In this week’s featured article, we look at how a false murder claim by ChatGPT has fuelled fresh concerns over AI accuracy and hallucinations.

A Father Falsely Accused by AI

In quite a shocking story, a Norwegian man has filed a formal complaint after ChatGPT falsely claimed he murdered two of his sons! The case, now lodged with Norway’s data protection authority (Datatilsynet), is raising serious questions about AI hallucinations and how companies like OpenAI are handling personal data.

Who Is Arve Hjalmar Holmen?

Arve Hjalmar Holmen, the man at the centre of the complaint, is what you might call a private citizen. He’s not a public figure, has no criminal record, and lives with his family in Trondheim (Norway) and yet when he typed his own name into ChatGPT last year, the chatbot responded with a chilling story.

Holmen alleges that ChatGPT claimed he had been convicted of killing two of his sons, attempting to murder a third, and had been sentenced to 21 years in prison! It even mentioned the tragic event “shocked the local community and the nation”. The only issue (and quite a large one) here is that it never happened.

Scared

Holmen is reported to have said that the fact that other people could read this bizarre output and believe it is true scared him.

Although the key claim was inaccurate, it seems that the AI’s fictional story didn’t come entirely out of thin air. For example, it correctly mentioned that Holmen lives in Trondheim and has three sons. The ages in the fabricated account also eerily mirrored the real age gap between his children.

It’s been reported that Holmen has said he tried to contact OpenAI, but received only a generic response. It seems therefore that frustratedly, he turned to noyb, a European digital rights group, which has now filed an official GDPR complaint on his behalf.

The Legal Challenge

The complaint accuses OpenAI of breaching Article 5(1)(d) of the GDPR, which requires organisations to ensure that personal data is accurate and kept up to date. Noyb argues that the company should delete the output and “fine-tune” its model to prevent further harm to Holmen’s reputation.

They are also calling for the Norwegian data authority to impose a fine. In the words of Joakim Söderberg, noyb’s legal officer: “You can’t just spread false information and in the end add a small disclaimer saying that everything you said may just not be true”.

What Are AI Hallucinations?

The Holmen case is the latest example of what the industry calls a “hallucination”, i.e. when an AI system makes something up and presents it as fact.

These errors are surprisingly common in large language models like ChatGPT and Google’s Gemini. For example, just last year, Gemini suggested people glue cheese to pizza and eat rocks for health reasons!

These so-called ‘hallucinations’ are a result of how these AI models work. For example, rather than “knowing” facts, they predict the most likely next word or phrase based on patterns in vast amounts of text. This can produce convincingly written (but totally inaccurate) results.

As Professor Simone Stumpf of the University of Glasgow explains: “Even if you are involved in the development of these systems… quite often, you do not know how they actually work, why they’re coming up with this particular information.”

OpenAI’s Response

OpenAI has acknowledged the incident but says it relates to an older version of ChatGPT. The company says it has since rolled out a new model with internet search capabilities, which it says improves accuracy.

However, the original conversation remains in OpenAI’s system, and critics say more needs to be done to prevent such reputational damage in the future.

What Does This Mean For Your Business?

This story raises a pressing question, i.e. how much trust can individuals and businesses place in today’s most powerful tech platforms? We see how AI can cause very real harm through inaccuracies that feel all too plausible.

For individuals like Arve Hjalmar Holmen, the (alleged) damage caused by false AI-generated content is deeply personal, but the implications extend far beyond a single case. As generative AI becomes increasingly embedded in everything from customer service to search engines, the risks around misinformation, defamation, and lack of accountability are growing more serious. For regulators and privacy advocates, this case could become a key reference point in the broader push to bring AI development in line with data protection laws, especially in Europe, where the GDPR offers some of the strongest safeguards.

Google Cloud has just signed one of the biggest cybersecurity deals in history with a bold $32 billion all-cash agreement to acquire Wiz, a fast-growing cloud security firm.

Awaiting Approval

The deal, still subject to regulatory approval, signals Google’s most aggressive move yet to close the gap with rivals Amazon Web Services (AWS) and Microsoft Azure, while doubling down on multicloud and AI-driven cybersecurity.

