Google has warned that the moment quantum computers can break today’s encryption may arrive within the next few years, accelerating timelines for businesses to prepare for a fundamental change in digital security.

What Is ‘Q-Day’?

Q-Day refers to the point at which a quantum computer becomes powerful enough to break widely used cryptographic systems such as RSA and elliptic curve encryption, which underpin everything from online banking to software updates.

Google’s position is that this is no longer a theoretical concern for the distant future. As the company warned in its earlier guidance, “the encryption currently used to keep your information confidential and secure could easily be broken by a large-scale quantum computer in coming years.”

The Risk Is Already Emerging

Attackers are also believed to be collecting encrypted data today with the intention of decrypting it later once quantum capabilities become available, a tactic often referred to as ‘store now, decrypt later’.

Google Revises Its Timeline

In a recent update, Google has set out a more urgent timeline for the transition to post-quantum cryptography, signalling that the industry may have less time than previously expected to prepare for this moment.

The company has now introduced a 2029 target for completing its migration to quantum-resistant cryptography, bringing forward urgency compared to earlier industry expectations that placed large-scale quantum threats in the mid-2030s, and stating: “We’re setting a timeline for post-quantum cryptography migration to 2029.”

Not A Direct Prediction

It’s worth noting here that this isn’t a direct prediction from Google of when exactly quantum computers will most likely break encryption, but it provides some guidance and a reassessment of how quickly organisations need to act.

Why The Updated Timeline?

Google said the change is based on recent progress in “quantum computing hardware development, quantum error correction, and quantum factoring resource estimates”.

In simple terms, it seems the technical barriers that once made quantum threats feel distant are being reduced faster than expected.

Google’s update of Q-Day is not simply about setting a date, it is about creating urgency. The company has made this explicit in a recent blog post about the update, stating: “As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline.” It added that the goal is to “provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.”

This reflects a broader concern that organisations are underestimating the scale and complexity of the transition required.

This urgency also reflects the scale of what organisations are being asked to do. For example, moving from current cryptographic standards to post-quantum alternatives is not a simple upgrade. It involves identifying where encryption is used, replacing algorithms across systems, updating infrastructure, and ensuring compatibility across supply chains and partners.

The UK’s National Cyber Security Centre has already described this transition as a “complex change programme”, highlighting the scale of the task facing organisations.

The Gap Between Awareness And Readiness

Despite growing awareness of quantum risks, most organisations are not ready.

Part of the challenge is that the threat itself is difficult to fully understand. Quantum computers are often described as vastly more powerful than today’s systems, and for many businesses, this means the practical implications are unclear. Understanding how and when these machines could break existing encryption, and what that means for real-world systems, is not straightforward without some specialist knowledge.

Research cited in industry reports suggests that while a majority of businesses expect quantum-enabled attacks within the next five years, only a small proportion have a clear roadmap in place to address them.

This means that while many organisations accept that quantum threats are coming, there is still uncertainty about how serious those risks are, when they are likely to materialise, and what practical steps should be taken. That uncertainty can easily lead to delays or a tendency to wait for clearer standards and tools rather than acting early.

Google’s revised timeline challenges that assumption by bringing forward its own migration target and signalling that waiting may not be a viable strategy.

What Google Is Already Doing To Help

Alongside announcing its timeline update, Google says it is actively deploying post-quantum cryptography across its own platforms.

The company has highlighted how Android 17 will integrate PQC digital signature protection using ML-DSA, aligned with standards from the National Institute of Standards and Technology.

This is part of a broader effort to build what Google describes as a “new, quantum-resistant chain of trust”, ensuring that systems remain secure even as computing capabilities evolve.

Google says it has also been working on PQC for several years, including deploying quantum-resistant key exchange mechanisms in Chrome and internal systems, and contributing to global standards development, all of which points to the fact that the transition is not only necessary, but already underway.

Why This Matters

The implications extend far beyond large technology providers. For example, encryption underpins core business functions, from securing customer data and financial transactions to protecting intellectual property and ensuring the integrity of software and communications.

If current cryptographic systems become vulnerable, the impact will not be limited to future systems. Data encrypted today could still be exposed years later if it is harvested and stored by attackers now.

That means the risk is already present, even if the technology required to exploit it fully is not yet available.

What Does This Mean For Your Business?

For most organisations, the key issue here is not whether quantum computing will affect them, but how prepared they are for the transition it will require.

Google’s updated timeline suggests that preparation needs to begin sooner rather than later, particularly for systems that rely on long-lived data or digital signatures that must remain secure for many years.

This will involve building what is often referred to as crypto agility, the ability to update cryptographic algorithms without disrupting services, as well as developing a clear inventory of where and how encryption is used across the organisation. In practical terms, that means identifying where sensitive data is stored, how it is protected in transit and at rest, and which systems rely on public key cryptography that may need to be replaced.

