iOS Lockdown Mode Feature: The Cyber Bouncer for Your iPhone!

Introduction

‍

Artificial Intelligence (AI) is fast transforming our future in the digital world, transforming healthcare, finance, education, and cybersecurity. But alongside this technology, bad actors are also weaponising it. More and more, state-sponsored cyber actors are misusing AI tools such as ChatGPT and other generative models to automate disinformation, enable cyberattacks, and speed up social engineering operations. This write-up explores why and how AI, in the form of large language models (LLMs), is being exploited in cyber operations associated with adversarial states, and the necessity for international vigilance, regulation, and AI safety guidelines.

‍

The Shift: AI as a Cyber Weapon

‍

State-sponsored threat actors are misusing tools such as ChatGPT to turbocharge their cyber arsenal.

• Phishing Campaigns using AI- Generative AI allows for highly convincing and grammatically correct phishing emails. Unlike the shoddily written scams of yesteryears, these AI-based messages are tailored according to the victim's location, language, and professional background, increasing the attack success rate considerably. Example: It has recently been reported by OpenAI and Microsoft that Russian and North Korean APTs have employed LLMs to create customised phishing baits and malware obfuscation notes.
  
  
• Malware Obfuscation and Script Generation- Big Language Models (LLMs) such as ChatGPT may be used by cyber attackers to help write, debug, and camouflage malicious scripts. While the majority of AI instruments contain safety mechanisms to guard against abuse, threat actors often exploit "jailbreaking" to evade these protections. Once such constraints are lifted, the model can be utilised to develop polymorphic malware that alters its code composition to avoid detection. It can also be used to obfuscate PowerShell or Python scripts to render them difficult for conventional antivirus software to identify. Also, LLMs have been employed to propose techniques for backdoor installation, additional facilitating stealthy access to hijacked systems.
  
  
• Disinformation and Narrative Manipulation
  State-sponsored cyber actors are increasingly employing AI to scale up and automate disinformation operations, especially on election, protest, and geopolitical dispute days. With LLMs' assistance, these actors can create massive amounts of ersatz news stories, deepfake interview transcripts, imitation social media posts, and bogus public remarks on online forums and petitions. The localisation of content makes this strategy especially perilous, as messages are written with cultural and linguistic specificity, making them credible and more difficult to detect. The ultimate aim is to seed societal unrest, manipulate public sentiments, and erode faith in democratic institutions.

‍

Disrupting Malicious Uses of AI – OpenAI Report (June 2025) 

‍

OpenAI released a comprehensive threat intelligence report called "Disrupting Malicious Uses of AI" and the “Staying ahead of threat actors in the age of AI”, which outlined how state-affiliated actors had been testing and misusing its language models for malicious intent. The report named few advanced persistent threat (APT) groups, each attributed to particular nation-states. OpenAI highlighted that the threat actors used the models mostly for enhancing linguistic quality, generating social engineering content, and expanding operations. Significantly, the report mentioned that the tools were not utilized to produce malware, but rather to support preparatory and communicative phases of larger cyber operations.

‍

AI Jailbreaking: Dodging Safety Measures

‍

One of the largest worries is how malicious users can "jailbreak" AI models, misleading them into generating banned content using adversarial input. Some methods employed are:

• Roleplay: Simulating the AI being a professional criminal advisor
• Obfuscation: Concealing requests with code or jargon
• Language Switching: Proposing sensitive inquiries in less frequently moderated languages
• Prompt Injection: Lacing dangerous requests within innocent-appearing questions

These methods have enabled attackers to bypass moderation tools, transforming otherwise moral tools into cybercrime instruments.

‍

Conclusion

‍

As AI generations evolve and become more accessible, its application by state-sponsored cyber actors is unprecedentedly threatening global cybersecurity. The distinction between nation-state intelligence collection and cybercrime is eroding, with AI serving as a multiplier of adversarial campaigns. AI tools such as ChatGPT, which were created for benevolent purposes, can be targeted to multiply phishing, propaganda, and social engineering attacks. The cross-border governance, ethical development practices, and cyber hygiene practices need to be encouraged.  AI needs to be shaped not only by innovation but by responsibility.

‍

References

• https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
• https://www.bankinfosecurity.com/openais-chatgpt-hit-nation-state-hackers-a-28640
• https://oecd.ai/en/incidents/2025-06-13-b5e9
• https://www.microsoft.com/en-us/security/security-insider/meet-the-experts/emerging-AI-tactics-in-use-by-threat-actors
• https://www.wired.com/story/youre-not-ready-for-ai-hacker-agents/
• https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf
• https://cdn.openai.com/threat-intelligence-reports/5f73af09-a3a3-4a55-992e-069237681620/disrupting-malicious-uses-of-ai-june-2025.pdf

‍

Starting on 16th February 2025, Google changed its advertisement platform program policy. It will permit advertisers to employ device fingerprinting techniques for user tracking. Organizations that use their advertising services are now permitted to use fingerprinting techniques for tracking their users' data. Originally announced on 18th December 2024, this rule change has sparked yet another debate regarding privacy and profits.

