TL;DR: Precision Influence Warfare (PIW) represents a fundamental shift from mass disinformation to hyper-personalized AI-driven influence operations. State actors like China and Russia are using advanced AI to build detailed psychological profiles on thousands of American leaders and deploying high-fidelity deepfakes to manipulate specific individuals. Traditional detection methods have failed, requiring an urgent pivot to content provenance standards and data minimization as national security imperatives.

I. The Strategic Shift: Defining Precision Influence Warfare (PIW)

1.1. The Transition from Broad Disinformation to Hyper-Personalization

Geopolitical competition has entered a new phase characterized by the weaponization of artificial intelligence (AI) to achieve hyper-personalized influence objectives. This emerging strategic model, termed Precision Influence Warfare (PIW), represents a fundamental departure from the broad, indiscriminate disinformation campaigns of the past. Traditional disinformation, often exemplified by campaigns such as Russia's Doppelgänger, operated primarily through a concept known as "ground-shifting." Ground-shifting describes the malicious use of information to redefine reality, substituting accepted principles of objectivity and verifiability with new, subjective criteria based on novelty, framing, and appeal to authority. The strategic aim was generalized societal disruption and the erosion of public consensus.

PIW, in contrast, adopts a far narrower and more potent methodology. It strategically integrates advanced AI capabilities, specifically, automated data harvesting, high-fidelity psychological profiling, and sophisticated generative synthesis, to target specific, high-value individuals, rather than crowds. This approach exploits documented personal and psychological vulnerabilities to achieve narrow, strategic geopolitical objectives, such as provoking a diplomatic crisis or engineering a critical policy misstep.

The strategic objective of PIW is the systemic erosion of trust itself. By deceiving high-value targets, adversaries aim to fracture confidence in Western institutions, degrade the operational speed of governance, and compromise the internal cohesion necessary for effective policy making. The speed and refinement of this hyper-targeting suggest the successful operationalization of what is sometimes referred to as the "agentic AI" concept. In this paradigm, systems move beyond mere data analysis or content suggestions; they autonomously execute strategic actions based on refined intelligence. This transition from mass influence to precision influence dramatically reduces the human footprint required for high-impact attacks, resulting in a massive force multiplier for adversarial forces. If AI agents can enhance corporate efficiency by executing tasks with precision, hostile state-aligned agents, equipped with detailed psychological dossiers, can perform malicious actions faster and with greater autonomy, making these operations exceptionally difficult to trace and counter in real-time.

1.2. State Actors and the PIW Infrastructure

Major state actors have rapidly institutionalized this hyper-personalized approach. Evidence confirms that both the People's Republic of China (PRC) and the Russian Federation are actively refining PIW methodologies.

The PRC's strategy involves an integrated, state-aligned commercial ecosystem dedicated to AI-driven influence. Networks such as Spamouflage and Dragonbridge are increasingly deploying AI-generated anchors and videos to seed narratives abroad, particularly regarding contested geopolitical events. The most explicit evidence of this infrastructure is revealed in the operations of the Chinese company GoLaxy. Primary source documents released by the Vanderbilt Institute of National Security detail how this state-aligned firm harvests bulk data, builds precision profiles, and deploys propaganda at scale.

Russia's evolving campaigns, initially characterized by cloned websites intended to undermine support for Ukraine, have broadened to include the deployment of hyper-realistic AI-generated audio and video impersonations of politicians and journalists. These high-fidelity synthetic media are designed to directly inflame political divisions or provoke specific strategic missteps by high-level targets. The convergence of these technological capabilities confirms that PIW is now the operational standard for sophisticated foreign influence activity.

II. The Infrastructure of Influence: Psychological Dossiers and Deepfake Exploitation

2.1. The GoLaxy Blueprint: AI-Driven Profiling at Scale

The definitive documentation of PIW methodology arrived with the public release of nearly 400 pages of internal GoLaxy documents by the Vanderbilt Institute of National Security. This archive exposed the comprehensive mechanics of a state-aligned influence operation driven by AI.