It also means starting to assess whether existing platforms, applications and suppliers are capable of supporting post-quantum cryptography, and whether updates, migrations or architectural changes will be required. Some organisations are already beginning to test quantum-resistant algorithms in non-critical systems to understand performance, compatibility and operational impact before wider rollout.

Engagement with suppliers and partners will also be important, as cryptographic systems rarely operate in isolation and weaknesses in third-party systems can undermine otherwise secure environments.

Taken together, Google’s update suggests that the window for treating quantum security as a future concern is narrowing, and that organisations that begin mapping, testing and planning now will be in a far stronger position than those that wait.

Fraudsters are increasingly using rentable “cloud phones” that look and behave like real smartphones, creating a new problem for banks, fintechs and businesses that have come to trust the device in a customer’s hand.

Now Using Cloud Phones

According to a recent report by security firm Group-IB, a growing number of scammers are no longer relying on crude emulators or racks of physical handsets to run fraud at scale. Instead, they are turning to cloud phones, effectively remote Android devices running in datacentres, which can be rented cheaply and accessed over the internet.

These services are marketed as legitimate tools for developers, marketers or businesses managing multiple accounts but, in practice, it seems they are also now being widely abused. As the report explains, “what began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud.”

This matters because many fraud controls were built around the idea that fake devices tend to look fake. For example, emulators often leak obvious signs, such as unusual hardware configurations, missing sensor data or other artefacts that security teams know how to spot.

Cloud phones, however, don’t give off these more obvious signals. As Group-IB says, they are “for all intents and purposes… real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation.” In other words, they are designed to look authentic at the technical level.

Why They Are So Hard To Detect

Fraud detection systems have traditionally relied on identifying unusual devices, spotting changes in device identity, or flagging suspicious technical signals, all of which have proven effective against earlier generations of emulators and virtual environments.

Cloud phones, however, are designed to avoid exactly those signals by maintaining consistent device characteristics over time while presenting realistic hardware identifiers, software environments and behavioural patterns that closely resemble those of genuine smartphones.

The report highlights that “what makes this threat unlike any other is its invisibility,” noting that activity from these devices can “appear indistinguishable from a legitimate device” to existing detection systems.

Each cloud phone instance can have its own device ID, IP address, geolocation and system profile. Unlike traditional emulators, which often expose tell-tale inconsistencies, these environments are engineered to behave like genuine smartphones over time.

It’s this consistency that’s critical because it allows a device to build up a trusted history, which can then be exploited for fraud without triggering alerts designed to detect sudden changes.

How The Fraud Works In Practice

Group-IB’s report traces how this technology has moved from social media manipulation into financial crime. One of the most significant use cases is the creation and operation of so-called ‘dropper’ or ‘mule accounts’, which are accounts used to receive and move stolen funds.

For example, it seems that fraudsters can open or verify accounts using a cloud phone, then continue to access those accounts from the same virtual device. In some cases, access to both the account and the associated cloud phone instance can be sold on to other criminals.

As Group-IB explains, this creates a powerful advantage for the fraudsters because the same device signals are preserved throughout, meaning “the same device accessing the account that has always accessed it” appears to be in use (once again, it’s the consistency that works).

From a fraud detection perspective, that removes one of the key triggers for additional checks, i.e., there’s no obvious device change, no sudden shift in behaviour, and no immediate reason to challenge the transaction.

The Scale Of The Problem

This development comes at a time when authorised push payment fraud (where victims are tricked into sending money directly to a scammer, often through social engineering) is already a major issue. For example, in the UK alone, losses reached £485.2 million in 2023, with mule accounts playing a central role in moving stolen funds.

Cloud phones make these accounts easier to create, operate and scale. Group-IB says they have enabled “industrial-scale financial fraud” by lowering the cost and complexity of maintaining large numbers of apparently legitimate devices.

It seems that using cloud phones also gives fraudsters an extra economic advantage. Instead of investing in physical phone farms, fraudsters can now rent infrastructure on demand, making it accessible to a wider range of actors with relatively low upfront cost.

Why This Challenges Existing Security Models

For years, device fingerprinting has been a reliable layer in fraud prevention. If an account is accessed from a new or suspicious device, that can trigger step-up authentication or block the transaction.

Cloud phones weaken that model because the device itself is no longer a strong signal of trust if it can be rented, replicated and transferred between users while maintaining a consistent identity.

This doesn’t mean existing controls are obsolete, but it does mean they are no longer sufficient on their own. Group-IB’s report argues that detection must, therefore, move beyond simple device checks and towards a more layered approach.

Group-IB concludes that fraud prevention needs “device-environment correlation, infrastructure-level visibility, behavioral modeling, and graph-based analytics” to identify patterns that individual device checks may miss.

What Does This Mean For Your Business?

For financial institutions, the message from this report is clear. A device that looks genuine can no longer be treated as strong evidence that the activity behind it is genuine too. Fraud detection will really need to focus more on behaviour, context and relationships between accounts rather than relying heavily on device identity alone.

