AGP Executive Report

Autonomous 5G in Mining: Jinchuan’s Longshou Mine is using 5G-powered, driverless electric locomotives controlled from above-ground, cutting the need for on-site operators deep underground. Defence Tech Partnership: Keysight and SRC are teaming up to accelerate electronic warfare simulation and scenario generation, aiming to modernize open, software-defined test environments. Education & Exam Security: A fresh Supreme Court petition in India pushes for NEET-UG to move to computer-based testing from 2027, arguing pen-and-paper systems keep creating security and leak risks. Cyber Safeguarding at Scale: UK nursery group Kids Planet is rolling out CPOMS safeguarding and wellbeing tools across 290+ sites to standardize incident logging and staff welfare. Market Pressure on IT: Reports say India’s NSE IT index is down over 26% in 2026 as investors worry AI is shifting spending away from traditional outsourcing. Local Tech & Connectivity: ProSat Networks expands Starlink installation and wireless networking services in Missouri, targeting the state’s unserved and underserved broadband gaps.

Telecom Expansion: Bangladesh’s Bangla Phone just got government approval for a Nationwide Telecommunication Transmission Network (NTTN) licence, making it the 7th operator cleared to build and run nationwide fibre-optic transmission and share infrastructure—after an earlier rejection under the interim government. AI in Healthcare: A new report highlights how AI note-taking is rolling into clinics, but clinicians are still correcting summaries when the tool misses clinical nuance and emotional tone. Cybersecurity Push: Japan plans guidelines for using Anthropic’s Claude Mythos to help software providers check for vulnerabilities, while Vietnam’s SpecterAI and CCLab Forge are partnering on cybersecurity certification and post-quantum compliance. Data & Agents: Publicis agreed to acquire LiveRamp to speed up “data co-creation” for smarter, agent-driven marketing and operations. Connectivity for Citizens: China launched a nationwide emergency communications platform to keep calls and data working during disasters. Education Testing: India says NEET-UG will shift to computer-based testing from next year, following the 2026 leak controversy.

AI Cybersecurity Shift: Google confirmed the first known case of attackers using AI to build a zero-day exploit, while OpenAI’s “Daybreak” pushes defensive AI coordination—both underline how fast AI is moving from “helping” to actively finding and weaponizing software weaknesses. Enterprise Payments for Agents: AWS previewed Bedrock AgentCore Payments, letting AI agents autonomously pay for APIs and services under spending limits—raising new governance, audit, and insurance questions for companies that assumed humans would approve every transaction. India Fintech Pressure: A new report says ~30% of Indians face loan/credit-card rejections with little/no explanation, and many don’t understand credit scores—fueling demand for AI tools that can prevent failures before they happen. Local Tech Policy: Maharashtra briefly ordered Apple/Google to remove bike-taxi apps (Ola/Uber/Rapido), then paused after legal concerns—showing how quickly app-store enforcement can collide with court risk. Public Sector Training: UNESCO ran a Caribbean cybersecurity workshop for older adults across St. Kitts & Nevis, Grenada, and Antigua & Barbuda, focusing on media literacy and safer digital life.

Active Exploitation Alert: Microsoft and CISA are warning that Microsoft Exchange zero-days are being actively targeted, with CISA adding CVE-2026-42897 to its Known Exploited list and urging fast patching. E-commerce Skimmer Risk: WordPress Funnel Builder (FunnelKit) is under active abuse—attackers inject fake Google Tag Manager scripts to skim WooCommerce checkout payments, with a fix released in version 3.15.0.3. Education Cyber Fallout: TRU says it hasn’t seen impact from the Canvas breach tied to ShinyHunters, even as the incident reportedly hit thousands of schools and 275M people. Govt Data Security Push: India’s MeitY is running a national consultation to strengthen cybersecurity for state-held citizen data. Local Tech Policy: Maharashtra cyber authorities have issued notices to Google and Apple to disable bike-taxi apps like Ola/Uber/Rapido. Human Rights & Tech: UAE reporting alleges sectarian profiling and mass deportations of Pakistani residents, including detention and device confiscation.

Campus IT Planning: West Shore Community College trustees will review a $155,970 contract for a “Living Master Plan,” covering space use, facility condition, stakeholder input, and long-term capital planning, with work starting immediately and a trustee presentation expected in October 2026. Cybersecurity Guidance: UMass IT issued special instructions after the Canvas cybersecurity incident, urging the campus community to stay vigilant as Instructure reported certain user-related fields could be involved. Higher-Ed Risk in Focus: The Canvas outage and follow-on fallout keep showing up across schools, reinforcing how third-party platforms can ripple into access and operations. Policy & Compliance: HMRC refreshed guidance for Making Tax Digital for Income Tax, clarifying how affected self-employed people and landlords should choose software for digital record-keeping and submissions. Security Tech in Action: L3Harris unveiled Wraith Shield, a software upgrade that turns tactical radios into tools for detecting and jamming FPV drones.