The core of the GoLaxy operation is the systemic creation of detailed psychological dossiers on key American figures. Analysis of the released files revealed that GoLaxy had compiled detailed profiles on over 2,000 American political figures and thought leaders, including at least 117 members of Congress, journalists, and other influencers.

The methodology underpinning this precision involves the automated assessment of psychological traits inferred from vast digital footprints. This approach relies on analyzing publicly available or harvested data, such as social media interactions, status updates, mobility behaviors, and potentially sensitive financial records, to infer specific traits like cognitive biases, ideological leanings, and personal vulnerabilities. Researchers emphasized that this operation marks a fundamental shift because propaganda is "tailored down to the individual, not just the crowd". This level of precision provides the groundwork for deepfake operations designed not for general persuasion, but for exploiting a target's unique psychological makeup at a moment of strategic consequence.

This systematic targeting of political elites suggests an intent to compromise the government's ability to coordinate and function effectively. By undermining institutional and interpersonal trust among decision-makers, PIW contributes directly to the erosion of governance capacity, mirroring findings that democratic accountability and state capacity have declined in the U.S. since 2015. The objective of profiling 117 members of Congress is clearly aimed at institutional paralysis, ensuring that leaders operate under perpetual doubt, thereby compromising the speed and confidence of crisis response.

2.2. Exploit-Driven Campaigns: The High-Fidelity Deepfake Threat

The psychological profiling capability is rendered strategically potent when coupled with advanced, high-fidelity deepfake synthesis. The July 2025 AI voice deepfake impersonating Secretary of State Marco Rubio served as a critical global security alert and a definitive demonstration of PIW capabilities.

The deepfake was executed with remarkable technological sophistication, convincingly mimicking the Secretary's specific persona and conversational tone. These synthetic communications were intentionally delivered via encrypted channels like Signal and targeted high-value recipients, successfully eliciting responses from multiple foreign ministers, a sitting U.S. governor, and a U.S. Member of Congress.

Crucially, the objective of this attack was not traditional espionage, the theft of specific documents, but rather the systematic erosion of diplomatic trust. The intent was to deceive high-value targets into taking strategic missteps or to fracture confidence in Western alliances. If a cabinet-level official can be impersonated convincingly enough to draw responses from international counterparts, it necessitates that all leaders treat non-authenticated vocal communication as potentially synthetic, severely degrading the speed and certainty of high-stakes diplomatic and security responses.

2.3. The Commercial Endemic: Deepfakes as Financial Weaponry

The strategic threat posed by PIW is immediately transferable to the corporate and financial sectors, transforming deepfakes into a major financial weapon. Deepfake scamming attempts are no longer hypothetical risks but an endemic reality in the commercial environment. A substantial 53% of finance professionals have already reported experiencing attempted deepfake scamming attacks.

The financial impact of these attacks is quantifiable and severe. Organizations are losing an average of $600,000 per voice deepfake incident, with nearly a quarter (23%) of organizations losing over $1 million. These incidents often involve the AI-cloning of a CEO or CFO's voice to authorize a fraudulent wire transfer or financial transaction. The sheer scale of synthetic media generation highlights the pervasive nature of the threat: the total number of deepfake checks globally is forecasted to reach 9.9 billion by 2027. The commercial losses underscore the existential nature of the crisis of trust introduced by generative AI.

III. The Crisis of Asymmetry: The Technological Obsolescence of Defense

3.1. The Failure of Reactive Detection: A Critical Defensive Asymmetry

A central finding in the analysis of PIW is the definitive failure of reactive detection technologies. The Department of Homeland Security's Science and Technology Directorate (S&T) confirms a critical and accelerating technological asymmetry, noting that the rapid evolution of generative AI is outpacing defensive capabilities.

Tools developed just in the last year to identify sophisticated fakes are already considered obsolete. This includes methods of "liveness detection," which previously sought subtle physiological cues to distinguish real content from synthetic media. Examples of these now-defunct detection vectors include searching for inconsistencies in subtle visual details such as misaligned corneal reflections, mismatched earrings, or the presence of a heartbeat in the subject of a video.