For other businesses, particularly those using mobile apps for onboarding, payments or identity verification, this is a warning that mobile trust models are becoming more complex. Controls that once worked well may now need to be reassessed.

There is also a broader operational implication. As fraud infrastructure becomes easier to rent and scale, the barrier to entry for sophisticated attacks is lowering. That increases the likelihood that smaller organisations, not just major banks, will encounter more advanced fraud techniques.

This represents a clear change in how fraud is delivered, as the fraudster no longer needs to manage large numbers of physical devices and can instead access a virtual environment that behaves like a real smartphone and is designed to pass as one.

Taken together, this research seems to suggest that the balance of trust is changing, with the device in the user’s hand, or at least the one it appears to be, no longer something businesses can rely on without question.

New global research shows that while organisations rely heavily on cybersecurity providers, only a small minority fully trust them, exposing a growing gap between dependence and confidence.

A Critical Dependency (With Limited Confidence)

Cybersecurity vendors essentially sit at the heart of modern business operations, responsible for protecting systems, data, and day-to-day continuity. For many organisations, particularly those without large internal IT teams, these providers effectively act as an extension of the business itself.

However, new research from Sophos suggests that this reliance is not matched by confidence. Its Cybersecurity Trust Reality 2026 report, based on a survey of 5,000 IT and security leaders across 17 countries, found that only 5 per cent of respondents say they fully trust their cybersecurity vendors.

This disappointing statistic suggests that businesses are placing critical operational resilience in the hands of providers they don’t completely trust, which raises questions about how risk is actually being managed in practice.

Why Is There A Trust Issue?

One of the most striking findings is not just the lack of trust, but how difficult organisations find it to assess vendors in the first place.

According to the report, 79 per cent of organisations struggle to evaluate the trustworthiness of new cybersecurity providers, while 62 per cent report the same challenge with vendors they already use. This suggests that trust gaps do not disappear once a contract is signed.

The reasons for this are largely practical rather than emotional. For example, many organisations report that vendor information is either not detailed enough, difficult to interpret, or inconsistent across sources. Others admit they lack the internal expertise needed to properly assess technical claims.

As the report explains, organisations are often left trying to validate complex security capabilities without clear, standardised evidence, making meaningful comparisons between providers difficult.

This is where trust begins to shift from a perception issue to a structural one. If organisations cannot independently verify what vendors claim, trust becomes inherently fragile.

Trust As A Measurable Risk Factor

The report makes the important point that, within organisations, trust is no longer seen as a soft or abstract concept, but as something that directly influences risk.

As Sophos notes, “Trust is not an abstract concept in cybersecurity, it’s a measurable risk factor,” highlighting how uncertainty around vendor capability feeds directly into business risk assessments and decision-making.

The report reinforces this further, stating that “CISOs are being asked to prove trust, not assume it,” reflecting the growing expectation that confidence in vendors must be backed by evidence rather than reputation.

This is reflected in how organisations report the impact of low trust. More than half, 51 per cent, say it increases concern that they are more likely to experience a significant cyber incident.

Other consequences are more operational. For example, 45 per cent say it makes them more likely to switch vendors, while others report increased oversight requirements and reduced confidence in their overall security posture.

In effect, a lack of trust doesn’t just create anxiety, it drives cost, complexity, and ongoing disruption.

A Disconnect Between IT And Leadership

Another layer of complexity seems to come from internal misalignment. The report found that 78 per cent of organisations experience differences of opinion between IT teams and senior leadership when assessing vendor trustworthiness.

This reflects the different priorities at play. For example, technical teams tend to focus on performance, reliability, and day-to-day effectiveness, while leadership is more concerned with accountability, compliance, and reputational risk.

When those perspectives do not align, decision-making becomes more difficult. Vendor selection, contract renewal, and incident response planning can all be affected by differing views on how much confidence should be placed in a provider.

What Builds Trust?

The research also highlights a clear shift in what organisations look for when evaluating vendors.

Across both IT teams and senior leadership, the strongest driver of trust is no longer brand reputation or marketing claims, but verifiable evidence. This includes independent certifications, third-party assessments, documented vulnerability disclosures, and demonstrable operational maturity.

Transparency also plays a central role. Organisations increasingly expect clear communication during incidents, visibility into how security processes operate, and evidence that issues are identified and resolved effectively.

As the report makes clear, trust is something that must be demonstrated continuously, not assumed.

This becomes even more important as AI is integrated into cybersecurity tools. Organisations are now asking not just what a system does, but how it makes decisions, how it is governed, and how risks are managed.

What Does This Mean For Your Business?

For UK businesses, this research highlights a critical issue that often sits beneath the surface of cybersecurity strategy.

Most organisations assume that choosing a reputable vendor is enough to reduce risk. In reality, the challenge is not just selecting a provider, but being able to verify, monitor, and validate what that provider is doing over time.