AI Security Push: OpenAI’s Daybreak and Microsoft’s MDASH are both escalating the race to secure “operational” AI—moving from reactive defenses to systems that scan, validate, and act faster, with MDASH reportedly beating Anthropic’s Mythos on a real-world vulnerability benchmark. Windows Reliability: Patch Tuesday’s Windows 11 KB5089549 is failing installs and, for some, slowing internet after rollback loops. New Malware Tactic: Researchers warn of XWorm v7.4 using PyInstaller packaging plus AMSI memory patching to slip past Windows scanning. Education Disruption: Canvas is still in the spotlight after a major hack shut access for schools and forced last-minute chaos. Health AI: Singapore teams built an AI model to flag diabetes patients at high risk of lower-limb amputation years early, and they’re expanding rehab robotics with Fourier Rehab. Semiconductor Momentum: Rajasthan inaugurated India’s first SME-led chip assembly/testing/packaging facility in Bhiwadi.

Messaging Privacy Check: A quick reminder that many people leave risky defaults on—review 2FA, tighten who can see profile/status/“last seen,” and prune app permissions that go beyond what the app needs. Grok Disruption: xAI’s Grok is back in the spotlight after widespread app/web access problems, blank replies, and “high demand” messages—another reminder that even major AI services can stumble. Multilingual Healthcare Push: India’s Ministry of Ayush signed an MoU with BHASHINI to expand AI-powered translation/transcription across Ayush digital services in all 22 scheduled languages. Banking Cyber Focus: India is exploring a central tech hub (likely via NABARD) to help Regional Rural Banks share digital tools, analytics, and stronger cybersecurity. Canvas Ransom Fallout: Hong Kong’s privacy watchdog criticized the Canvas owner’s ransom handling and questioned whether paying guarantees full data recovery. AI Market Shock: New reporting says AI has erased $186B (45%) from India’s IT market value in under two years. Password Risk: A Kaspersky study flags that 68% of leaked passwords can be cracked within a day, with heavy digit/symbol patterns.

DOJ Data Demands: The U.S. Department of Justice is pushing subpoenas for at least 100,000 identities tied to a car “tinkering” app, seeking user addresses and purchase histories as part of its Clean Air Act case against EZ Lynk. UK Competition Probe: The CMA has opened a strategic market status investigation into Microsoft’s business software ecosystem, focusing on bundling, interoperability limits, and whether defaults block switching to rivals. Cyber Supply-Chain Shock: OpenAI says employee devices were hit after an earlier TanStack open-source compromise, where attackers published dozens of malicious versions designed to steal credentials and spread. Ransomware Reality Check: A survey finds nearly half of CISOs would consider paying ransomware to restore operations faster, despite repeated law-enforcement warnings. Auto Repair Fight: A commentary renews pressure for “right to repair” as automakers restrict access to vehicle diagnostic data and tools. Local Tech Tension (Ireland): A west Cork couple has appealed Amazon’s proposed transatlantic cable landing-station, arguing it harms their land’s future potential.

Workplace Protest: Meta workers are circulating flyers and pushing back on “mouse tracker” software, framing it as helping build their own replacements ahead of planned layoffs. Cybersecurity Funding: Georgia announced nearly $9.9M in state and local cybersecurity grants for 44 entities, with extra focus on K-12. Mobile Safety & Control: Samsung’s One UI 9 beta appears to add “network management for concentration,” potentially blocking distracting app categories at the Wi‑Fi level with PIN and scheduled controls. Education Tech Risk: Canvas services are back after a major breach, with Instructure saying it reached an agreement with the hacking group behind the incident. AI Security Push: Exaforce raised $125M to expand its AI-powered security operations platform, aiming to speed detection and response with agentic tools. Regulation & Access: India’s cyber crackdown ordered Google to remove six predatory loan apps from the Play Store within 36 hours.

App-Store Crackdown: India’s Delhi High Court ordered Google and Apple to curb obscene pornographic apps and content, stressing platforms must act with “due diligence” even during uploads. iPhone Update Push: Apple’s iOS 26.5 rollout is paired with a reminder to upgrade—older iOS 18 users are being nudged as security fixes land on newer cycles. Supply-Chain Shock: A new open-source variant of the “Shai-Hulud” worm is spreading through npm and PyPI packages, raising the stakes for package intake controls. OT Security Debate: Canadian critical-infrastructure leaders warn OT defenses may be getting too complex to work, calling for fundamentals over sophistication. Cyber Insurance Reality: A survey finds risk leaders worried about litigation, AI regulation, and cyber threats—yet many aren’t ready for what’s coming. New Market Move: Orange Cyberdefense expands into Spain with Madrid/Barcelona operations and a dedicated CyberSOC. Mobility Safety: Waymo recalls nearly 3,800 robotaxis after a software issue could let vehicles drive into standing water.