The offensive leap is driven by advanced generation models that employ systematized approaches. These approaches utilize multiple AI models working in concert to identify and correct the tell-tale mistakes made by other models, thereby rapidly eliminating the forensic fingerprints that defensive software relies upon. The conclusion is stark: the traditional arms race model, where detection engineers attempt to patch vulnerabilities created by generative AI, has collapsed, leading to defensive exhaustion where resources are perpetually chased by faster, cheaper offensive innovation.

3.2. Strategic Implications of Asymmetry

The failure of detection establishes a dangerous strategic imbalance. Offensive AI capabilities are cheap, fast, and globally accessible, lowering the barrier to entry for both state and non-state adversaries seeking to deploy PIW attacks. In stark contrast, defensive countermeasures are expensive, time-consuming to develop, and instantly perishable upon the next model update.

This critical defensive asymmetry compels an immediate and profound change in operational security protocols. Organizations handling sensitive communications, including diplomatic channels, corporate mergers and acquisitions (M&A), and high-value financial transfers, must now operate under the existential mandate that all non-authenticated, vocal communication from senior leadership must be assumed synthetic. This necessity underscores the futility of continued investment in detection and necessitates a critical pivot toward proactive trust establishment mechanisms.

The severity of this technical imbalance is summarized in the comparative analysis below:

Table 3: The Asymmetry of AI Defense: Defensive Obsolescence vs. Offensive Speed

Vector Defensive Status (DHS S&T Assessment) Offensive Capability (Generative AI) Financial/Strategic Implication
Liveness Detection (Biometrics) Obsolete within 1 year; defeated by models designed to correct physiological cues (e.g., heartbeats, corneal reflections). Systematized, layered generation models rapidly eliminate tell-tale inconsistencies. Requires expensive, perpetual R&D investment; leads to defensive exhaustion.
Voice/Text Authentication Failing; all non-authenticated senior communication must be assumed synthetic. Convincing mimicry of persona and conversational tone achieved (e.g., Secretary Rubio, CEOs). High potential for corporate fraud ($600,000 average loss) and diplomatic disruption.
Acquisition/Cost Expensive and slow; requires customized technical buildout. Cheap, fast, and globally accessible (tools widely available). Creates critical strategic imbalance favoring state and non-state adversaries.

IV. Strategic Defenses: Shifting Investment from Detection to Provenance

4.1. The Content Authenticity Initiative and C2PA Standards

Given the structural failure of reactive detection, strategic investment must pivot toward establishing proactive trust infrastructure. This shift focuses on cryptographically proving what content is real, rather than trying to algorithmically determine if content is fake.

The Coalition for Content Provenance and Authenticity (C2PA) and the Content Authenticity Initiative (CAI) offer an open technical standard designed to address this challenge. This standard attaches verifiable, cryptographically signed metadata, known as Content Credentials, to digital media at the moment of capture or initial edit.

Content Credentials establish the lineage of media, defining its source, author, and editing history over time. They function as a verifiable "nutrition label" for digital content, allowing consumers, media organizations, and policymakers to instantly validate authenticity and invalidate uncredited deepfakes. For PIW operations, this renders even a psychologically perfect deepfake strategically useless if it cannot carry trusted, authenticated credentials, fundamentally degrading the attacker's return on investment. This injection of transparency into the content creation process provides an enduring layer of resilience.

Industry adoption of these provenance standards is accelerating. The 2025 Content Authenticity Summit at Cornell Tech confirmed a critical transition from standardization to large-scale, real-world implementation. Key industry players, including camera manufacturers, software developers, and news organizations, are actively integrating Content Credentials into their products and platforms. This demonstrates that the technology to establish media provenance is mature and ready for mandatory adoption.

4.2. Regulatory Reinforcement of Provenance

International regulatory bodies are beginning to enforce transparency around generative AI, reinforcing the necessity of provenance standards. The EU AI Act introduces transparency requirements for synthetic content and deepfakes. Further illustrating this global mandate, the Italian AI Law requires labeling for any news or informational content that is entirely or partially generated or altered by AI to present fictional data as real.