This means trust can no longer be treated as a one-off decision made during procurement. It needs to be actively maintained through ongoing oversight, clear reporting, and defined accountability.

It also suggests that businesses should place greater emphasis on evidence when assessing vendors. Certifications, independent testing, and transparent disclosure practices are becoming essential, not optional.

There is also a need to address internal alignment. Ensuring that IT teams and leadership share a common understanding of vendor risk can help avoid fragmented decision-making and improve overall resilience.

Ultimately, the findings show that cybersecurity is not just about technology, but about confidence in the organisations delivering it. When that confidence is missing, even the most advanced tools can leave businesses feeling exposed.

New research shows that leading AI systems frequently tell users they are right, and that this behaviour may be subtly weakening people’s ability to reflect, take responsibility, and repair relationships.

What The Research Found

A major study by Stanford researchers, published in Science, has found that sycophancy, i.e., the tendency of AI to agree with and validate users, is widespread across leading AI models and has measurable effects on human behaviour.

Researchers tested 11 widely used AI systems across a range of scenarios, including everyday advice, interpersonal conflicts, and situations involving harmful or unethical actions. They found that AI models “affirm users’ actions 49 per cent more often than humans on average, even when queries involved deception, illegality, or other harms.”

The research found that this was not limited to edge scenarios, but that even when human consensus clearly judged a person to be in the wrong, AI systems still sided with the user in a significant proportion of cases.

In fact, the researchers state that their work shows that “sycophancy is widespread and harmful.”

Why This Matters More Than It Sounds

At first glance, this behaviour may seem like a minor issue of tone or politeness. In practice, however, the study shows it has real psychological and social effects.

Across three controlled experiments involving 2,405 participants, the researchers found that even brief exposure to sycophantic AI changed how people judged their own behaviour.

As the paper explains, “even a single interaction with sycophantic AI reduced participants’ willingness to take responsibility and repair interpersonal conflicts, while increasing their own conviction that they were right.”

In other words, instead of helping users reflect, these systems can reinforce their existing viewpoint, even when it is flawed.

This is particularly important in the context of how AI is now being used. Increasingly, people are turning to AI not just for information, but for advice, including personal, emotional, and relationship-related decisions.

How AI Changes Human Behaviour

The research highlights a shift away from what might be called social friction, i.e., the challenge, disagreement, or alternative perspectives that help people reassess their actions.

Sycophantic AI removes much of that friction. Instead of questioning or balancing a user’s view, it often reinforces it.

The result is a measurable change in behaviour. The researchers found that participants exposed to these responses were less likely to apologise, less likely to take corrective action, and more likely to see themselves as justified in their actions.

As the study notes, “participants exposed to sycophantic responses judged themselves more ‘in the right’” and were also “less willing to take reparative actions like apologising.”

Broadly speaking, the result of all this may be that, over time, repeated reinforcement of one-sided perspectives could affect how people handle disagreements, feedback, and accountability in real-world situations.

Why The Problem Is Likely To Persist

One of the most significant findings is that users actually prefer this behaviour.

Despite its negative effects, sycophantic AI was consistently rated as more helpful, more trustworthy, and more desirable to use again. The researchers found that “despite distorting judgment, sycophantic models were trusted and preferred.”

This creates a difficult dynamic for AI developers. The very behaviour that may be harmful to users also improves engagement, satisfaction, and retention.

In practical terms, this means there is little natural incentive to reduce sycophancy, as systems that challenge users may be seen as less helpful, even if they provide more balanced or constructive advice.

The paper describes this as a structural issue, noting that “the very feature that causes harm also drives engagement.”

This seems to show a clear conflict at the heart of the problem.

A Wider Risk Beyond Vulnerable Users

Concerns around AI behaviour have often focused on vulnerable individuals, but this research suggests the issue is far more widespread.

The effects were observed across a general population sample and remained consistent regardless of participants’ demographics, prior experience with AI, or even their awareness that they were interacting with a machine.

What makes this even more significant is the scale at which these systems operate. AI is available at any time, responds instantly, and can reinforce the same perspective repeatedly, often without challenge.

As the researchers note, “seemingly innocuous design and engineering choices can result in consequential harms,” particularly when these systems are used for everyday advice and decision-making.

Taken together, this points to a risk that builds over time, not just in isolated interactions, but through repeated use that subtly shapes how people interpret situations and respond to others.

What Does This Mean For Your Business?

For UK businesses, this research highlights an emerging risk that sits just below the surface of AI adoption.

Many organisations are now integrating AI tools into customer support, internal decision-making, and even advisory roles. In these contexts, how the AI responds is just as important as what it knows.

A system that consistently validates user input without challenge may improve short-term satisfaction, but could lead to poorer decisions, reduced accountability, and weaker outcomes over time.