Who Is Wiz and Why Does It Matter?

Wiz, founded in 2020 by former Microsoft cloud executives, has quickly become one of the most talked-about players in cloud security. The company offers an agentless, user-friendly platform that helps organisations identify and remediate security risks across all major cloud providers, including AWS, Azure, Oracle Cloud, and yes, Google Cloud too.

Rather than waiting for breaches to occur, Wiz scans cloud environments continuously, maps out all assets and their connections, and flags high-risk vulnerabilities in real-time. Its promise is straightforward: understand your entire cloud environment, see where the threats are, and fix them before attackers can exploit them.

For example, if a developer accidentally leaves a storage bucket open to the internet or misconfigures a sensitive workload, Wiz alerts security teams, and even helps them prioritise the most critical risks. This “code-to-cloud” view has made it hugely popular with everyone from nimble start-ups to sprawling enterprise IT teams and public sector bodies.

Results

The results speak for themselves. For example, in just under five years, Wiz has reached an estimated $700 million annual revenue run rate, with projections it would have crossed $1 billion within a year. That makes it one of the fastest-growing software companies in history (and a highly attractive acquisition target).

Why Is Google Buying Wiz Now?

Google Cloud may be strong on paper, with top-tier infrastructure, AI expertise, and a solid security record. However, it remains a distant third in the cloud infrastructure race, trailing AWS (30 per cent global market share) and Microsoft Azure (21 per cent) by a wide margin. Google Cloud sits at around 12 per cent (Statista).

This acquisition by Google Cloud is designed to change that. By bringing Wiz into the fold, Google is looking to supercharge its credibility with enterprise customers and respond to two urgent trends in tech:

1. The surge in multicloud use. Most large organisations now use a mix of cloud providers for different workloads. That makes managing security even harder — and makes a vendor-agnostic platform like Wiz essential.

2. The rising cybersecurity threat landscape. As more businesses go digital and deploy AI-driven systems, the complexity of defending modern IT environments is exploding. Wiz offers a way to simplify that defence — and make it more proactive.

In a recent blog post, Thomas Kurian, CEO of Google Cloud, summed it up clearly: “Multicloud is something our customers want… Our commitment to multicloud means that new IT projects an organisation does with Google Cloud can work with their existing IT investments.”

Kurian also noted that AI is accelerating this trend: “AI architectures typically see large enterprises pool data from multiple places… This means multicloud protection is more critical than security for a centralised cache of data.”

Multicloud or Bust

Interestingly, Google is not planning to make Wiz a Google Cloud-only tool, and that’s no accident.

Wiz’s success has been built on its neutrality. Many of its customers don’t even use Google Cloud. If Google were to make Wiz exclusive, it could easily drive those users into the arms of competitors. That’s the most likely reason why the company has gone to great lengths to reassure customers that Wiz will continue to work seamlessly across all major cloud platforms.

In fact, as part of the deal, Google and Wiz have even earmarked an additional $1 billion retention package to keep key staff and leadership in place (including CEO Assaf Rappaport) and ensure continuity for clients.

As Wiz’s Rappaport puts it: “Wiz and Google Cloud are fully committed to continue supporting and protecting customers across all major clouds, helping keep them safe and secure wherever they operate.”

For Google, this “multicloud-first” positioning also helps defuse potential antitrust concerns. The deal comes at a time when Big Tech M&A activity is being watched closely by regulators in both the US and Europe. Emphasising openness, competition, and customer choice could make the acquisition easier to push through.

What’s in It for Google Cloud Customers?

From a business standpoint, the deal could be seen as a major play to strengthen Google Cloud’s value proposition to enterprise and government buyers. By integrating Wiz into its broader portfolio, alongside Mandiant, Google Security Operations, and its AI threat intelligence tools, Google hopes to create a unified, AI-optimised security platform that:

– Helps customers detect, prevent and respond to cloud threats faster.

– Lowers the cost and complexity of managing security across hybrid and multicloud environments.

– Boosts productivity of cybersecurity teams with automated tools and AI-powered agents.

– Provides “measurable defence” by helping teams test and validate their own security controls.

