AI Security Weekly Start of the Week – May 19, 2025

Summary HighlightsAI-Powered Cyberattacks Surge: 78% of CISOs report experiencing AI-driven threats.U.S. Proposes Chip Security Act: Bill targets AI chip smuggling to adversarial nations.Meta Faces GDPR Heat: Meta’s AI data training plans challenged by privacy watchdog.Japan Legalizes Preemptive Cyber Measures: New law enables active defense strategies.AI Surveillance Hits Public Transport: Pune to deploy AI-powered CCTV across bus fleets.

Author

Andres Guillen
May 19, 2025

AI-Powered Cyberattacks Surge

A new report finds that 78% of Chief Information Security Officers (CISOs) have encountered cyberattacks powered by generative AI. These include phishing campaigns, deepfakes, and automated exploit chains that are harder to detect and faster to deploy than traditional methods.

Editor’s Commentary: The widespread adoption of AI marks a turning point. Defensive cybersecurity must evolve beyond static rule sets. Enterprises need adaptive, AI-powered security operations and workforce training to stay ahead of rapidly escalating threat vectors.

U.S. Lawmakers Propose AI Chip Export Controls

U.S. legislators introduced the Chip Security Act, which mandates location tracking and export verification for AI chips, especially those destined for countries like China. The aim is to prevent sensitive AI compute resources from supporting adversarial intelligence or military operations.

Editor’s Commentary: The bill represents a broader policy trend: treating AI hardware as a national security asset. Compliance and transparency in supply chains will become a critical operational priority for companies developing or relying on AI chips.

Meta’s AI Data Plan Sparks GDPR Challenge

Meta plans to use data from EU users to train its large language models starting May 27. However, privacy advocacy group noyb filed a formal complaint, arguing that this violates GDPR by bypassing user consent under the guise of "legitimate interest."

Editor’s Commentary: This case could set a precedent for using personal data in AI model training under European law. Companies that want to scale LLMs in regulated markets will need airtight legal strategies and opt-in architectures—or risk reputational and financial fallout.

Japan Approves Active Cyber Defense Legislation

Japan passed the Active Cyberdefence Law, granting the government authority to proactively monitor, intercept, and neutralize foreign-origin cyber threats. The law signals a significant policy shift toward offensive cybersecurity strategy.

Editor’s Commentary: Japan’s move reflects a growing international shift away from purely reactive postures. For multinational CISOs, expect more regional divergence in cybersecurity legal frameworks, which will complicate cross-border risk management and compliance.

AI Surveillance Expands in Public Sector

Pune’s city bus network will begin rolling out AI-enabled CCTV systems across its fleet. The initiative enhances passenger safety, monitors driver behavior, and enables real-time incident response.

Editor’s Commentary: AI surveillance in public infrastructure is accelerating. However, these systems risk mission creep and public distrust without clear privacy standards and algorithmic transparency. Vendors and governments alike must adopt responsible AI principles.

Final Word

From government overhauls to enterprise policy pivots, AI’s role in offense and defense reshapes the cybersecurity landscape. This week’s developments show a world grappling with harnessing AI’s power while controlling its risks. The leaders who navigate this responsibly—balancing innovation, regulation, and resilience—will define the next era of security.

Stay informed. Subscribe to AI Security Weekly for curated insights about artificial intelligence and cybersecurity.

References