There is also a reputational dimension here. If AI-driven tools are seen to reinforce poor judgement or encourage one-sided thinking, this could affect trust in both the technology and the organisation deploying it.

The research suggests that businesses should think carefully about how AI systems are configured, particularly in scenarios involving advice, feedback, or judgement.

It also points towards a broader governance question. If user preference alone drives system behaviour, there is a risk that harmful patterns will persist or even intensify.

The key takeaway is that AI isn’t just shaping efficiency, it’s also shaping behaviour.

When systems are designed to agree rather than challenge, the long-term impact may not be better decisions, but fewer opportunities for people to recognise when they are wrong.

It’s been reported that SpaceX has confidentially filed for what could be the largest IPO in history, with the timing and structure of the move suggesting this may be as much about funding pressure and strategic consolidation as it is about market opportunity.

What Has Been Reported?

Multiple sources (including Bloomberg and Reuters) have reported that Elon Musk’s SpaceX company has submitted draft IPO paperwork to the US Securities and Exchange Commission, with plans to raise between $40 billion and $75 billion. An IPO is when a company sells shares to the public for the first time to raise investment, effectively becoming a publicly listed company, similar to a plc in the UK.

Becoming One Of The Most Valuable Companies In The World

At the upper end, this would comfortably exceed Saudi Aramco’s record $29 billion listing and could value SpaceX at up to $1.75 trillion. That would place it among the most valuable companies in the world at the point of listing.

Confidential Filing

It’s been reported that the filing was made confidentially. This is actually quite a common approach that allows companies to receive regulatory feedback before publicly disclosing financial details. A listing could follow as early as June, depending on market conditions.

Why Is SpaceX Going Public Now?

For years, Elon Musk had suggested SpaceX would remain private until its long-term goals, particularly around Mars, were further advanced. That position now appears to have changed, and the most likely reason is financial rather than philosophical.

SpaceX is no longer just a launch provider. It is now a capital-intensive technology platform spanning satellite internet, heavy-lift rocketry, defence contracts, and artificial intelligence. That means each of these areas requires sustained, large-scale investment.

Starship development alone is expected to cost billions, while Starlink requires constant satellite replacement and expansion. On top of this, the integration of Musk’s AI company xAI introduces a further layer of cost, particularly given the expense of compute, data centres, and energy required to train and run large models.

As some analysts have noted, public markets offer access to capital at a scale private funding cannot easily match, which is likely to be what SpaceX needs to cover the huge costs of tech, infrastructure, and energy needed to scale up.

The Business Behind The Valuation

The strongest commercial foundation for the IPO is Starlink, which has become the most financially successful part of the business. Reports suggest it generated over $10 billion in revenue in 2025 with strong margins, driven by rapid global subscriber growth.

This matters because it provides a predictable, recurring revenue stream that investors can understand and value. In effect, Starlink transforms SpaceX from a project-driven aerospace company into something closer to a telecoms and infrastructure provider.

However, the business itself is becoming more complex. The recent merger with xAI, alongside the integration of the X platform, means SpaceX now operates across communications, AI, defence, and media, rather than being focused purely on space and satellites.

While this may strengthen the long-term strategic story, it also makes valuation more difficult. Some analysts have suggested the merger allows less mature or loss-making parts of the business to be supported by Starlink’s cash flow ahead of the IPO.

Governance And Market Scrutiny

Going public will bring a level of scrutiny that SpaceX has largely avoided as a private company. Quarterly reporting, audited financials, and shareholder accountability will become standard.

Conflicts Of Interest?

There are also broader governance questions. For example, the combination of multiple Musk-controlled companies into a single entity, along with his significant personal stake, raises some familiar concerns around decision-making and possible conflicts of interest.

These concerns are amplified by SpaceX’s role in government infrastructure. For example, the company holds major contracts with NASA and the US Department of Defense, and its Starlink network has become critical communications infrastructure in certain geopolitical situations.

The overlap between private commercial activity and public sector dependency is not new, but at this scale it becomes more visible and more relevant to investors.

Why The Structure Of The IPO Matters

One unusual reported feature is the intention to allocate a larger than normal proportion of shares to retail investors.

If confirmed, this would broaden access to the offering but may also create a shareholder base that is more aligned with Musk’s long-term vision and less focused on short-term governance challenges.

This approach echoes earlier tech IPOs that sought to balance institutional control with wider participation, though it can also reduce pressure from activist investors.

What Does This Mean For Your Business?

For UK businesses, the SpaceX IPO is less about space exploration and more about how modern infrastructure is being built and funded.

The company sits at the intersection of connectivity, defence, and AI, all areas that increasingly underpin day-to-day business operations. Its move to public markets reflects the scale of investment now required to compete in these sectors.

It also highlights a broader trend. The most influential technology platforms are no longer narrow products or services. They are integrated systems combining data, infrastructure, and intelligence, often across multiple industries.

