Pro

2025-09-01 11:24:27

Australia’s government trial of age‑assurance tech to keep under‑16s off social media says social media age checks can be done, despite errors and privacy risks

Main Report.

::: spoiler 12 Key Findings
1. Age assurance can be done in Australia privately, efficiently and effectively: Age assurance can be done in Australia – our analysis of age assurance systems in the context of Australia demonstrates how they can be private, robust and effective. There is a plethora of choice available for providers of age-restricted goods, content, services, venues or spaces to select the most appropriate systems for their use case with reference to emerging international standards for age assurance.
2. No substantial technological limitations preventing its implementation to meet policy goals: Our evaluation did not reveal any substantial technological limitations that would prevent age assurance systems being used in response to age-related eligibility requirements established by policy makers. We identified careful, critical thinking by providers on the development and deployment of age assurance systems, considering efficacy, privacy, data and security concerns. Some systems were easier for initial implementation and use than others, but the systems of all technology providers with a technology readiness level (TRL) 7 or above were eventually capable of integration to a user journey.
3. Provider claims have been independently validated
against the project’s evaluation criteria: We found that the practice statements provided by age assurance providers with a TRL of 7 or above fairly reflected the technological capabilities of their products, processes or services (to the extent applicable to the Trial’s evaluation criteria). Some of the practice statements provided have needed to be clarified or developed during the course of the Trial, but we observed that they offer a useful option for transparency of the capabilities of the available age assurance systems. Those with a TRL below 7 will need further analysis when their systems mature.
4. A wide range of approaches exist, but there is no one-size-fits-all solution for all contexts: We found a plethora of approaches that fit different use cases in different ways, but we did not find a single ubiquitous solution that would suit all use cases, nor did we find solutions that were guaranteed to be effective in all deployments. The range of possibilities across the Trial participants demonstrate a rich and rapidly evolving range of services which can be tailored and effective depending on each specified context of use.
5. We found a dynamic, innovative and evolving age assurance service sector: We found a vibrant, creative and innovative age assurance service sector with both technologically advanced and deployed solutions and a pipeline of new technologies transitioning from research to minimum viable product to testing and deployment stages indicating an evolving choice and future opportunities for developers. We found private-sector investment and opportunities for growth within the age assurance services sector.
6. We found robust, appropriate and secure data handling practices: We found robust understanding of and internal policy decisions regarding the handling of personal information by Trial participants. The privacy policies and practice statements collated for the Trial demonstrate a strong commitment to privacy by design principles, with consideration of what data was to be collected, stored, shared and then disposed of. Separating age assurance services from those of relying parties was useful as Trial participants providing age assurance services more clearly only used data for the necessary and consented purpose of providing an age assurance result.
7. Systems performed broadly consistently across demographic groups, including Indigenous populations: The systems under test performed broadly consistently across demographic groups assessed and despite an acknowledged deficit in training age analysis systems with data about Indigenous populations, we found no substantial difference in the outcomes for First Nations and Torres Strait Islander Peoples and other multi-cultural communities using the age assurance systems. We found some systems performed better than others, but overall variances across race did not deviate by more than recognised tolerances.
8. There is scope to enhance usability, risk management and system interoperability: We found opportunities for technological improvement including improving ease of use for the average person and enhancing the management of risk in age assurance systems. This could include through one-way blind access to verification of government documents, enabling connection to data holder services (like digital wallets) or improving the handling of a child’s digital footprint as examples.
9. Parental control tools can be effective but may constrain children’s digital participation and evolving autonomy: The Trial found that both parental control and consent systems can be done and can be effective, but they serve different purposes. Parental control systems are pre-configured and ongoing but may fail to adapt to the evolving capacities of children including potential risks to their digital privacy as they grow and mature, particularly through adolescence. Parental consent mechanisms prompt active engagement between children and their parents at key decision points, potentially supporting informed access.
10. Systems generally align with cybersecurity best practice, but vigilance is required: We found that the systems were generally secure and consistent with information security standards, with developers actively addressing known attack vectors including AI-generated spoofing and forgeries. However, the rapidly evolving threat environment means that these systems – while presently fairly robust – cannot be considered infallible. Ongoing monitoring and improvement will help maintain their effectiveness over time. Similarly, continued attention to privacy compliance will support long-term trust and accountability.
11. Unnecessary data retention may occur in apparent anticipation of future regulatory needs: We found some concerning evidence that in the absence of specific guidance, service providers were apparently over-anticipating the eventual needs of regulators about providing personal information for future investigations. Some providers were found to be building tools to enable regulators, law enforcement or Coroners to retrace the actions taken by individuals to verify their age which could lead to increased risk of privacy breaches due to unnecessary and disproportionate collection and retention of data.
12. Providers are aligning to emerging international standards around age assurance: The standards-based approach adopted by the Trial, including through the ISO/IEC 27566 Series [Note 1], the IEEE 2089.1 [Note 2] and the ISO/IEC 25000 [Note 3] series (the Product Quality Model) all provide a strong basis for the development of accreditation of conformity assessment and subsequent certification of individual age assurance providers in accordance with Australia’s standards and conformance infrastructure.
:::