Example

As an example of how this could work, a large bank (e.g. using AWS for customer-facing apps, Azure for internal services, and Google Cloud for AI modelling) can now use Wiz to monitor all those environments from a single dashboard. That unified approach, backed by Google’s infrastructure and AI muscle, is what the tech giant hopes will make its cloud platform more attractive.

Wiz’s tools will also remain available via the Google Cloud Marketplace and other partner channels, giving system integrators and resellers access to a much broader toolkit for customers.

A $32 Billion Price Tag (And Plenty of Pressure)

At $32 billion, the acquisition is the largest in Google’s history, and one of the biggest cybersecurity deals ever made. To put that into perspective, it’s more than 3x the price Google paid for Motorola Mobility in 2012, and well above the $5.4 billion Amazon spent acquiring MGM Studios in 2022.

It’s also far above Wiz’s most recent private valuation, which was reportedly around $10 billion. So why the premium?

Partly, it reflects the sheer scale of the opportunity. Cloud security is one of the fastest-growing segments in enterprise IT. According to Gartner, global spending on cloud security is expected to top $18 billion in 2025, up from $13.5 billion in 2023.

Google sees Wiz not just as a product, but as a platform, and one that could become the default choice for securing modern cloud-native and AI-driven systems. The acquisition could give Google a critical edge as AI becomes more embedded in everything from healthcare to finance to national infrastructure.

However, it also raises expectations. With such a steep price tag, the pressure will now be really on Google to show real returns not just in terms of revenue, but in market share gains and customer trust.

What This Means for the Rest of the Cloud Market

For competitors like AWS and Microsoft, the acquisition of Wiz is a clear signal that Google is not backing down in the cloud wars. It’s a bet on openness, AI integration, and simplified security, and it’s likely to accelerate innovation across the industry.

However, some analysts have warned that integrating Wiz successfully won’t be easy. Cultural clashes, product overlaps, and customer scepticism could all pose challenges. There are also questions around whether Wiz’s lean, start-up-style pace can be maintained under the umbrella of a tech giant like Google.

Still, if Google can pull it off, the payoff could be significant. As cyber threats grow more sophisticated and cloud environments become ever more complex, customers will be looking for solutions that just work, regardless of where their data lives. That’s essentially the promise Google is betting $32 billion on.

What Does This Mean For Your Business?

By snapping up one of the most agile and highly regarded multicloud security firms on the market, Google has positioned itself to offer something that many enterprise customers have long been asking for, i.e. a single, unified security platform that doesn’t demand vendor lock-in and can evolve with their increasingly complex IT environments.

For Google, this is about more than plugging a gap in its offering. It’s a strategic move to become a serious contender for the next wave of cloud growth, where AI, hybrid systems, and multicloud deployments are the norm. If it can successfully integrate Wiz and maintain the platform’s independence and speed of innovation, it may finally start to close the distance between itself and the cloud giants that have dominated the space for years.

For UK businesses, from financial institutions and healthcare providers to the growing ecosystem of digital-native start-ups, the benefits could be substantial. Many are already juggling data across multiple platforms, wrestling with compliance demands like GDPR, and navigating increasingly sophisticated cyber threats. A more integrated, intelligent and cloud-agnostic security solution could offer much-needed simplification, cost efficiency, and peace of mind. At the same time, UK-based security consultancies, MSPs and technology partners may find new opportunities through the Google Cloud Marketplace and expanded integrations with Wiz’s tools.

However, the deal is not without its challenges. Regulatory scrutiny remains a looming question, and customers will be watching closely to see whether Google can truly preserve Wiz’s independence in practice. There’s also the risk that the sheer scale of the acquisition could dilute what made Wiz successful in the first place: its speed, focus, and user-friendly approach.

All that said, in a market crying out for more flexible, AI-ready security solutions, this acquisition may be exactly the kind of move Google needed. Whether it pays off, and whether customers, partners and regulators will buy into Google’s multicloud pitch, remains to be seen. One thing, however, is clear – the race to secure the cloud just entered a new phase, and Google has firmly placed its bet.