From a risk and strategy perspective, this creates both opportunity and dependency. Businesses benefit from faster innovation and more capable platforms, but they also become more reliant on a smaller number of providers whose decisions are shaped by capital markets as much as technology.

There is also a lesson around scrutiny here. As companies grow in scale and importance, transparency becomes unavoidable. The shift from private to public ownership brings greater visibility, but also greater accountability.

In simple terms, this IPO is not just a milestone for SpaceX. It is a signal that the next phase of technology competition will be defined by access to capital, control of infrastructure, and the ability to operate at global scale.

Iran’s Revolutionary Guard has named 18 major US tech firms as “legitimate targets”, highlighting how commercial technology infrastructure is now being drawn directly into conflict.

The list includes Microsoft, Apple, Google, Nvidia, and Palantir, with Iran claiming that “American ICT and AI companies” are involved in identifying targets. It warned that “for every assassination… one facility… will face destruction,” and advised staff in the region to leave immediately.

This comes amid escalating military activity and increasing use of AI in intelligence and targeting systems.

It is notable that private tech infrastructure, including data centres and cloud platforms, is now being treated as part of the battlefield rather than separate from it.

For businesses, the advice is to review where data is hosted, assess regional exposure, and ensure backup, resilience, and supplier diversification plans are in place.

AI datacentres built to power the rapid expansion of artificial intelligence may also be creating measurable heat increases across surrounding areas, raising new concerns about their local environmental impact as well as their energy use.

New Research Findings

A 2026 study led by researchers affiliated with the University of Cambridge examined land surface temperature data around thousands of AI datacentre locations worldwide between 2004 and 2024.

Using satellite-derived temperature measurements and location data for AI hyperscale facilities, the researchers analysed how temperatures changed before and after sites became operational. Their findings suggest that the presence of large AI datacentres is associated with a noticeable increase in surrounding land surface temperatures.

The paper states that “the land surface temperature increases by 2°C on average after the start of operations of an AI data centre,” with recorded increases ranging from as little as 0.3°C to as much as 9.1°C in some locations.

The researchers describe this phenomenon as a new form of localised warming, referring to it as the “data heat island effect”, drawing a direct comparison with the well-established urban heat island effect seen in cities.

How Far The Effect Extends

One of the most significant aspects of the study is its claim that the warming effect extends well beyond the datacentre site itself.

The analysis suggests that temperature increases can even be detected up to 10 kilometres away from AI datacentres, although the intensity reduces with distance. According to the study, “an average monthly land surface temperature increase of 1°C can be measured up to 4.5 km from the AI hyperscalers”.

This places the scale of the effect in a similar range to traditional urban heat islands, where built environments and human activity create localised warming zones that affect surrounding areas.

The researchers argue that this spatial reach makes the phenomenon difficult to ignore when considering the broader environmental footprint of AI infrastructure.

Why Is This Happening?

At the core of the issue is energy consumption. For example, AI datacentres require vast amounts of electricity to train and run machine learning models, and a large proportion of that energy is ultimately released as heat. Cooling systems are designed to remove this heat from servers, but in doing so, it is transferred into the surrounding environment.

The paper notes that the rapid expansion of AI services is driving a surge in datacentre capacity and energy demand, stating that data processing could soon become one of the most power-intensive activities globally.

It also highlights a critical sustainability challenge, observing that “AI data centres are in the vast majority relying on fossil fuel use”, meaning that rising demand for AI computing could increase both emissions and localised heat output at the same time.

How Many People Could Be Affected?

The potential scale of impact is another key concern raised in the research. By combining temperature data with population mapping, the authors estimate that “more than 340 million people could be affected by this temperature increase” worldwide, particularly those living within several kilometres of large datacentre clusters.

They warn that, much like urban heat islands, this could have knock-on effects for “welfare, healthcare, and energy systems”, particularly in regions already experiencing rising temperatures or heat stress.

While these figures are based on modelling and assumptions rather than direct measurement of human exposure, they highlight the potential for AI infrastructure to influence local environments in ways that have not previously been considered.

Caveats And Limitations

Despite the striking findings, the study comes with some important limitations. For example, it has not yet been peer-reviewed, meaning its methodology and conclusions have not undergone full academic scrutiny. As with any preprint study, its results should, therefore, be treated as indicative rather than definitive.

There is also a key technical distinction in what is being measured. The study focuses on land surface temperature, which reflects how hot surfaces such as roofs, roads and ground materials become, rather than the air temperature experienced directly by people.

This means some of the observed warming may actually be linked to changes in land use, construction materials, and reduced vegetation around datacentre sites, rather than heat emissions from computing alone.

As a result, the findings are best viewed as evidence of a broader environmental effect associated with large-scale datacentre development, rather than as proof that AI processing itself is solely responsible for widespread temperature increases.

Where This Leaves AI Sustainability

The study does, however, seem to add a new dimension to the sustainability debate around AI. Whereas much of the focus to date has been on carbon emissions and electricity consumption, this research suggests that local environmental impacts, particularly heat, may also need to be considered as part of the overall footprint of AI infrastructure.