This regulatory convergence validates the strategic pivot. By integrating cryptographic provenance, the defense strategy shifts from the futile task of chasing flaws in synthetic media to the achievable goal of establishing an auditable, verifiable chain of custody for authentic media.

V. Privacy as National Security: Countering PIW Through Data Minimization

5.1. Data Minimization as the Foundational Defense Layer

The success of Precision Influence Warfare, as evidenced by the GoLaxy documents, is entirely predicated on the ability of adversaries to harvest and analyze bulk sensitive personal data to build high-resolution psychological profiles. Therefore, the practice of data minimization, the limitation of data collection, retention, and secondary use, is transitioning from a consumer protection issue to a critical national security defense imperative.

By limiting the availability of raw data, countries can starve the profiling models utilized by PIW operations. This strategic perspective is visible in international data frameworks. For instance, Mexico's 2025 Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) mandates stricter data minimization principles and eliminates the possibility of processing personal data for purposes incompatible with the original purpose without new consent. Similarly, the Italian AI Law, effective October 10, 2025, authorizes the secondary use of sensitive data for scientific AI research only if the data is stripped of direct identifiers, protecting the anonymity of citizens and limiting the material available for profiling.

5.2. The US Regulatory Firewall: The DOJ Data Security Rule

The US government has moved to establish a legal firewall against the bulk data harvesting necessary for PIW. The Department of Justice (DOJ) rule, "Preventing Access to U.S. Sensitive Personal Data and Government Related Data by Countries or Concern," implementing Executive Order 14117, became fully enforceable on October 6, 2025.

This rule is a direct strategic attempt to limit the AI "ammunition" available to hostile states. It prohibits and restricts certain data transactions that involve the transfer of bulk sensitive personal data and U.S. Government-related data to "countries of concern" or covered persons. The definitions of data covered are comprehensive and include data points essential for psychological profiling, such as biometric identifiers, human 'Omic data (e.g., genetic information), personal financial data, and precise geolocation data. This regulatory measure directly targets the logistical and economic foundation of GoLaxy-style operations.

5.3. The Internal Contradiction: Zero-Click Spyware and the Fourth Amendment

Despite establishing a regulatory firewall against foreign data access, the US government faces a dangerous internal inconsistency regarding surveillance technology. U.S. Immigration and Customs Enforcement (ICE) quietly reactivated a $2 million contract with the Israeli spyware firm Paragon Solutions, maker of the zero-click spyware "Graphite".

This contract reactivation was achieved by circumventing Executive Order 14093, which was intended to ban the acquisition of foreign-controlled spyware. The U.S. arm of Paragon Solutions was acquired by the private equity firm AE Industrial Partners and subsequently merged into the Virginia-based cybersecurity company REDLattice, effectively Americanizing the product and bypassing the foreign-control prohibition. The Electronic Frontier Foundation (EFF) criticized this corporate maneuver as an "end run" that ignores the spirit of the rule and fails to prevent potential misuse.

The technology itself, zero-click spyware, poses a grave threat to privacy and constitutional rights. Graphite utilizes zero-click exploits to access sensitive data, including encrypted communications, photos, and real-time location data on Americans' cell phones without their knowledge or consent. This capability is deeply problematic because it validates the use of highly intrusive, bulk data collection tools that are otherwise deemed an unacceptable national security risk when utilized by adversaries like GoLaxy.

This domestic use directly raises serious constitutional questions, prompting demands from Congress for transparency and oversight. Lawmakers explicitly invoked two landmark Supreme Court rulings: Riley v. California (2014), which established the necessity of a warrant before searching a cell phone incident to arrest, and Carpenter v. United States (2018), which ruled that the government must obtain a warrant based on probable cause to access long-term cell site location information (CSLI). Zero-click spyware inherently challenges these Fourth Amendment protections by providing persistent, surreptitious access to digital data without leaving the traditional forensic traces required for accountability or judicial review. This legal inconsistency severely compromises the integrity of the national defense perimeter by legitimizing the high-precision surveillance tools used by PIW operators.

