a sense, the ones the security industry can at least name. More unsettling is what sits just ahead — a set of AI-enabled attack categories so structurally novel that existing security frameworks have no real vocabulary for them, let alone a defence. These are not faster versions of known threats. They are threats that the architecture of modern enterprise security was simply never designed to handle.

 


Polymorphic malware that rewrites itself is one. AI can allow attackers to generate code that continuously mutates to evade signature-based detection. Traditional antivirus and endpoint detection tools built around known signatures are structurally ill-equipped for malware that generates a new variant with every deployment, and for intrusions that leave no recognisable malware footprint at all.

 


Fully autonomous AI-executed attacks are another. In September 2025, Anthropic detected what it later described as the first documented large-scale cyber espionage campaign conducted predominantly by AI agents. In such cases AI autonomously handles reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and data exfiltration. Human operators maintained minimal involvement, stepping in only at the campaign’s strategic initiation. The rest — an estimated 80 to 90 per cent of attack tasks — was executed by the AI itself, operating at a pace and scale no human team could match.

 


Anthropic noted that “threat actors can now use agentic AI systems to do the work of entire teams of experienced hackers.” The existing “MITRE ATT&CK” framework, a common language for security teams worldwide to identify, analyse, and respond to threats, had no identifier for this mode of agentic orchestration.



Source link

YouTube
Instagram
WhatsApp