The Issue

Fingerprinting is a technique that allows for the collection of information about a user’s device and browser details, ultimately enabling the creation of a profile of the user. Not only used for or limited to targeting advertisements, data procured in such a manner can be used by private entities and even government organizations to identify individuals who access their services. If information on customization options, such as language settings and a user’s screen size, is collected, it becomes easier to identify an individual when combined with data points like browser type, time zone, battery status, and even IP address.

What makes this technique contentious at the moment is the lack of awareness regarding the information being collected from the user and the inability to opt out once permissions are granted.

This is unlike Google’s standard system of data collection through permission requests, such as accepting website cookies—small text files sent to the browser when a user visits a particular website. While contextual and first-party cookies limit data collection to enhance user experience, third-party cookies enable the display of irrelevant advertisements while users browse different platforms. Due to this functionality, companies can engage in targeted advertising.

This issue has been addressed in laws like the General Data Protection Regulation (GDPR) of the European Union (EU) and the Digital Personal Data Protection (DPDP) Act, 2023 (India), which mandate strict rules and regulations regarding advertising, data collection, and consent, among other things. One of the major requirements in both laws is obtaining clear, unambiguous consent. This also includes the option to opt out of previously granted permissions for cookies.

However, in the case of fingerprinting, the mechanism of data collection relies on signals that users cannot easily erase. While clearing all data from the browser or refusing cookies might seem like appropriate steps to take, they do not prevent tracking through fingerprinting, as users can still be identified using system details that a website has already collected. This applies to all IoT products as well. People usually do not frequently change the devices they use, and once a system is identified, there are no available options to stop tracking, as fingerprinting relies on device characteristics rather than data-collecting text files that could otherwise be blocked.

Google’s Changing Stance

According to Statista, Google’s revenue is largely made up of the advertisement services it provides (amounting to 264.59 billion U.S. dollars in 2024). Any change in its advertisement program policies draws significant attention due to its economic impact.

In 2019, Google claimed in a blog post that fingerprinting was a technique that “subverts user choice and is wrong.” It is in this context that the recent policy shift comes as a surprise. In response, the ICO (Information Commissioner’s Office), the UK’s data privacy watchdog, has stated that this change is irresponsible. Google, however, is eager to have further discussions with the ICO regarding the policy change.

Conclusion

The debate regarding privacy in targeted advertising has been ongoing for quite some time. Concerns about digital data collection and storage have led to new and evolving laws that mandate strict fines for non-compliance.

Google’s shift in policy raises pressing concerns about user privacy and transparency. Fingerprinting, unlike cookies, offers no opt-out mechanism, leaving users vulnerable to continuous tracking without consent. This move contradicts Google’s previous stance and challenges global regulations like the GDPR and DPDP Act, which emphasize clear user consent.

With regulators like the ICO expressing disapproval, the debate between corporate profits and individual privacy intensifies. As digital footprints become harder to erase, users, lawmakers, and watchdogs must scrutinize such changes to ensure that innovation does not come at the cost of fundamental privacy rights

References

• https://www.techradar.com/pro/security/profit-over-privacy-google-gives-advertisers-more-personal-info-in-major-fingerprinting-u-turn
• https://www.ccn.com/news/technology/googles-new-fingerprinting-policy-sparks-privacy-backlash-as-ads-become-harder-to-avoid/
• https://www.emarketer.com/content/google-pivot-digital-fingerprinting-enable-better-cross-device-measurement
• https://www.lewissilkin.com/insights/2025/01/16/google-adopts-new-stance-on-device-fingerprinting-102ju7b
• https://www.lewissilkin.com/insights/2025/01/16/ico-consults-on-storage-and-access-cookies-guidance-102ju62
• https://www.bbc.com/news/articles/cm21g0052dno 
• https://www.techradar.com/features/browser-fingerprinting-explained
• https://fingerprint.com/blog/canvas-fingerprinting/
• https://www.statista.com/statistics/266206/googles-annual-global-revenue/#:~:text=In%20the%20most%20recently%20reported,billion%20U.S.%20dollars%20in%202024

‍

Introduction

Online Gaming has gained popularity over the past few years, attracting young players worldwide and global concerns. In response to the growing fame of this industry, the Indian government has recently announced introducing a set of regulations to address various concerns and ensure a safer and more regulated online gaming environment. In this blog post, we will explore the critical aspects of these regulations and their impact on the gaming industry.

Why are Regulations needed?

Recently some games faced a ban in India – games that involve betting, games that can be harmful to the user, and games that involve a factor of addiction. Furthermore, with rising popularity, With the exponential rise of online gaming platforms in India, extensive laws to safeguard players and ensure fair gameplay needs to be implemented. Players’ protection is one of the critical factors addressing the issues which involve online addiction, underage involvement, fraud, and data privacy has become critical for the well-being of Indian gamers.

Regulatory Ambiguity: The previous legislative structure, such as the outmoded Public Gambling Act of 1867, required an update to fit the digital gambling age fully.