In a new internal report, Cheshire East Council says it could save as much as £60 million over the next five years by leveraging artificial intelligence (AI).

Smart Technology Shift

The report highlights how AI could transform everything from customer service to social care, while tackling the authority’s ongoing financial struggles. The plan is part of a broader shift across UK councils to use smart technology to plug budget gaps, improve services, and cut red tape.

Why AI And Why Now?

Cheshire East, like many other UK local authorities, is under serious financial pressure. Its leaders have already warned of an eye-watering £25.3 million funding gap for the 2025–26 financial year. To help cover its day-to-day spending, the council has now secured exceptional financial support from central government for the second year running – essentially permission to borrow to stay afloat.

It seems, therefore, that against this challenging backdrop, the idea of using AI to deliver better services for less money is fast becoming not just an idea, but a necessity.

The council’s internal report, which is due to be discussed by the corporate policy committee, outlines a bold “transformation plan”. It suggests that artificial intelligence could be used across several departments to make services faster, more accurate and far less reliant on overstretched staff.

Where AI Could Make The Biggest Difference

The report identifies three key areas where AI could deliver the biggest impact: customer service, adult social care and children’s services. For example:

– Customer contact centres. The council wants to reduce the number of calls handled by humans by introducing AI-powered virtual assistants and chatbots. These tools can handle routine queries and direct people to the right services automatically, thereby cutting wait times and staffing costs.

– Adult Social Care. AI could streamline assessments and care planning, especially for complex cases. Tools could help staff identify needs earlier, coordinate support more efficiently and reduce duplication of work, thereby freeing up social workers to focus on people rather than paperwork.

– Children’s Services. The council thinks that AI might also help with tasks like processing Education, Health and Care Plans (EHCPs) more quickly. The report suggests this could reduce waiting times for families and cut costs by finding more suitable (and often less expensive) placements for children earlier in the process.

In total, the report suggests that the estimated savings from using AI could range between £40 million and £60 million over a five-year period. The report also highlights how, after that, annual savings of up to £14 million could continue. As the report says, “These benefits will be realised through improved service delivery, reduced costs, and enhanced operational efficiency”.

Not The Only Council Using AI

Cheshire East isn’t the only authority turning to AI to help solve deep-rooted challenges. Across the UK, other councils are trialling a wide range of AI-driven tools and platforms, with some already reporting significant savings and improved outcomes. Some examples include:

– London Borough of Sutton is using smart sensors on everyday appliances (like fridges and kettles) to help monitor elderly residents living independently. If someone doesn’t make a cup of tea in the morning or open the fridge, carers get an alert. It’s a simple but effective way to spot problems early and avoid emergency call-outs.

– Blackpool Council has started using AI-equipped vehicles to detect potholes before they become serious hazards. The technology can map the condition of roads in real-time, allowing for proactive maintenance and fewer costly insurance claims.

– Coventry City Council, working with energy provider E.ON, has launched a 15-year smart energy partnership. AI-enabled drones carry out thermal imaging surveys to detect where heat is escaping from homes – allowing residents to insulate more effectively and cut energy bills.

– Dorset Council is piloting AI-driven acoustic monitoring in care homes. These devices alert staff to unusual noises at night, helping them check on residents without disturbing them unnecessarily. It’s already led to faster response times and better care planning.

Government Is Backing The Shift

The UK government is actively encouraging councils and other public bodies to adopt AI. As part of its wider “Plan for Change”, ministers want to see up to £45 billion in efficiency savings across public services, with AI being central to that goal.

One example is the introduction of tools like “Humphrey”, an AI assistant developed to support civil servants with admin tasks such as summarising documents and generating reports.

In health and social care, the Department of Health and Social Care is also investing in AI pilots through the Digitising Social Care Programme. These trials, including those in Dorset, are seen as a way to test what works and scale it up quickly.

What Are The Risks?

Despite the promise of AI, it’s not without controversy. For example, there are concerns about how personal data will be used (privacy), especially in sensitive areas like social care and children’s services. Councils must, therefore, tread carefully to ensure they comply with data protection laws and maintain public trust.