AI in Attacks: Google says AI is now actively helping criminals find and exploit software flaws, including a recent zero-day it stopped after spotting unusual activity. Android Push: Google unveiled Gemini Intelligence for Android with multi-step automation, plus Gemini 3.1 in Chrome and “Pause Point” in Android 17 to curb endless scrolling. Cybersecurity Race: The Pentagon is deploying Anthropic’s Mythos for faster vulnerability detection and patching, even as it plans to move away from Anthropic products. Health Data Governance: HHS’ ONC says TEFCA can make health data sharing faster and safer, while it explores more oversight to prevent fraudulent exchanges. Enterprise Delivery Leap: SHIFT ASIA launched an AI-driven development and testing service claiming up to 90% faster software delivery. Fintech Expansion: Pine Labs partners with GCash for Business in the Philippines to boost merchant payments and loyalty features. Scam Warning: ESET reports QR code scams are now about 1 in 10 threats in New Zealand, rising fast since March.

AI Cybersecurity Race: OpenAI launched “Daybreak,” pitching a Codex-centered approach to find vulnerabilities and validate patches, as the broader AI-vs-AI security arms race keeps heating up. Platform Compliance: The FTC chairman urged major tech firms to follow the Take It Down Act, with a 48-hour removal expectation for non-consensual intimate imagery requests. Android Push: Google rolled out Android 17 upgrades focused on scam blocking and tighter privacy controls (like temporary location access), while teasing “Gemini Intelligence” and new Android-first laptop plans (“Googlebooks”). Enterprise AI Tools: Anthropic expanded Claude into legal software with integrations for tools like Box and Microsoft 365, adding more connectors for law-firm workflows. Sports Betting Payments: Several states are moving to ban credit cards as betting deposits, with Ohio and Colorado leading the charge. Local Tech Growth: Dr. RVR NRIU in India gained deemed-to-be university status and expanded programs including AI, data science, and cyber security.

AI Cybercrime Escalation: Google says North Korea and China are using AI to hunt for unknown software flaws and even build zero-day exploits—one attempt was blocked before a mass exploitation push, but the trend is clearly accelerating. OpenAI Security Push: OpenAI launched Daybreak with Cloudflare, Oracle and Cisco to speed cyber defense, and also offered EU open access to its cybersecurity tools while Anthropic remains silent. RegTech Spend: A new report finds nearly two-thirds of financial institutions plan to increase RegTech spending in 2026, signaling compliance automation is moving from “nice to have” to budget priority. India IT Caution: Indian IT firms are bracing for “AI-deflation” and muted FY27 growth even as AI revenues rise; meanwhile, IT stocks slid on global risk-off fears. Malaysia Child Safety: Malaysia is weighing restrictions on DMs and profile search for users under 16 as part of an age-verification push after Ops Cyber Guardian uncovered massive CSAM files. Enterprise Automation: Exterro unveiled an agentic AI Subpoena Manager aimed at cutting subpoena intake/routing from 90 minutes to as little as five.

AI Cybersecurity Shockwave: The IMF is warning regulators to treat AI models like Anthropic’s Mythos as a systemic financial risk, not just a firm-level problem—because shared cloud and software could let one breach ripple across banks. Model Access Talks: The European Commission says it’s in discussions with OpenAI and Anthropic about access to new AI models, with OpenAI offering access to GPT-5.5-Cyber while Anthropic’s Mythos talks are still early. Website Attacks Jump: A new report claims AI-driven website attacks surged 12x over 12 months, with SMBs facing faster flaw-to-attack timelines. Consumer Tech Costs Rise: Nintendo’s Switch 2 price hike and other electronics increases are being blamed on strained memory chip supply tied to AI data-center demand. Auto Trade Pressure: US lawmakers are urging Trump not to open the US auto market to China ahead of a Xi meeting. EV Charging Expansion: Vontier’s Driivz will scale Duracell E-Charge’s ultra-fast network across the UK. Apple Security Update: iOS/macOS 26.5 adds encrypted RCS messaging (beta) plus other fixes.

In the last 12 hours, coverage leaned heavily toward practical cybersecurity and AI governance developments, alongside a steady stream of enterprise/tech product announcements. The most concrete security incident reported was a claim by the cybercrime group ShinyHunters that it breached Instructure (Canvas), allegedly affecting 306,000 Penn users, with the group threatening to leak data unless contacted. In parallel, multiple items focused on policy and risk: the EU/UK-related reporting includes a “pivotal” agreement to ban AI systems that create child sexual abuse material and non-consensual intimate images under the EU AI Act, while other pieces discussed leadership and preparedness themes such as CISA’s search for a new leader and initiatives to bolster critical infrastructure resilience (though the latter is less detailed in the provided text).

