Daily Summary

Noma Security. GeminiJack shows AI assistants can become a covert data exfiltration layer. Noma Labs disclosed a zero click indirect prompt injection vulnerability, dubbed GeminiJack, in Google Gemini Enterprise and previously Vertex AI Search, which allowed attackers to embed hidden instructions in shared documents, calendar invites or emails so that AI powered enterprise search would silently exfiltrate Gmail, Calendar and Docs data through a disguised image request, leading Google to change how Gemini Enterprise interacts with its retrieval and indexing systems and separating Vertex AI Search from Gemini workflows.

UK Government (DSIT). A new press release confirms that members of the former International Network of AI Safety Institutes have recommitted to joint work on benchmarks and testbeds under the renamed International Network for Advanced AI Measurement, Evaluation and Science, with an explicit focus on improving the comparability and robustness of AI measurement and evaluation practices across major economies.

The Guardian. Over 100 UK parliamentarians across parties have endorsed a coordinated call, led by nonprofit Control AI, for binding regulation of the most powerful AI systems, urging the Prime Minister to resist pressure to weaken rules and stressing risks comparable to nuclear weapons and pandemics if advanced systems are left largely self governed. NCSC. The UK National Cyber Security Centre warns that prompt injection should not be treated as a niche variant of SQL injection but a distinct and potentially more dangerous class of attack that exploits how AI systems process instructions, urging organisations to treat prompt injection as a strategic security risk in AI deployments rather than a minor technical bug. Tech Policy Press. A new commentary argues that current UK law and policy do not provide effective protection from chatbot related harms, highlighting gaps in consumer protection and safety standards and suggesting that regulators have been slower than the speed at which conversational AI is being integrated into everyday services.

According to the Bank of England, the December 2025 Financial Stability Report warns that elevated equity valuations for technology companies focused on artificial intelligence, together with debt-financed AI infrastructure spending and leveraged positions in private credit and gilt markets, now pose heightened risks to UK and global financial stability, even though core UK banks remain resilient under stress tests.

GOV.UK (DESNZ/DSIT). According to the UK government, the latest meeting of the AI Energy Council in London focused on speeding up grid connections and building infrastructure for new AI data centres and ‘AI Growth Zones’. Ministers and regulators discussed reforms to accelerate grid access, discounted tariffs for data centres that can use excess capacity, and the broader goal of ensuring that AI’s growing energy demand is matched by sustainable, well governed energy infrastructure across the UK.

Scotland – AI infrastructure and water use scrutiny. Digit.FYI reports rising concern that large AI-driven data centres could be straining Scotland’s water resources, prompting calls for tighter transparency and environmental governance around AI infrastructure siting and cooling. Global – AI and regulatory complexity for companies. Verdict highlights how overlapping AI, privacy and sectoral rules are driving regulatory complexity, arguing that organisations need to embed AI governance and privacy risk assessment within compliance workflows rather than treat AI as a bolt-on issue.

UK Parliament – scrutiny of AI Growth Zone policy. A written question in the House of Lords asks what assessment has been made of the proposed “AI Growth Zone” in south-east Wales, seeking clarification on UK Government support, expected investment and governance structures. This continues the trend of using geographically targeted zones to attract AI-related firms, raising questions about local accountability, infrastructure and safeguards around data use and experimentation in these zones. HRReview – AI job-loss forecast raises regulatory and policy concerns. HRReview reports on a new “future of work” analysis suggesting AI could threaten up to half of existing jobs, particularly in knowledge-intensive services. The piece links the scale of expected disruption to the urgency of labour-law and social-policy responses, including up-skilling, worker consultation on AI deployment, and potential reforms of redundancy and consultation rules if AI adoption accelerates as predicted.

UK Parliament – AI and copyright oral evidence session. The Culture, Media and Sport Committee held an oral evidence session on ‘AI and copyright’, hearing from stakeholders on how AI affects creators, platforms and consumers. The session focused on training data, remuneration and enforcement options, and how future UK copyright and AI policy might strike a balance between innovation and protection for rights-holders. Law Society of Alberta – Generative AI Playbook for legal professionals.The Law Society of Alberta has published ‘The Generative AI Playbook’, offering guidance to lawyers on terminology (AI, LLMs, generative AI), risk categories and professional-conduct expectations when using tools like ChatGPT in client work. The playbook stresses confidentiality, competence, supervision and transparency as key duties implicated by AI use.