There’s also the issue of accuracy. AI systems are only as good as the data they’re trained on. If the data is incomplete or biased (or there are ‘AI hallucinations’ – AI making things up), the outcomes can be misleading, with potentially serious consequences when it comes to making decisions about vulnerable people.

There’s also the question of AI’s impact on jobs. For example, if AI can automate many routine tasks, it may lead to reduced staffing levels in some departments. That could mean job losses, or at the very least, significant changes to how council employees work.

That said, many people in UK local authorities are aware that AI is just one tool that can help and is not the answer to all the problems they face. For example, as one local government technology expert put it: “AI is not a silver bullet. It has the potential to support better services and reduce costs – but only if it’s implemented carefully, with real oversight and a focus on outcomes.”

What Does This Mean For Your Business?

While the promise of AI-driven efficiency might once have felt like a distant ambition, it seems it’s now becoming a practical solution to the very real financial strain facing councils across the UK. However, Cheshire East’s plan to wholeheartedly embrace AI isn’t just a tech upgrade but is more of a survival strategy. By rethinking how services are delivered and where time and money are being lost, the council is hoping to modernise its operations in ways that could have lasting benefits for both staff and residents.

For UK businesses, especially those operating in the tech and digital services sectors, councils embracing AI could mean new business opportunities. For example, as councils look to adopt AI, they will need software developers, data analysts, compliance consultants and implementation partners, thereby opening the door to greater public sector collaboration. More broadly, the move towards AI in local government could also raise the bar in terms of customer experience and data use, pushing businesses to adopt similar innovations to stay competitive and relevant.

The Cheshire East example shows how AI is no longer just the preserve of private tech giants. It’s entering town halls, social work offices, and call centres and is quietly reshaping the machinery of local government. If done properly, it could usher in a new era of smarter, leaner public services. However, councils must proceed with care, ensuring that the benefits of AI are fairly distributed and that those who rely on public services continue to feel supported, not sidelined.

New fibre optic sensing technology is being deployed under the Baltic Sea to detect and deter sabotage attempts on Europe’s critical subsea data cables.

Subsea Cables Carry the World’s Internet

Many people may not know that nearly all global internet traffic depends on cables running across the seabed. Although these are slender fibre optic lines, often just a few centimetres thick, they actually carry around 99 per cent of intercontinental data! As such, these cables link whole countries, power financial markets, and support global communications infrastructure.

For example, the seabed beneath the Baltic Sea is criss-crossed by dozens of these connections, linking Sweden, Finland, Estonia, Latvia, Lithuania, Poland and Germany. These cables are essential to both internet access and the flow of electricity from offshore renewables.

However, these undersea cables are exposed and vulnerable to damage, e.g. from anchors or fishing gear, or even from deliberate sabotage, as tensions rise in the region.

Unexplained Cable Damage Has Triggered a Response

Several recent incidents have put the vulnerability of the subsea cables in the Baltic firmly in the spotlight. In late 2023 and early 2024, multiple data and power cables were damaged in unexplained circumstances. Although investigations are still ongoing, European leaders have taken the incidents seriously.

The EU’s New Initiative To Protect The Cables

In February 2025, the European Commission launched a new initiative to protect subsea infrastructure, warning that cable disruptions “risk causing severe interruptions to essential services” across the EU. The strategy sets out new funding, detection systems, mapping efforts and plans for smarter, more secure cables.

The NATO-led “Baltic Sentry” mission, using drones, warships and aircraft to patrol the sea, was also launched in response. However, with thousands of kilometres of seabed to monitor, authorities have found it necessary to turn to a new kind of defence, i.e. smart sensor cables that can detect threats in real-time.

How Fibre Optic Cables Can ‘Hear’ Underwater Activity

The idea is deceptively simple, i.e. use existing fibre optic cables to listen for disturbances. This is made possible by a technique called Distributed Acoustic Sensing (DAS). In short, light pulses are sent down a fibre optic line. When that line is disturbed (by vibrations, movement or temperature changes) it alters the light signal, which can then be analysed.

Examples of what these fibre optic sensor cables can detect include:

– Divers, drones or submersibles near the cable.