On the enterprise and product side, the last 12 hours also brought several “build/launch” announcements that suggest ongoing commercialization of AI and security tooling. TrustFoundry launched a public API for legal search, reasoning, and citation verification, positioning it as a way to reduce hallucinated citations by grounding outputs in continuously updated U.S. legal sources. Kiteworks/ownCloud announced an Open Source Program Office (OSPO) under the ownCloud brand, including relicensing projects to Apache 2.0, publishing governance, and releasing migration tooling to its cloud-native platform. Other operational updates included Adaptive Information Systems expanding backup and disaster recovery services for Monterey Bay small businesses, and Pinnacle Financial Partners naming Douglas Hromco as chief security officer to lead cybersecurity and fraud prevention strategies.

Beyond security and enterprise tooling, the last 12 hours included notable “infrastructure and compute” narratives and broader tech ecosystem signals. Coverage included discussion of “chipflation” and supply constraints in the semiconductor supply chain (with Apple potentially seeking new chip sources), plus a data-center policy debate framed around slowing new construction. There were also multiple AI/agent and platform-adjacent items (e.g., Threads rolling out desktop DMs ahead of a web redesign), indicating continued momentum in how consumer platforms and enterprise workflows are being reshaped by AI-enabled interfaces.

Looking slightly older for continuity, the broader week’s material reinforces that AI governance, cybersecurity readiness, and AI-enabled software delivery are recurring themes rather than isolated stories. Earlier items referenced CISA initiatives aimed at critical infrastructure operating during cyberattacks, broader concerns about cybersecurity skills gaps and public-sector risk, and ongoing attention to AI’s role in both defense and compliance. However, the most recent evidence is where the strongest “event-like” signals appear—especially the Canvas breach claim and the EU AI Act ban expansion—while many other headlines in the last 12 hours read more like routine launches, awards, or explanatory pieces rather than major single developments.

In the last 12 hours, coverage leaned heavily toward AI and cybersecurity developments, alongside a few local-government and business updates. On the security side, multiple items highlighted governance and risk as AI adoption accelerates: the World Economic Forum (with KPMG) reported that organizations using AI in cybersecurity reduce breach containment time by about 80 days and cut average breach costs by about $1.9 million, while also warning that AI introduces governance risks not covered by existing controls. Separately, SAP announced it will acquire Dremio to address “data fragmentation” that SAP says blocks enterprise AI initiatives—framing the issue as data readiness rather than model quality. Another notable technical security item: vm2 Node.js library vulnerabilities were disclosed that could allow sandbox escape and arbitrary code execution, with several CVEs listed as critical (CVSS 9.8).

AI product and platform announcements also dominated the same window. Several releases focused on making AI more usable or verifiable in real-world workflows: MyCommunityToday launched an AI-driven “Deals” feature powered by Deal Chief; Shane Vithana introduced AskSLIP, a “state-aware” AI platform designed to translate unstructured “memory dumps” into actionable outcomes; and PayAi-X FZE launched CatyAI V3.0, positioning it as cryptographically verifiable AI data infrastructure using Ed25519 signatures and a JWKS endpoint. There were also reports about AI being deployed in unexpected ways—specifically, Google Chrome installing a 4GB Gemini Nano model on devices without clear user notification, alongside related commentary about how on-device AI works and how it can be removed.

Beyond AI/cyber, the most “event-like” items in the last 12 hours were policy and infrastructure signals rather than purely technical news. The EU’s proposed Cybersecurity Act revision (CSA2) was reported as potentially forcing Chinese supplier replacements across 18 critical sectors, with an estimate of EUR367.8 billion in losses over five years—an economic-impact framing that ties cybersecurity regulation to supply-chain disruption. In parallel, there were localized governance/business updates such as voters approving a CTE millage for EUP ISD, and a data-center plan in Marion County being defended as “too early” to protest.

Looking across the broader 7-day range, the continuity is clear: cybersecurity governance and AI adoption are recurring themes, with additional context on how organizations are preparing (or struggling) to manage AI-driven risk. Earlier coverage included New Zealand organizations embedding AI into cybersecurity and IT operations but lacking governance/visibility/resilience, and multiple items warning about password weaknesses and the need for updated security approaches. There were also repeated signals that AI is moving from experimentation into operational deployment—paired with concerns about traceability, data readiness, and the security implications of agentic or on-device AI. However, the evidence provided is sparse on any single “major” singular event beyond the cluster of AI/cyber announcements and the EU CSA2 economic-impact report.