A major new study has revealed that 78 per cent of (US) public sector organisations are still operating with serious, unresolved software security flaws, some of which have persisted for over five years.

Report Uncovers Widespread “Security Debt”

The findings come from US-based application risk management firm Veracode’s Public Sector State of Software Security 2025 report, released on 11 June. Based on an analysis of over 1.3 million software applications and 126 million security findings, the research highlights the extent to which government organisations in the US are falling behind on basic software vulnerability management.

According to the report, a massive 78 per cent of (US) public sector bodies are running with unresolved flaws that have remained open for more than a year, a situation Veracode refers to as “security debt”. In more than half of these organisations, the report identifies critical vulnerabilities with high risk potential that have still not been addressed.

Fixing Flaws Takes Far Longer in Government

One of the clearest indicators of the public sector’s struggle appears to be the time it takes to resolve these software issues. For example, the report shows that government bodies take an average of 315 days to fix just half of their identified software vulnerabilities. This is far higher than the cross-industry average of 252 days, which is already considered too slow by many cybersecurity experts.

That 63-day gap may sound modest, but Veracode warns it opens up a significant attack window. This is because these flaws, often in applications delivering essential services, could be exploited by attackers for months at a time. In some cases, flaws are left unresolved for multiple years. As the report shows, around one-third of vulnerabilities in US government software remain unpatched even after two years, and 15 per cent are still unresolved after five.

Chris Wysopal, Chief Security Evangelist at Veracode, described the situation as a systemic failure to keep pace with risk, saying: “Many government organisations are facing growing challenges in keeping up with vulnerability remediation, potentially leaving critical systems and data that run essential government services exposed.”

Which Public Sector Organisations?

The report encompasses a wide range of public sector bodies, including US federal, regional, and local government departments, as well as agencies responsible for education, healthcare, law enforcement, and infrastructure. While the specific organisations are not named, the findings indicate a sector-wide problem that spans multiple tiers of government.

Public-facing applications and internal administrative systems are both affected, with legacy software and fragmented IT infrastructure frequently cited as contributing factors. The report also shows that larger and more complex organisations tend to perform worse, particularly where digital transformation has lagged.

Is the UK Public Sector Facing the Same Risks?

Although Veracode’s report focuses specifically on the US, many of the challenges it identifies appear to be mirrored in the UK.

For example, according to a recent National Audit Office (NAO) report, 58 critical UK government IT systems still have significant cyber-resilience gaps, with 228 legacy systems running without full knowledge of their vulnerabilities. The NAO also highlighted that one in three cybersecurity roles in government remains vacant or is filled by temporary staff, suggesting a widespread skills shortage similar to that seen in the US.

Also, recent cyber incidents have highlighted the risks. For example, back in May, a breach at the Legal Aid Agency exposed the personal data of over 2 million individuals. The British Library and parts of the NHS have also suffered serious service disruptions due to ransomware attacks, often linked to outdated infrastructure.

Unlike Veracode’s report, there is currently no published UK data showing the average time it takes public sector bodies to fix software vulnerabilities. However, the reliance on legacy systems, combined with under-resourced security teams and a reactive approach to patching, strongly suggests that vulnerability resolution timelines in the UK are also prolonged.

That said, the UK Government has begun taking steps to address the issue. For example, a new Cyber Security and Resilience Bill is set to tighten breach reporting requirements and enhance supply chain security. Also, the NCSC’s GovAssure programme is now auditing critical departments, and £1 billion has been pledged to improve cyber capacity across public services. However, progress has been slow, and experts have raised concerns about how effectively these initiatives are being implemented.

In the absence of specific figures, it remains difficult to compare the scale of UK security debt directly with the US, however the warning signs are there and the structural issues look strikingly familiar.

Open Source and Third-Party Code a Major Weak Point

While most flaws are found in first-party applications, it seems that the most dangerous and persistent problems come from open-source and third-party code. Interestingly, although these components make up less than 10 per cent of total public sector software, they account for 70 per cent of the critical security debt in government systems.