– Anchors being dropped or dragged along the seabed.

– Vessels passing overhead, including their size, speed and direction.

– Dredging, tunnelling or unauthorised seabed activity.

During tests, it’s been found that such acoustic sensing systems could detect a diver simply brushing the cable. In one demonstration, a buried cable was even able to pick up nearby footsteps and even a distant gunshot.

Cross-Referenced

The information from the cable can be cross-referenced with satellite images or vessel tracking data to confirm whether suspicious activity is occurring. In practice, it becomes a silent surveillance network lying on the seabed, detecting threats without giving away its presence.

Who’s Building These Systems And Where Are They Being Used?

Several companies are already rolling out this technology, with Germany’s AP Sensing and the Netherlands-based Optics11 leading the charge.

AP Sensing’s solution uses Distributed Fibre Optic Sensing (DFOS) to monitor telecoms cables, power lines and gas pipelines. The company says its system can provide real-time alerts and pinpoint exactly where a disturbance is occurring, even differentiating between routine vessel traffic and potential intrusions.

Although AP Sensing has confirmed that its systems are in place on some cable routes in the North Sea, it has not disclosed specific locations for security reasons. However, the Baltic is a clear focus area for future deployments.

Optics11 is developing systems that can be laid independently of the main cables. The company says these could act as early-warning sensors in strategic zones, e.g. 100km from a critical port or around key gas pipelines.

How The Sensors Are Deployed

Both AP Sensing and Optics11 say that these sensor systems can be deployed without laying new cables. Instead, they rely on something called “dark fibre” which are unused strands within existing fibre optic cables that were installed for future capacity. These dormant fibres can be activated and connected to specialist monitoring equipment on land, turning them into sensing lines without disturbing the cable itself.

If no dark fibre is available, the system can (sometimes) use spare channels on active fibres. In either case, the main undersea cables stay where they are, i.e. there’s no need to slide anything new into the seabed. It’s the light signals running through the fibre that are doing the ‘listening’.

A New Line of Defence – But It Has Limits

While the technology appears to be powerful, it isn’t perfect. For example, one of the key limitations is range. In most cases, disturbances must occur within a few hundred metres of the fibre to be reliably detected, so interrogators (the specialist devices that analyse the signals) must be installed roughly every 100km to keep the system functioning. This, unfortunately, makes full coverage expensive, especially across long distances or in deep water.

Another challenge is what happens after a disturbance is detected. For example, detecting a diver or anchor is useful but without a rapid response capability, there’s still a risk of damage before any intervention can take place.

Also, even the most physically robust cables are not immune. According to Swedish cable manufacturer Hexatronic, although lines are reinforced with metal armouring and thick protective layers, even these can be severed by a deliberate dragging of a ship’s anchor, especially at shallow depths.

Why the Baltic Sea Is Europe’s Top Priority Right Now

The Baltic region has become a focal point for infrastructure protection, and not by coincidence. For example, its shallow waters, heavy commercial traffic and its strategic proximity to Russia all make the area particularly vulnerable. Many of the recent cable damage incidents (and subsequent investigations) have occurred here, prompting coordinated action. In response, the European Commission has laid out a wide-ranging plan that includes:

– Mapping all subsea cables across EU waters by the end of 2025.

– Launching a “Cable Security Toolbox” of protective measures.

– Funding new smart cables with inbuilt sensing capabilities.

– Creating a list of critical “Cable Projects of European Interest”.

– Increasing repair capacity and backup systems to minimise downtime.

These efforts are being coordinated with NATO activities and national security strategies. The EU’s 2025 roadmap also links in with the NIS2 cybersecurity directive and the Critical Entities Resilience (CER) directive, two major legal frameworks designed to harden infrastructure against hybrid threats.

China Introduces a Powerful Deep-Sea Cable Cutter

Whilst this is all happening, China has unveiled a powerful deep-sea cable cutter capable of severing heavily protected undersea lines at depths up to 4,000 meters—beyond existing operational ranges.