Table 2: Data Privacy and Provenance: Strategic Countermeasures to AI Warfare

Countermeasure Type Mechanism Impact on PIW/Targeting Capability Supporting Policy/Standard
Content Provenance Cryptographically signed metadata (Content Credentials) attached at capture/edit. Establishes chain of custody, verifies authenticity, allows immediate invalidation of uncredited deepfakes (Rubio countermeasure). C2PA/CAI standards.
Data Minimization Limiting the collection and retention of bulk sensitive personal data. Thwarts the foundational requirement of PIW: the compilation of large, targeted psychological dossiers (GoLaxy model). DOJ Data Security Rule (EO 14117).
Legal Constraint Judicial review requiring warrants for persistent access to digital data. Limits government overreach in surveillance; raises legal barriers for mass zero-click data acquisition (Graphite/Paragon). Carpenter v. United States, Riley v. California.

VI. Political and Economic Implications in the United States

6.1. PIW's Impact on Election Integrity

PIW represents a direct and immediate threat to the integrity of the U.S. electoral process. Adversarial campaigns consistently exploit domestic political wedge issues, using hyper-personalized deepfakes to influence public perception, target candidates, and undermine the credibility of election officials.

The governmental response to this electoral threat remains inconsistent and fragmented. In the absence of comprehensive federal legislation, state governments have adopted a patchwork of laws regulating the use of deepfakes in election communications. For example, Montana, Rhode Island, and South Dakota have enacted legislation requiring mandatory disclosure for deepfakes published within 60 or 90 days of an election, often granting civil recourse, such as injunctive relief, to injured candidates or political parties.

However, significant federal gaps persist. Proposed federal legislation banning materially deceptive AI media applies only to federal elections and often fails to cover malicious deepfakes specifically targeting election officials or those used to falsely impugn the outcome of an election. This lack of a unified, comprehensive national standard provides continued vulnerability that PIW operators can exploit across state jurisdictions and election types. The piecemeal, reactive nature of the US regulatory response is fundamentally ill-suited to combat the speed and unified methodology of PIW operations, converting this governance deficit into a major strategic vulnerability in great-power competition.

6.2. The Broader Governance and Economic Fallout

The PIW threat manifests amidst a globally dispersed regulatory scramble to manage AI risks. This uncoordinated environment exacerbates vulnerabilities. Simultaneously, the DOJ rule is being enforced, while the FTC has launched inquiries into the conduct of AI companionship chatbots. Internationally, regulators like Australia's eSafety Commissioner are registering new codes under the Online Safety Act aimed at restricting children's access to AI chatbots and "nudify" apps, highlighting global concerns over LLMs and generative content misuse.

Compounding these regulatory challenges are persistent, high-impact cyber vulnerabilities that offer PIW actors alternative avenues for penetration. The critical deserialization flaw, CVE-2025-10035, affecting the Fortra GoAnywhere Managed File Transfer (MFT) service, remains under active exploitation. This vulnerability, which allows an attacker with a validly forged license signature to deserialize an arbitrary object, potentially leading to command injection, has been exploited in the wild by cybercriminal groups like Storm-1175 for ransomware campaigns. The widespread use of MFT services across critical infrastructure means successful exploitation provides attackers, including state-sponsored actors, with initial access, lateral movement capabilities, and long-term persistence. This systemic weakness in the interconnected cyber domain provides a fertile ground for the deployment of PIW tools beyond direct social engineering.

VII. Strategic Recommendations for US Resilience Against PIW

The analysis confirms that Precision Influence Warfare operates from a position of technological asymmetry, leveraging bulk data acquisition to create psychological profiles and deploy undetectable synthetic media to achieve strategic objectives. Resilience requires an immediate and unified strategic pivot toward proactive defense mechanisms, legal consistency, and a national commitment to data minimization.