To make matters worse, flaws in third-party code take around 50 per cent longer to fix than those in software developed internally. As organisations increasingly rely on open-source libraries and packages, this gap presents a growing threat.

“This disproportionate risk highlights the importance of securing software supply chains and carefully vetting open-source dependencies,” said Wysopal. “Without extending visibility and remediation efforts beyond internal code, public sector entities risk leaving the most dangerous flaws unaddressed.”

Some Agencies Are Far Ahead of Others

The report appears to highlight a stark disparity between the best and worst performing organisations. In the top 25 per cent of public sector bodies, just one-third of applications contain flaws. These leading agencies resolve half of their issues within 3.3 months and manage to fix over 9 per cent of flaws per month. The report shows that by contrast, the worst 25 per cent have flaws in every application tested, with less than 0.1 per cent fixed each month and average remediation times exceeding 11 months.

Wysopal highlights how this gap raises serious questions about leadership, resource allocation, and operational culture across the public sector, saying: “The disparity between top and bottom-performing government organisations is striking and raises important questions about the factors that make a material difference to security posture.”

What’s Causing the Problem?

The report suggests a number of causes behind the growing backlog. These include underinvestment in software development security (AppSec) tools, overreliance on legacy systems, and a lack of skilled personnel to address vulnerabilities at scale.

Another issue is that vulnerability scanning is often performed late in the development lifecycle, when flaws are more costly and time-consuming to fix. Without ongoing analysis and integration into development workflows, issues tend to accumulate and are eventually deprioritised due to competing pressures.

Compounding this appears to be the rapid adoption of AI-generated code. While generative AI can speed up development, it can also introduce subtle but serious vulnerabilities if not properly reviewed. Veracode warns that comprehensive open-source analysis is more essential than ever to prevent hidden flaws from slipping through.

How Can Public Sector Bodies Respond?

Veracode is urging public sector organisations to modernise their approach by adopting risk-based remediation strategies and automating more of the security process. Key recommendations include:

– Implementing context-driven security posture management, which prioritises the most exploitable vulnerabilities using insights from multiple tools and data sources.

– Establishing continuous scanning, integrated into the full development lifecycle, so that flaws are caught earlier and fixed faster.

– Supporting developer enablement, giving teams the training and tools they need to identify and address issues proactively.

According to the report, the most effective and cost-efficient way to reduce security debt is to prevent it from accumulating in the first place.

Risks for the Public, Service Delivery, and Compliance

While the problem is technical in nature, the impact appears to extend far beyond IT departments. For example, vulnerabilities in public sector software can put sensitive public data at risk, disrupt essential services, and erode public trust. In sectors like healthcare and social services, the consequences of a breach could be devastating.

There are also compliance implications. For example, governments are increasingly subject to cybersecurity regulations requiring evidence of secure coding practices and risk mitigation. Persistent security debt may put some organisations in breach of data protection obligations or national security protocols.

A Complex Challenge, but Improvement Is Possible

Despite the bleak statistics, Veracode’s analysis makes clear that progress is achievable and that top-performing agencies prove that meaningful improvement can be made with the right strategy, investment, and organisational buy-in.

The challenge now appears to be for lagging organisations to assess their security maturity, identify the operational and cultural blockers to faster remediation, and make the structural changes needed to reduce their exposure to risk.

What Does This Mean For Your Business?

For governments, the consequences of inaction are no longer theoretical. The exposure created by slow patching and ageing systems is already being exploited by cybercriminals. Also, for the public, the stakes are growing, whether through data loss, service disruption, or erosion of trust in digital government services. What Veracode’s report makes clear is that the organisations getting this right are not doing so through luck or scale, but through deliberate prioritisation and operational focus.