Outline of the New Regulations

Implementing new regulations for online gaming in India represents the government’s commitment to addressing different issues and ensuring a safer and more regulated gaming sector. Let’s have a look at these rules in detail:

National-Level Standards: The Indian government is currently working on creating national-level standards to standardise online gaming practices across all states. These rules attempt to create a uniform platform for both operators and participants. The government has also made an announcement to set SRO within 90 days to regulate online gaming.

Licencing and Compliance: To legally operate in the Indian market, online gaming firms must secure licences. The operator’s financial soundness, security measures, and adherence to responsible gaming practices will be scrutinised throughout the licencing process. Operators will need to comply with the regulations in order to maintain operations.

Measures to Promote Ethical Gaming: The new regulations emphasise player protection and ethical gaming practices. This includes steps like age verification to prevent underage involvement, self-exclusion choices for gamers who want to limit their gaming activities, and adopting tools like session limits and reality checks to promote responsible gaming.

Data Privacy: Recognising the importance of data privacy, the laws are intended to contain protections for protecting user data. To safeguard sensitive player information from unauthorised access or exploitation, online gambling operators must comply with data protection regulations and deploy strong security measures.

Restrictions on Advertising and Marketing: The legislation may limit the advertising and marketing of online gaming platforms. The emphasis will be on eliminating aggressive marketing tactics that target vulnerable people, such as kids. Stricter standards for ad content and placement may be implemented.

Anti-Fraud and Anti-Money Laundering Measures: To combat criminal activity within the gaming ecosystem, the new legislation will almost certainly force online gambling companies to employ anti-fraud and anti-money laundering measures. Operators may need to set up mechanisms to detect fraud, report suspicious activity, and work with law enforcement.

Consumer Grievance Redressal: The legislation may emphasise the construction of efficient channels for resolving consumer complaints. Players should be able to report difficulties, seek resolution, and offer feedback on their play experiences through channels. The objective is to create a transparent and accountable conflict resolution mechanism.

Impact on Online Gaming Ecosystem

Adopting new laws for online gambling in India will likely have several consequences for the gaming industry. Let us look at some of these consequences:

Increased Player Trust: Implementing restrictions will increase player confidence in online gaming platforms. Establishing clear rules and procedures and steps to safeguard participants’ interests will develop a sense of trust and transparency. This can lead to increased participation and engagement in the gaming community.

Industry Consolidation: Stricter restrictions may result in industry consolidation. Compliance with the new legislation would need resources and investments, which might favour more prominent and more established gambling firms. Smaller and more non-compliant operators may find it challenging to fulfil regulatory standards, resulting in a more consolidated gaming sector.

Technological Progress: The requirement to comply with rules could lead to technological advancements in the online gambling sector. Operators may invest in modern identity verification systems, fraud detection methods, and responsible gaming solutions to satisfy their regulatory requirements. This can result in technological breakthroughs that improve gamers’ overall gaming experience.

Foreign Investment and Collaboration: Clear laws might entice overseas investors to enter the Indian gaming business. The regulated environment may appeal to international gambling enterprises looking to enter or extend their presence in India. Collaborations between Indian and foreign gaming firms may also expand, resulting in the sharing of experience, resources, and the production of high-quality gaming products.

Legal Clarity: Implementing particular laws would give online gambling operators and users clearer legal standards. This transparency can eliminate ambiguity and possible legal issues, allowing stakeholders to navigate the gaming ecosystem with better confidence and knowledge.

Contribution to the Indian Economy: A well-regulated online gaming business has the potential to contribute to the Indian economy. It has the potential to create jobs, attract investment, and produce tax money for the government. The economic effect of the gaming ecosystem is expected to increase as it grows under the new restrictions.

Challenges and Future Approach

One of the toughest challenges will be the efficient implementation and enforcement of the new regulations. Consistency in applying the legislation across multiple jurisdictions and guaranteeing compliance by all operators would necessitate comprehensive monitoring and regulatory measures. Developing suitable enforcement organisations and transparent standards for reporting and dealing with noncompliance will be critical. Besides this, online gaming is open to more than area-specific and many gaming platforms and operates internationally. Ensuring cross-border operations is a big challenge in addressing jurisdictional challenges will be complex. Collaborative efforts between nations can regulate cross-border online gaming. There may be increased collaboration between Indian and foreign gaming firms, resulting in the exchange of information, skills, and resources. This partnership can help the Indian gaming sector flourish while attracting foreign players and investments.

Esports Development: Esports have grown in popularity worldwide, and India is no exception. The Indian esports business has the potential to thrive with proper regulation and support, drawing both players and viewers. Esports-specific factors like player contracts, tournament integrity, and licencing requirements may be addressed in the regulations.

Conclusion

Despite obstacles, India’s new online gambling legislation can potentially establish a safer and more regulated gaming sector. the future depends on successful implementation, adjusting to a shifting landscape, finding the correct balance between regulation and innovation, and promoting ethical gaming practices. The Indian online gaming business can develop sustainably with the appropriate strategy, benefiting gamers and the broader economy.