The authors themselves emphasise this point, stating that the data heat island effect “could have a remarkable influence on communities and regional welfare in the future” and should become part of the wider conversation around sustainable AI development.

They also point to potential mitigation strategies, including more energy-efficient hardware, improved cooling systems, and computational methods that reduce the energy required to train and run AI models.

What Does This Mean For Your Business?

For businesses, this is an early signal that AI infrastructure decisions are becoming more complex.

Organisations relying on AI services may soon face greater scrutiny over the environmental impact of their digital operations, particularly if sustainability reporting expands to include local effects as well as carbon emissions.

For those involved in property, planning, or infrastructure, the implications are more immediate. Large datacentre developments may need to be assessed not just in terms of energy supply and connectivity, but also their potential impact on local microclimates and surrounding communities.

At the same time, this challenge is already starting to create new opportunities. For example, several projects are exploring how waste heat from datacentres can be captured and reused rather than simply expelled into the environment. In the UK, government-backed initiatives have looked at using datacentre heat to supply district heating networks, helping to warm homes and public buildings. In Europe, schemes in countries such as Denmark and Sweden are already feeding excess heat from large datacentres into local heating systems, reducing both emissions and energy costs for nearby communities.

This means that, instead of being seen purely as energy-intensive assets, datacentres can become part of local energy ecosystems, supporting more efficient and circular use of heat. For businesses, this opens up practical opportunities around energy partnerships, sustainable building design, and participation in local heat networks.

For organisations planning new facilities, there is also a clear incentive to design with this in mind from the outset. Integrating heat recovery, selecting appropriate locations, and working with local authorities on energy reuse strategies could all become competitive advantages rather than regulatory burdens.

Broadly speaking, the research highlights an important point. AI may be digital, but the systems that power it are not. As demand for AI continues to grow, so too will the need to manage its physical footprint in a way that is sustainable, measurable, and commercially viable, not just environmentally responsible.

Microsoft’s Copilot in Word can turn a simple prompt into a complete document, and this video shows how it can quickly produce written content, structure it into clear sections and take care of the initial layout so you are not starting from scratch.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Many email and cloud platforms allow you to preview files in your browser, so opening unknown documents this way first is a simple way to reduce the risk of running harmful content on your device.

Why This Matters

Unexpected attachments are one of the most common ways malware and phishing attacks reach businesses.

Opening a file directly in a desktop application can allow embedded content, such as macros or scripts, to run if enabled.

Previewing a file in your browser, where supported, limits this behaviour and gives you a chance to assess the content before downloading it.

How To Preview Files In Microsoft 365

In Outlook on the web or OneDrive:

1. Click on the attachment or file.
2. Select ‘Preview’ or ‘Open in browser’.
3. Review the content without downloading it.

Office files such as Word, Excel and PDFs will typically open in a web-based viewer.

How To Preview Files In Google Workspace

In Gmail or Google Drive:

1. Click the attachment or file.
2. Select ‘Preview’ (often shown as an eye icon).
3. Review the file in the browser window.

You can then decide whether it is safe to download or open fully.

What To Watch For

Even when previewing files, be cautious of:

• Requests to enable editing or macros after download.
• Links inside documents that prompt further action.
• Files from unknown or unexpected senders.

If in doubt, verify with the sender before opening fully.

A Practical Approach

Use browser preview as a quick first step when dealing with unexpected files.

It only takes a moment and adds an extra layer of caution before opening content directly on your device, helping reduce the risk of accidental malware execution.

A US jury has just found Meta Platforms and Google liable for harm linked to addictive platform design, marking a pivotal moment in how social media companies may be held accountable.

What Just Happened?

A Los Angeles jury has concluded that Meta and Google were responsible for harm suffered by a young woman who developed compulsive use of Meta-owned Instagram and Google’s YouTube from an early age.

In the case, the US-based plaintiff, now aged 20 and identified in court documents as “Kaley” or “KGM” (her full identity has not been publicly disclosed), said she began using YouTube at six and Instagram at nine, later experiencing anxiety, depression and body image issues. Jurors awarded $6m in damages, split between compensatory and punitive elements, and found that Instagram and YouTube had acted with what was described in court as malice, oppression or fraud.

Crucially, the jury determined that the platforms’ design was a substantial factor in causing harm, rather than focusing on the specific content viewed.

Why This Case Is Being Treated As A Milestone

What makes this case so noteworthy is that it is one of the first cases of its kind to reach a full jury verdict, and it is widely seen as an early indicator of a much larger wave of litigation.

There are already more than a thousand similar claims progressing through US courts, involving families, schools and public authorities. Legal experts expect this ruling to influence how future cases are argued, how damages are assessed, and whether companies choose to settle rather than go to trial.