In the UK, many of the same systemic issues are clearly visible. Critical infrastructure is still running on unsupported legacy platforms, key security roles remain unfilled, and cyber incidents linked to outdated systems are becoming more frequent. Without hard data on vulnerability resolution times or the extent of open-source debt, public sector bodies are left guessing where their greatest risks lie and how they compare to their peers.

This gap also affects the wider network of software vendors and contractors. UK businesses that supply the public sector will need to meet rising expectations around security assurance and may face tighter scrutiny as new legislation and procurement rules come into force. At the same time, private sector organisations can use these findings as a benchmark, both to avoid the same mistakes and to identify opportunities to lead in secure development practices.

The core message here is that software risk is measurable, manageable, and no longer optional. Delays in addressing known flaws are not just a technical lapse but an operational liability, with real consequences for services, compliance, and reputation. Whether in the US or UK, the longer these gaps are left open, the harder and costlier they become to close.

In this Tech Insight, we look at how Apple used its annual WWDC event to unveil some major software updates, a striking new Liquid Glass design, and expanded AI tools for developers across its platforms.

Focus on New Website Features and Developer Tools

Held at Apple Park in Cupertino, California, WWDC 2025 brought developers and media together for the company’s yearly June event. As expected, the focus was on new software features and developer tools rather than hardware. The announcements spanned iOS, macOS, watchOS, visionOS, tvOS and iPadOS, alongside incremental upgrades to AirPods, CarPlay and Apple Wallet. However, while some Apple Intelligence features were expanded, Siri was notably absent, raising questions about Apple’s positioning in the increasingly competitive AI market.

Introducing ‘Liquid Glass’ Design and a New Naming Convention

One of the standout changes announced at WWDC 2025 was Apple’s complete visual overhaul of its operating systems. A new design language called Liquid Glass will replace the current aesthetic across iOS, iPadOS, macOS and visionOS.

The new interface uses semi-translucent, reflective elements that respond to lighting and context, creating what Apple describes as a more immersive and natural user experience. Context menus, alerts and backgrounds now blend with the device’s environment. Apple confirmed that this marks the most significant visual shift since iOS 7 back in 2013.

Alongside this, Apple also announced it would abandon sequential numbering for its OS versions. Instead, the 2025 releases will all carry the year in their names. This means users will see iOS 26, macOS 26 (also known as macOS Tahoe), watchOS 26, and so on.

Apple Intelligence Expands, but Siri Delays Raise Concerns

Apple made several announcements about its Apple Intelligence initiative (first introduced at WWDC 2024). This year, the company extended AI features to more apps and functions, positioning privacy-friendly on-device intelligence as a central part of the user experience.

Visual Intelligence Enhances Screen Awareness

A key update is Visual Intelligence, an AI tool that analyses screen content and lets users interact with what they’re viewing. For example, users can tap on a photo of a restaurant and get more details via Google, ChatGPT or supported apps. It can also detect events and suggest adding them to the calendar, automatically extracting date, time and location information.

Live Coaching, Translation and Smarter Shortcuts

It seems that Apple Watch users will be getting a new AI-powered workout coach called ‘Workout Buddy’. It uses personal fitness history and real-time performance data to deliver motivational voice feedback during exercise. Also, ‘Live Translation’ enables real-time, on-device translations across Messages, FaceTime and phone calls, displaying captions or speaking translations aloud depending on the context.

Apple’s Shortcuts app has also been upgraded. For example, users can now add intelligent actions, such as text summarisation or image generation, powered by Apple Intelligence. These can be run entirely on-device or use Apple’s Private Cloud Compute when needed, preserving user privacy.

Developers Gain Direct Access to On-Device Models

In what could be described as quite a significant shift, Apple announced the Foundation Models framework, giving developers access to its on-device large language model. For example, with native Swift support (developers using Apple’s language to build apps easily), apps can now integrate Apple Intelligence features like summarisation or natural language commands using as little as three lines of code.

