This weekly update reveals major developments in AI security and data privacy that affect businesses and people worldwide. The most exciting news comes from Google, which released VaultGemma, a breakthrough AI model designed to protect private information.

VaultGemma uses something called differential privacy, which is like adding controlled noise to data so no one can figure out specific private details. Google built this model from scratch to make sure it cannot remember or leak sensitive information, even when processing private data. This is huge for industries like healthcare, where doctors need AI help but must protect patient information.

The darker side of AI security showed up in a shocking attack against Arup, a UK engineering company. Criminals used deepfake technology to create fake videos of company executives and tricked an employee into sending them $25 million. The employee thought they were on a real video call with their bosses, but it was all fake.

This type of attack is becoming more common and dangerous. AI-generated CEO impersonations caused over $200 million in losses just in the first three months of 2025. Criminals can now create convincing fake voices using just 20-30 seconds of real audio from someone's speech.

The US Federal Trade Commission (FTC) is fighting back against companies that break privacy rules. They made Disney pay $10 million for collecting children's data from YouTube videos without getting permission from parents first. Disney was supposed to label their kid-friendly videos properly but did not, which let them gather private information illegally.

The FTC also announced they are investigating AI chatbot companions that talk to children and teenagers. These AI programs are designed to be friends with young people, but officials worry they might collect too much personal information or influence kids in harmful ways.

A major new report shows that companies are not doing enough to protect their AI systems and cloud computing. The study found that 82% of businesses use both regular computers and cloud services, while 55% are already using AI for important business tasks. However, their security measures have not improved to match these new technologies.

The report discovered that about one-third of companies using AI have already suffered security breaches. This shows that while businesses are quick to adopt new AI tools, they are not spending enough time or money to protect them properly.

Security experts have identified several new ways that hackers can attack AI systems. These include adversarial inputs, where attackers send specially crafted data to trick the AI into making wrong decisions. Another method called data poisoning involves putting bad information into the data used to train AI models, which can make them behave incorrectly later.

Prompt injection is another growing threat where hackers disguise harmful instructions as normal user questions to make AI systems do things they should not do. There is also model inversion, where attackers can figure out private information that was used to train the AI by asking it clever questions.

The UK's National Cyber Security Centre is working on new ways to protect AI systems. They want to create a system similar to how regular computer bugs are reported and fixed, but specifically for AI security problems. This could help the security community work together to find and fix AI vulnerabilities before criminals can exploit them.

These developments show that as AI becomes more powerful and widespread, both the opportunities and risks are growing rapidly. Companies and governments need to work harder to protect private information while still getting the benefits that AI can provide.