Part A - Main Report - Age Assurance Technology Trial

This document presents the official report of the Age Assurance Technology Trial, offering a comprehensive overview of its findings, methodologies and key observations.

^{Age Assurance Technology Trial}

Pro

2025-09-01 14:17:41

China’s chip startups are racing to replace Nvidia

China chip startups race to replace Nvidia amid U.S. export bans - Rest of World

Chinese semiconductor startups like Cambricon, Moore Threads, and Biren are racing to rival Nvidia as U.S. export controls reshape the AI chip market.

^{Viola Zhou (Rest of World)}

Pro

2025-09-01 12:30:51

DDoS Dominate the Digital Battlefield: AI integration, persistent hacktivist campaigns, and nation-state actors weaponize DDoS attacks, creating unprecedented risks for organizations globally

::: spoiler Key Findings
1. Geopolitical Events Trigger Unprecedented DDoS Campaigns
Expand: Major political events drove increased DDoS activity, evidenced by attack count spikes that coincide with these occurrences. These events saw hacktivist groups launching up to double the normal number of attacks in short timeframes.
2. Botnet-Driven Attacks Dominate with Increased Sophistication
Expand: Botnet-driven attacks are getting longer, more frequent, and are employing multiple attack vectors to avoid mitigation. They are targeting known vulnerabilities in IoT devices, servers, routers, and more.
3. NoName057(16) Maintains Dominance Among Familiar Threat Actors: Well-known hacktivist and attack groups, such as NoName057(16), are launching more attacks across the globe while leveraging several attack vectors.
4. New Threat Actors Emerge with DDoS-as-a-Service Capabilities: Emerging attack groups like DieNet and Keymous+ are leveraging DDoS-for-hire infrastructure to launch DDoS-as-a-service campaigns, lowering the barrier to entry and expanding the threat landscape.
5. Global DDOS Attack Volume High with Regional Variations: With more than 8 million recorded attacks globally in the first half of 2025, DDoS attack volume remains massive. The attacks also show sustained intensity, reaching speeds of 3.12 Tbps and 1.5 Gpps.
:::

DDoS attacks are no longer just a nuisance, they’re a weapon of geopolitical influence. In the first half of 2025 alone, more than 8 million attacks were recorded globally, with threat actors leveraging AI, botnets, and DDoS-for-hire services to launch increasingly sophisticated and sustained campaigns.

::: spoiler Report Highlights
- DDoS-Capable
Botnets;
- Country
Analysis;
- DDoS Attack
Vectors;
- Global
Highlights;
- Industry
Analysis.
:::

NETSCOUT DDoS Threat Intelligence Report - Latest Cyber Threat Intelligence Report

NETSCOUT’s latest DDoS Cyber Threat Intelligence Report showcases the latest trends in cyber attacks. Learn more from our latest cyber threat intelligence report.

^Netscout