As highlighted by Craig Federighi, Apple’s Senior Vice President of Software Engineering: “Now, the models that power Apple Intelligence are becoming more capable and efficient, and we’re integrating features in even more places across each of our operating systems.”

Siri Upgrades Still Missing in Action

Despite the expanded AI rollout, many attendees had been expecting a major upgrade to Siri. Instead, Apple confirmed delays to its next-generation voice assistant. Federighi admitted that the improvements had not reached the level of reliability Apple wanted, saying: “We weren’t able to achieve the reliability in the time we thought.”

This absence was widely noted and may add pressure to Apple’s position in the AI race. For example, while competitors like OpenAI, Google and Microsoft continue to push forward with conversational agents, it seems that Apple’s flagship assistant remains largely unchanged for now.

iOS 26 Brings Visual Overhaul and AI Features

iOS 26 was positioned as Apple’s flagship release, introducing Liquid Glass and a more adaptive Lock Screen and Home Screen experience. Key additions include contextual widgets, smarter Spotlight search with task-aware results, and updates to Messages such as AI-suggested polls and live translation. There are also enhanced privacy controls and accessibility tools.

A redesigned Control Centre and greater customisation options round out the update. Users can also activate features like Visual Intelligence directly from the Action button or screenshot shortcuts.

Also, Apple’s new child safety features will now require parental approval before children can communicate with new contacts, reflecting growing concern over online safety. Developers will also have access to a new ‘PermissionKit’ to implement similar controls within their apps.

macOS 26 ‘Tahoe’ and Spotlight Upgrades

The macOS 26 update, codenamed Tahoe, brings the Liquid Glass interface to Mac alongside new Spotlight functionality. Users can now trigger app actions directly from Spotlight, such as playing music, starting a workout or adding tasks to Notes.

The new theme options and improved menu navigation are designed to appeal to productivity users, while the expanded Shortcuts integration introduces AI-generated actions. macOS Tahoe will also be the last major version supported on Intel-based Macs, marking the end of an era as Apple completes its transition to Apple Silicon.

Multitasking Redefined on iPadOS 26

iPadOS 26 delivers a long-awaited overhaul to multitasking. For example, Apple says that users can now resize app windows more freely and reposition them anywhere on the screen, bringing the iPad experience closer to macOS. Developers will have to opt in to support the new features, but the system is reportedly intuitive and flexible.

Other changes include the arrival of the Journal app on iPad, new Apple Pencil features for image markup, and enhanced export options for creative users. Also, preview tools now allow users to inspect and annotate files more like on desktop platforms.

Vision Pro Gains New Accessories and Software Updates

visionOS 26, Apple’s latest operating system for its Vision Pro headset, brings new spatial widgets and easier profile switching to the headset. Apple also confirmed compatibility with the PlayStation VR2 Sense controller and a new Logitech Muse stylus. These accessories are intended to boost adoption of the device among gamers, designers and engineers.

Also, it seems that Persona avatars, previously criticised for their unnatural look, have been refined to look more realistic, while support for more third-party input devices reflects Apple’s efforts to expand the Vision Pro’s ecosystem.

watchOS 26 and tvOS 26: Subtle but Useful Enhancements

Apple also announced that as part of watchOS 26 (an update for Apple Watch), the Liquid Glass update introduces the Workout Buddy AI feature for real-time coaching. A new flick gesture enables users to interact with the watch without touching the screen, improving accessibility.

Also, tvOS 26 now focuses on usability, introducing faster profile switching, a sleeker interface and a karaoke feature. AirPods also now gain studio-quality audio recording and camera remote capabilities, making them more useful for content creators and on-the-go users.

New Apps and Smaller Updates

Apple also announced a new dedicated Games app for iOS and iPadOS. The app functions as a hub for tracking achievements, joining challenges and inviting friends to multiplayer sessions. Social features like “Play Together” aim to make gaming more collaborative on Apple platforms.