Developed by the China Ship Scientific Research Centre and the State Key Laboratory of Deep-sea Manned Vehicles, it can be fitted to both crewed and uncrewed submersibles like Fendouzhe and Haidou. Originally intended for civilian salvage and seabed mining, its dual-use potential could alarm nations reliant on undersea communication cables that carry 95 percent of global data.

This is the first official disclosure of a device that could disrupt critical maritime infrastructure.

What Does This Mean For Your Business?

With geopolitical tensions rising and critical infrastructure increasingly targeted, fibre optic sensing offers a promising (and highly practical) way to spot trouble early. By transforming existing cables into silent surveillance tools, Europe may be beginning to close a dangerous blind spot beneath the waves.

However, as with most emerging technologies, this isn’t a silver bullet. Sensor systems still rely on swift responses from coastguards or military forces to intervene if sabotage is suspected. Their coverage is limited by distance, their deployment by cost. Even the most advanced system can only alert, it can’t physically stop damage from being done in the first place. That said, the strength of this technology lies in its ability to provide that vital early warning, buying time when it matters most.

For the UK, this move towards smarter cable monitoring is not just a continental concern. For example, Britain’s own subsea networks connect it to Europe, North America and beyond, underpinning the data economy, financial services and everyday digital life. UK telecoms providers and energy firms will likely need to follow developments in the Baltic closely, both to understand the risks and to assess the potential of retrofitting their own infrastructure with acoustic sensing capabilities.

At the same time, the opportunity for UK-based firms specialising in cyber-physical systems, marine engineering or signal analytics could be significant. As the EU ramps up investment in cable resilience and NATO deepens its interest in subsea surveillance, demand for this kind of expertise will grow across both civil and defence sectors.

The wider lesson from the Baltic, therefore, is that the digital world doesn’t float in the cloud but it sits on the seabed. As governments, companies and regulators begin to grasp just how critical and exposed that infrastructure really is, technologies like fibre optic sensing are likely to become part of a much broader push to harden Europe’s digital backbone. The challenge now is ensuring that detection leads to action, and that security keeps pace with the threat.

HP has (quietly) settled a class action lawsuit over claims it deliberately blocked customers from using third-party toner cartridges in its printers, without paying a penny in damages.

Locking Out Third-Party Toner

The lawsuit centred on HP’s controversial Dynamic Security feature, i.e. software designed to detect and reject toner cartridges not produced by HP itself. The system, enabled through automatic firmware updates, left some users unable to print at all if they’d chosen cheaper, third-party alternatives.

The lead plaintiffs included Mobile Emergency Housing Corp (MEHC), a US-based organisation providing emergency shelter services, and Performance Automotive, a car parts business. Both reported that HP printers they had purchased in good faith suddenly stopped accepting non-HP toner after a firmware update was remotely triggered. For example:

– MEHC said it had bought an HP Color LaserJet Pro M254 in 2019 and opted for third-party toner in 2020 to cut costs. The following month, a firmware update rendered the cartridges useless.

– Performance Automotive said it had a similar experience with its HP Color LaserJet Pro MFP M281fdw after installing an update that blocked non-HP supplies.

A Profitable Strategy?

It seems that HP hasn’t denied the existence of Dynamic Security. In fact, it appears to have defended the system openly. For example, speaking back at the 2024 World Economic Forum in Davos, CEO Enrique Lores highlighted how HP’s business model depends on profits from consumables, not hardware, saying: “We lose money on the hardware, we make money on the supplies,” and that, “we’re investing in that customer every time a printer is sold.”

The fact that in FY2024, HP’s printing division generated $4.5 billion in net revenue, much of it from proprietary ink and toner sales, appears to support this idea.

Lores has also argued that Dynamic Security helps protect customers from potential security threats, claiming third-party cartridges could, in theory, carry malicious firmware. However, such risks remain hypothetical and there’s little evidence of this happening in real-world scenarios.

Settlement Without Liability

Rather than fight the lawsuit in court, HP has now agreed to settle without admitting wrongdoing. Under the terms, the company will continue to disclose that its printers may block third-party cartridges and has pledged to allow customers the choice to install or decline firmware updates containing Dynamic Security.