7.1. Technical and Infrastructure Investment

  • Mandatory Content Provenance Adoption: The United States must mandate the rapid adoption of C2PA Content Credentials across all federal agencies, critical private sector partners, and public information disseminators. This commitment must prioritize establishing cryptographic provenance at the point of capture and edit, ensuring the source and history of sensitive media can be instantly verified, thereby neutralizing uncredited deepfakes.
  • Redirecting R&D Investment: Funding must be immediately divested from reactive AI deepfake detection research and redirected entirely toward developing resilient authentication standards, secure communication architectures, and cryptographic content provenance infrastructure. The technological war of detection versus generation is conclusively lost.
  • Data Security Enforcement: Government agencies and contractors must rigorously enforce strict adherence to data security guidelines issued by agencies like the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). This includes prioritizing data minimization, digital signatures, and provenance tracking within all AI and machine learning pipelines to intentionally starve adversarial profiling models of the sensitive training data they require.

7.2. Policy and Legislative Intervention

  • Closing Spyware Loopholes: Congress must immediately legislate to close the legal and corporate loopholes exploited in the Paragon/REDLattice contract acquisition. The United States cannot maintain a credible stance against foreign PIW operations built on bulk data harvesting while simultaneously validating the domestic use of highly intrusive, zero-click surveillance tools. Any use of such surveillance technology must be explicitly subjected to the Fourth Amendment warrant requirements established by Carpenter v. United States and Riley v. California.
  • Comprehensive Federal Deepfake Legislation: Federal law must be enacted to mandate disclosure for all synthetic media related to elections, political figures, and sensitive financial transactions, extending protection to state and local elections and explicitly criminalizing the malicious use of deepfakes against election officials.
  • Strengthening Data Sovereignty: The DOJ Data Security Rule must be strengthened by establishing rigorous and auditable standards for data residency and storage, making it logistically and legally impossible for bulk sensitive data to be transferred or accessed by countries of concern, even through sophisticated third-party masking or corporate shell structures.

7.3. Operational and Diplomatic Strategy

  • Establish a Unified Authentication Authority: A unified, cross-sector agency, potentially led by CISA, should be established with the sole operational mandate of rapidly authenticating real high-value government communications during crises. This agency must operate under the assumption that all non-authenticated communication from senior leadership is compromised.
  • International Standards Alignment: The U.S. must form strategic international alliances with partners, particularly the European Union (which is implementing robust AI and privacy laws), to collaboratively set and enforce global technical standards (C2PA) and establish a collective defense perimeter against the data harvesting essential for PIW.
  • Targeted Operational Security Training: Mandatory and recurring security training must be implemented for all political figures, diplomatic staff, and thought leaders, the bullseye of PIW. This training must move beyond general cybersecurity to reinforce specific operational security protocols, such as mandatory secondary verbal authentication, multi-factor verification, and defined fallback communication channels, to compensate for the fundamental failure of automated technological detection.