Apple Maps now uses on-device learning to suggest commute-based routes, while Apple Wallet will summarise delivery and tracking updates using AI. Podcast users can now listen at up to 3x playback speed, and News gains a new emoji-based trivia game.

Developer Tools and Global Expansion

A key announcement for developers was the expanded access to Apple’s foundation models. For example, developers can now build AI features directly into their apps using the on-device model, without relying on external APIs. The models support Swift and include built-in tools like tool calling and guided generation.

Apple also confirmed that Apple Intelligence will expand to eight more languages later this year, including Danish, Dutch and Turkish, with availability dependent on local laws and device compatibility.

A New Generation of Experiences?

After trailing behind rivals on AI, it seems that at this year’s WWDC, Apple doubled down on privacy-focused, on-device intelligence that integrates directly into apps and workflows. By opening up its core models to developers, it may be hoping to spark a new generation of experiences that differentiate its ecosystem.

For users, the changes are mostly evolutionary but important, particularly the design refresh, privacy-conscious AI tools, and new multitasking capabilities. However, the delay to Siri’s upgrade leaves a visible gap in Apple’s response to competitors like Google Gemini, OpenAI’s ChatGPT and Microsoft Copilot.

While Apple’s privacy model and integration strengths remain core advantages, some commentators have noted that many of the features shown at WWDC 2025, e.g. call screening, image generation and real-time translation, have been available on Android or third-party platforms for some time.

As Apple seeks to reassert itself in the AI space while maintaining its reputation for design and reliability, this year’s announcements appear to generally reflect both ambition and caution. It’s likely that the next 12 months will be critical in determining how far the company can evolve its AI strategy, and how willing users and developers are to embrace it.

What Does This Mean For Your Business?

The real test for Apple will be whether these updates deliver meaningful, seamless experiences in day-to-day use. While the Liquid Glass redesign brings a striking new aesthetic, and the Apple Intelligence features promise more contextual support, much depends on how consistently and reliably they perform across devices. The fact that developers now have access to Apple’s on-device models is likely to accelerate the creation of tailored, private AI experiences. For UK businesses, this opens up potential for more secure, integrated tools across sectors such as retail, healthcare, and finance, especially for those already embedded in Apple’s ecosystem.

However, questions remain about how quickly these new capabilities can reach mass adoption. With many features still in beta and some dependent on specific hardware or language settings, rollout may be uneven. Apple’s slower progress on Siri is also a strategic concern. In a market where AI-powered voice interaction is fast becoming a standard expectation, its absence puts Apple at a disadvantage, particularly in the enterprise and productivity space where hands-free interaction can offer real operational value.

Apple’s emphasis on privacy and on-device processing is clearly intended to differentiate it from AI competitors who rely heavily on cloud-based models. This may appeal strongly to consumers and businesses alike, particularly those facing increasing regulatory pressure around data handling. Even so, Apple will need to keep pace on usability and innovation if it wants to remain a leader in AI-enhanced computing.

As other players race ahead with chatbots, copilots, and custom models, Apple has opted for a slower but arguably more sustainable approach. Whether this proves to be a strength or a missed opportunity will depend not just on technical progress, but on how well it can support developers, reassure users, and turn these tools into something people actually want to use every day.

Meta is taking legal action against a company accused of flooding its platforms with ads for non-consensual AI-generated nudity, while Disney and Universal have launched a separate lawsuit claiming one of the world’s most popular image-generating tools is built on stolen intellectual property.

Meta Targets CrushAI in Major Legal Push

Meta has filed a lawsuit in Hong Kong against Joy Timeline HK Limited, the company behind CrushAI, an app that uses generative AI to undress photos of clothed individuals without their consent. According to Meta, the service ran more than 87,000 ads across Facebook and Instagram, often using misleading images and evasion tactics to bypass platform rules.