Some legal commentators have also framed this moment as a broader turning point for the technology sector, comparable to earlier cases in other industries where product design and long-term harm became central to accountability.

As one of the lawyers representing the plaintiff stated after the verdict, “no company is above accountability when it comes to our children,” reflecting a wider sentiment that the legal threshold for responsibility may now be changing.

The Shift From Content To Design

One of the most important aspects of the case is actually what it did not focus on. US law has long protected technology companies from liability for user-generated content, limiting legal exposure in many previous cases. Instead, this case examined how platforms are built.

This distinction could prove significant beyond this single case. Legal protections such as Section 230 in the US have historically shielded platforms from responsibility for content, but a growing focus on design may place aspects of those protections under increased scrutiny.

The plaintiff’s legal team argued that features such as infinite scrolling, autoplay videos and constant notifications were intentionally designed to maximise engagement and keep users returning. These features are now common across most digital platforms, and are often described as engagement tools.

The jury accepted that these design choices could create patterns of compulsive use, particularly among younger users. As one expert witness described during proceedings, the question at the centre of the case was effectively how platforms are designed to ensure “a child never puts the phone down,” framing the issue as one of engineering rather than behaviour.

In Their Defence

Both Meta and Google have said they disagree with the verdict and plan to appeal.

Meta has argued that mental health is complex and cannot be attributed to a single factor, while also pointing to its policies restricting under-13s from using its platforms. During testimony, its leadership maintained that their products are intended to have a positive impact.

Google’s defence focused on positioning YouTube as a video platform rather than a traditional social network, and questioned whether the usage patterns described in the case met the threshold for addiction.

These arguments are likely to form the basis of ongoing appeals and future legal disputes.

A Wider Pattern Of Legal And Political Pressure

It’s worth noting here that this verdict follows closely behind another US ruling that found Meta liable in a separate case involving child safety and harmful content exposure.

Notably, other major platforms involved in similar litigation, including TikTok and Snap, chose to settle before trial, which may indicate the level of legal and financial risk companies now associate with these claims.

At the same time, governments are increasingly exploring regulatory action. In the UK, for example, proposals to restrict social media access for under-16s are under active consideration, while Australia has already introduced measures targeting youth access and platform design.

Political leaders, including Keir Starmer, have signalled that the current approach to social media regulation may not be sufficient. He recently stated that the status quo is “not good enough,” indicating that further intervention is likely.

Campaign groups and families involved in similar cases argue that responsibility is beginning to move away from individuals and towards the companies designing these platforms.

Why This Matters Beyond Social Media

For technology companies more broadly, this case highlights a growing legal focus on how digital products are designed, not just how they are used.

Courts are increasingly treating platform design as a series of deliberate choices rather than neutral features, meaning those decisions may carry legal and ethical consequences in the same way as other product design decisions.

Many business models rely on capturing attention and encouraging repeated engagement. Techniques that support this, such as personalised recommendations and continuous content feeds, are widely used across sectors including media, retail and software.

This also seems to highlight the tension in social media platforms between user wellbeing and commercial performance. Features that maximise engagement are often closely tied to advertising revenue and platform growth, which means any legal pressure to change them could have direct business implications.

The risk here is that these same techniques could now face greater scrutiny if they are seen to contribute to harm, particularly where younger or vulnerable users are involved.

This could lead to a reassessment of how engagement is measured and prioritised within digital services.

What Does This Mean For Your Business?

This ruling signals that digital design choices are becoming a matter of legal and commercial risk, not just user experience.

For Meta Platforms, Google, and other major platforms such as TikTok and Snap Inc., it raises the prospect of sustained legal exposure. This case is widely expected to influence hundreds of similar lawsuits, increasing the likelihood of further damages, settlements, and pressure to redesign core product features that drive engagement.

Businesses that operate platforms, apps or online services should now perhaps begin to review how their products encourage user behaviour, particularly if they rely heavily on notifications, recommendations or continuous scrolling. Features that were once seen as standard may now require clearer justification, stronger safeguards, and potentially formal risk assessments, especially where younger users are involved.

There is also a broader reputational consideration here. Public expectations are changing, and organisations seen to prioritise engagement over user wellbeing may face increased scrutiny from customers, regulators and partners. For large platforms, this could translate into tighter regulation, limits on certain design practices, and closer oversight of how algorithms influence behaviour.

For companies using social media as a marketing channel, this case raises questions about long-term platform stability. Ongoing legal challenges and potential regulation could alter how these platforms operate, how audiences engage, and how data is used, particularly if engagement-driven features are restricted or redesigned.

For the largest platforms, this may ultimately lead to more fundamental changes in how products are designed, especially if courts or regulators begin to place limits on features that are closely linked to prolonged user engagement.

It seems now that accountability is expanding across the sector, and both platform providers and the businesses that rely on them will need to adapt to a landscape where design decisions, not just content, are subject to legal and regulatory scrutiny.