“HP denies that it did anything wrong,” the official settlement notice states, “but agrees to maintain certain disclosures and options regarding firmware updates.”

While it appears that no compensation will be paid, the agreement marks another chapter in HP’s ongoing efforts to defend its closed ecosystem, even as it comes under increasing scrutiny from customers and regulators alike.

The Growing Backlash Against Lock-In

Unfortunately for HP, this issue isn’t likely to go away. Many customers see the lockout as an unfair restriction, especially when third-party cartridges can cost a fraction of the price. On forums and social media, frustrated users have voiced concerns about being forced into costly purchases with little warning or transparency.

For businesses that rely on predictable print costs, these kinds of restrictions can have real operational impacts. For example:

– Disruption risk. Sudden firmware changes can halt printing workflows, causing downtime for organisations.

– Cost inflation. HP-branded toner is often significantly more expensive, impacting budgets for schools, small businesses, and non-profits.

– Reduced trust. Customers may question whether HP prioritises their interests, or simply its bottom line.

HP’s Not The Only One

It’s worth noting here, however, that HP’s not alone in exploring this kind of supply-chain lock-in. Other printer makers, including Canon and Epson, have also been accused of using software to prevent third-party cartridges from functioning.

However, HP has become one of the most visible examples, perhaps because it’s also one of the most vocal. With lawsuits, user complaints, and increasing regulatory scrutiny in both the US and EU, it seems that efforts to tightly control consumables may be backfiring.

A 2023 report by the European Commission warned that such tactics could breach consumer rights, and several EU countries are now pushing for regulations guaranteeing “the right to repair” and “freedom of choice” for printer supplies.

HP, meanwhile, remains firm on its stance, offering its own cartridge recycling programmes and claiming that its proprietary ecosystem is ultimately more sustainable and secure.

That said, for many customers, particularly in sectors where budgets are tight, that argument is proving increasingly hard to justify.

What Does This Mean For Your Business?

HP’s settlement may avoid an outright legal defeat but is likely to leave lingering concerns for businesses that rely on its printers. The company’s willingness to restrict functionality through remote updates (especially without warning) appears to raise serious questions about control, transparency, and long-term value.

While HP has pledged to give users the choice over future firmware updates, the incident highlights the risks of buying into ecosystems that can be altered unilaterally. For small businesses, charities, schools, and other organisations with tight margins, the ability to use affordable third-party toner isn’t just a preference but is a necessity.

It’s also a warning sign for procurement teams, i.e. printer selection should no longer be just about hardware specs or upfront cost. It’s about understanding how restrictive the vendor’s software policies are, and what support (or surprises) may lie ahead.

If anything, this case shows how vendors are doubling down on closed-loop business models. Companies may want to reassess whether HP’s approach aligns with their operational and financial priorities, or if a more open, flexible printing solution would be the smarter investment.

As printer manufacturers continue to balance profit protection with customer satisfaction, the pressure is on to prove that these digital lock-ins serve users as well as shareholders.

Cybercriminals are exploiting users’ trust in familiar verification tools like CAPTCHAs to trick them into infecting their own systems, according to HP Wolf Security’s latest Threat Insights Report.

The report highlights a rise in social engineering campaigns built around a fake CAPTCHA page where users are lured into completing bogus verification steps, exploiting what HP terms “click tolerance”, a habit of blindly following prompts due to frequent exposure to login and security checks.

Victims are directed to attacker-controlled websites where clicking “I’m not a robot” secretly copies a malicious PowerShell command to their clipboard. They are then instructed to open the Windows Run prompt, paste the code, and execute it, thereby unknowingly launching a malware infection themselves.

The primary payload, Lumma Stealer, is a powerful information-stealing tool capable of grabbing credentials and crypto wallets. The malware is hidden in a disguised ZIP archive and deployed using DLL sideloading to avoid detection.

HP reports that these campaigns often use reputable cloud services to host the malicious content, helping them bypass web filters and email gateways. Victims are typically drawn in via search engine hijacking, ads, or compromised websites.

To stay protected, businesses should disable clipboard sharing and restrict access to the Windows Run command where possible. Regular training can also help staff recognise and resist deceptive prompts.