References

  1. Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability. Microsoft Security.
  2. Known Exploited Vulnerabilities Catalog (CVE-2025-10035). Cybersecurity and Infrastructure Security Agency (CISA).
  3. Italy Adopts Artificial Intelligence Law. Inside Privacy (Baker McKenzie).
  4. Preventing Access to U.S. Sensitive Personal Data and Government Related Data by Countries of Concern or Covered Persons (DOJ Rule). Federal Register.
  5. Deepfake: The War on Trust. The Cipher Brief.
  6. Lawmakers are 'bullseye and bait' in AI-driven deepfake campaigns. Foundation for Defense of Democracies (FDD).
  7. Impacts of Adversarial Generative AI on Homeland Security. Department of Homeland Security (DHS).
  8. Artificial Intelligence 2025 Legislation. National Conference of State Legislatures (NCSL).
  9. Feature Article: Striking at the Heart of Adversarial AI. Department of Homeland Security (DHS).
  10. Reps. Lee, Brown, Ansari Demand Answers from DHS on Use of Foreign Spyware by ICE. Congresswoman Summer L. Lee (PA-12) Press Release.
  11. Supreme Court Ruling Adds Privacy Protection for the Digital Age (Carpenter v. United States). Government Technology.
  12. Supreme Court's Groundbreaking Privacy Victory for the Digital Age. American Civil Liberties Union (ACLU).
  13. Step Aside Pegasus, Here Comes Graphite. Disinfo Africa.
  14. The New Age of Spyware: Pegasus 2, Zero-Click Exploits, & The Rise of Next-Gen Surveillance. Digital One Agency.
  15. Carpenter v. United States, 585 U.S. 296 (2018). Oyez.
  16. US Supreme Court Says No Cell Phone Search Incident to Arrest Without a Warrant (Riley v. California). Illinois Bar Journal.
  17. Dems launch probe into ICE spyware contract. FedScoop.
  18. ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital. Business & Human Rights Resource Centre.
  19. EFF Statement: ICE Use of Paragon Solutions Malware. Electronic Frontier Foundation (EFF).
  20. ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital. The Guardian.
  21. A Patchwork Quilt: The Supreme Court and the Fourth Amendment in the Digital Age. Catholic University Law Review.
  22. Carpenter v. United States: A Course for Rethinking Fourth Amendment Rights in the Digital Age. NACDL Champion.
  23. 287(g) Participating Agencies. U.S. Immigration and Customs Enforcement (ICE).
  24. DHS 287(g) Reaches More than 1,000 Partnerships. Department of Homeland Security (DHS).
  25. DOJ's 90-Day Data Security Compliance Grace Period Is Over, Are You Compliant? Government Contracts Law Blog.
  26. Regulatory bodies close in on AI chatbots as LLMs face greater scrutiny. Biometric Update.
  27. Industry codes. Australian eSafety Commissioner.
  28. Digital duty of care: What Phase 2 eSafety Codes demand from providers. Bird & Bird.
  29. Australia: Phase 2 Online Safety Codes Registered by eSafety Commissioner. InsightPlus (Baker McKenzie).
  30. FCC Asking Supreme Court to Overturn Fifth Circuit's AT&T Fine Ruling. Broadband Breakfast.
  31. Florida Radiology Practice Data Breach. HIPAA Journal.
  32. Defining the Agentic Workforce: Humans and AI Agents Working Together. Starburst.
  33. Inside China's Surveillance and Propaganda Industries: Where Profit Meets Party. The Diplomat.
  34. The GoLaxy Documents: Inside One Chinese Company's AI-Driven Influence Machine. Vanderbilt Institute of National Security.
  35. Automated Assessment of Psychological Traits from Digital Footprints. MDPI Journal.
  36. U.S. Governance Challenges Put Election Integrity at Stake, Report Finds. UCLA Luskin School of Public Affairs.
  37. AI voice deepfake of US Secretary of State triggers global security alert. Biometric Update.
  38. Coalition for Content Provenance and Authenticity (C2PA) Official Site. C2PA.
  39. Privacy, Identity, and Trust in C2PA (Technical Review). World Privacy Forum.
  40. Authenticity in 2025: Where Tech Giants and Niche AI Tools Collide. Business Insider.
  41. Content Authenticity Summit 2025: From Standardization to Adoption. Content Authenticity Initiative (CAI).
  42. Guidance on AI and Data Protection: Data Minimisation. Information Commissioner's Office (ICO).
  43. Mexico: Evolution of the New Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP 2025). InsightPlus (Baker McKenzie).
  44. Mexico's New Data Protection Law: A Comprehensive Analysis of the 2025 LFPDPPP Reform. Compliance Hub Wiki.
  45. Data Security for Artificial Intelligence/Machine Learning (CSI). National Security Agency (NSA)/CISA.
  46. Model Legislation Prohibiting the Creation and/or Dissemination of a Deepfake to Maliciously Harm a Political Candidate or Election Official. American Bar Association (ABA).
  47. Artificial Intelligence (AI) in Elections and Campaigns (State Laws). National Conference of State Legislatures (NCSL).
  48. FTC Launches Inquiry into AI Chatbots Acting as Companions. Federal Trade Commission (FTC) Press Release.