As technology evolves, cybersecurity has become a common challenge transcending national borders. Against a backdrop of frequent cybersecurity incidents, the cybersecurity ecosystem is undergoing a profound structural transformation. While nations are actively responding, divergent regulatory approaches and imbalances in regulatory capacity mean that the construction of a global cybersecurity governance system urgently requires international cooperation.
AI is intensifying new types of cybersecurity risks. Recently, a transnational regulatory dispute triggered by an artificial intelligence (AI) application escalated abruptly. "Grok," an AI chatbot integrated into the social media platform X, owned by US entrepreneur Elon Musk, faced criticism and even legal action from multiple governments after being misused to generate pornographic content and create fake, sexually explicit content depicting real individuals. Spokespersons from the European Commission and the UK's Information Commissioner's Office (ICO) have voiced serious concerns and are evaluating next steps. Malaysia and Indonesia have temporarily blocked Grok. In the United States, Grok is also under regulatory pressure, with the California Department of Justice investigating Musk's AI firm xAI. Following the international backlash, platform X announced measures to prevent Grok from generating pornographic images. This incident is just one example of the novel cyber risks introduced by AI technology.
The advancement of AI technology and the expansion of its applications are exacerbating various new security risks. AI can be used to enhance phishing attacks and social engineering attacks, lowering the barrier to entry and enabling individuals without deep technical expertise to launch sophisticated assaults. Concurrently, new threats like AI-driven deepfakes and algorithm abuse are occurring frequently, posing significant security challenges. Deloitte predicts that by 2027, losses in the US due to generative AI-enabled fraud will grow to $40 billion, with a compound annual growth rate of 32%. Furthermore, model bias, opacity, and potential "hallucination" risks present severe challenges to compliance management.
Simultaneously, AI exhibits a dual-edged effect in the cybersecurity domain. On one hand, it is accelerating cybersecurity risks at an unprecedented pace, with data breaches and evolving cyberattack capabilities becoming the two most pressing concerns for the industry. Some nations, seeking to enhance competitiveness by relaxing AI regulations, are further amplifying these security risks. On the other hand, AI is also contributing to shaping the cybersecurity landscape, creating a "two-way race" between security defenses and the evolution of attacks.
Cybersecurity threats are constantly changing. Beyond the new risks posed by AI, technologies like quantum computing are intensifying the "battlefield" in cyberspace. Globally, cybersecurity threats manifest in various forms across different arenas. Cyberattacks have evolved from simple viruses and trojans to Advanced Persistent Threats (APTs) and ransomware, with methods continuously upgrading, becoming more complex and professional. Critical infrastructure sectors such as aviation, healthcare, energy, and transportation have become primary targets for cyberattacks, while cross-border data flows introduce additional security vulnerabilities. Economic incentives are a clear driver, posing major threats to global cybersecurity, with the cybercrime economy reaching a massive scale. At the same time, there is an imbalance in global cybersecurity capabilities, and cybersecurity governance lags behind.
A report released by the World Economic Forum on January 12, 2026, pointed out that cyber fraud has evolved into one of the most disruptive forces in the digital economy, becoming a widespread global threat. As fraudulent activities spread across regions and industries, their impact on society and the economy is intensifying, requiring collaborative efforts from all sectors to address. Digital ad fraud has become a significant "ailing patient" in the global internet economy. Public reports indicate that global search engine platform Google blocks hundreds of millions of non-compliant ads annually. Previously disclosed internal documents from Meta revealed that the social media giant generated approximately $16 billion in revenue in 2024 from scam activities and ads for prohibited goods, accounting for roughly 10% of its annual total revenue. These high-risk ads were shown to users an average of 15 billion times per day, covering areas like fraudulent e-commerce, investment scams, illegal online casinos, and prohibited medical products. More worryingly, this regulatory gap has persisted for years.
Reports also indicate that global cyber-enabled financial crime is accelerating. Estimates suggest over $2 trillion is laundered annually, and more than $1 trillion is stolen through fraud. The geopolitical landscape is also reshaping the global cybersecurity threat map. Notably, hacker groups associated with US intelligence agencies have been accused of carrying out systematic cyberattacks against other nations' critical information infrastructure, research institutions, and defense contractors, posing a serious threat to global cybersecurity. Furthermore, increasingly interconnected yet opaque global supply chains are introducing systemic cybersecurity vulnerabilities.
Nations are actively deploying defensive measures. The World Economic Forum report suggests that in an era of frequent cybersecurity incidents, the cybersecurity ecosystem is undergoing a profound structural shift, and cyber resilience is no longer just a technical function but a strategic imperative underpinning economic stability, national resilience, and societal trust. In recent years, major countries and regions have continuously improved their cybersecurity governance systems around technical standards, legal frameworks, and international cooperation.
Globally, the 2025 UN Cybercrime Convention represents the first globally binding international treaty against cybercrime, forming a new framework for global cybersecurity governance. In Europe, which sees numerous cybersecurity risk cases, the European Council adopted the Cyber Solidarity Act and amendments to the Cybersecurity Act in December 2025 as part of an EU cybersecurity legislative package, aiming to significantly strengthen the EU's capacity to withstand cyber threats and foster cooperative solidarity.
Amid the impact of US digital giants' expansion, disputes over digital sovereignty between Europe and the US have become increasingly prominent. The EU is accelerating the implementation of relevant regulations and frequently taking enforcement actions against US tech firms. For instance, in April 2025, the EU found Apple and Meta Platforms in violation of the Digital Markets Act, fining them €500 million and €200 million respectively. In September 2025, the EU fined Google €2.95 billion for violations in the advertising sector and demanded a remediation plan. The European Commission has also taken measures addressing risks related to online financial fraud associated with major tech companies like Apple, Google, Microsoft, and Booking.com.
In the digital technology sphere, due to laws like the US CLOUD Act, which creates the possibility for the US government to access data of European citizens, companies, and governments, the Dutch House of Representatives passed motions urging the government to reduce reliance on US cloud services and increase investment in Dutch and European alternatives. In response to attempts by hackers to breach companies like Harrods and Marks & Spencer, the UK's National Cyber Security Centre collaborated with affected retailers. European countries are also leveraging the EU's General Data Protection Regulation (GDPR) to enhance security for cross-border transfers of critical data, with relevant penalties already issued.
Additionally, Russia is drafting relevant legislation to combat online fraud and regulate platforms and gig economy workers. The UAE is striving to strengthen economic security through continuous investment in advanced cybersecurity capabilities and cross-border law enforcement cooperation. Despite these efforts, significant disparities in national cyber resilience persist. Skill shortages and resource constraints further amplify systemic risks. Regionally, Latin America and the Caribbean face the most pronounced cybersecurity talent shortage. The cyber resilience of small and medium-sized organizations is markedly weaker than that of large enterprises, and the capability gap between regions and industries continues to widen.
Officials from the World Economic Forum stated that building truly effective cyber resilience requires governments, businesses, and technology providers to adopt a long-term perspective, coordinate actions, and jointly safeguard trust and stability in cyberspace.
Comments