Repeated Violations

Meta’s lawsuit alleges that CrushAI’s operators repeatedly violated Meta’s advertising policies and continued to create new accounts and domains to distribute ads even after multiple take-downs. Meta said the company operated under names like “Eraser Annyone’s Clothes” and used generic visuals in ads to sidestep detection systems. In one example cited in court filings, an ad featured a split image of a woman clothed on one side and digitally undressed on the other, with phrases like “BRA OFF” and “PANTS OFF” alongside captions such as “Upload a photo to strip for a minute.”

Meta’s lawsuit seeks to stop the defendants from using its platforms entirely. A company spokesperson stated, “This legal action underscores both the seriousness with which we take this abuse and our commitment to doing all we can to protect our community from it.”

Scale of Abuse Raises Platform Accountability Questions

Based on what Meta says, it appears that the volume of ads involved in the case is significant. For example, reports indicate over 135 Facebook pages and more than 170 business accounts were used to promote AI undressing services. Many of these targeted users in the US, UK, Canada, Australia and Germany. According to investigative journalist Alexios Mantzarlis (who first reported on CrushAI’s ad activity), around 90 percent of its website traffic came directly from Meta-owned platforms.

Not only is Meta suing, but it has also now responded by expanding its detection and enforcement methods. Reports indicate that new tools can now identify suspicious ads even when they contain no explicit content, using copy-detection and adversarial network analysis. Since the start of 2025, Meta says it has dismantled four separate networks of such advertisers and provided over 3,800 URLs linked to nudify services to other tech firms via the Tech Coalition’s Lantern programme.

Monetising Harmful Content Through Mainstream Platforms

This case essentially highlights how AI tools are being used not just to produce harmful content, but to monetise it through mainstream ad platforms. Meta’s decision to pursue litigation suggests a growing willingness to tackle abuse at the source rather than relying solely on content moderation. The company has also backed new US legislation like the TAKE IT DOWN Act, aimed at removing non-consensual intimate images from the internet more broadly.

Tech Industry Struggles With Deepfake Threat

It should be noted here that the CrushAI case is certainly not an isolated incident. Meta, TikTok and others have all faced rising pressure over how easily such tools can reach users, especially teenagers. Despite banning search terms like “undress” and “nudify,” demand for these apps has grown sharply in recent months. In 2024 alone, researchers found millions of ad impressions for similar services across YouTube, X, and Reddit.

The business model is simple but troubling, i.e., create synthetic nude images from innocent photos using AI, serve ads via loopholes in platform rules, and profit from traffic and paid services. Meta argues that only cross-industry cooperation and stronger regulation will stop the spread of such services. “Removing them from one platform alone isn’t enough,” the company wrote in a June 2025 update.

Should Have Acted Faster?

However, critics say Meta should have acted faster. Despite knowing about the problem since at least 2023, many CrushAI-linked domains remained live and active into this year. Privacy campaigners argue that platforms must improve human oversight of AI-driven ad systems, particularly when dealing with abusive content aimed at minors or vulnerable groups.

Disney and Universal Take Aim at Midjourney Over IP Use

While Meta fights AI abuse through its own platforms, another battle is unfolding in the entertainment world. Disney and Universal have recently filed a joint lawsuit in California against San Francisco-based Midjourney, accusing it of using copyrighted characters and imagery without permission.

The studios argue that Midjourney’s generative AI models have enabled users to create countless unauthorised depictions of characters like Yoda, Elsa, Darth Vader and the Minions. According to the complaint, the tool functions as an “AI-powered vending machine” that outputs copyrighted content on demand, without adequate transformation or permission.

Horacio Gutierrez, Disney’s chief legal officer, said: “Piracy is piracy, and the fact that it’s done by an AI company does not make it any less infringing.”

Midjourney is reported to have generated around $300 million in revenue in 2024. It is also developing a video generation service, which the plaintiffs warn could extend the infringement into moving images. While Midjourney has not responded publicly to the lawsuit, its website describes the team as a “small self-funded research lab” with fewer than a dozen full-time staff.

Fair Use, Transformation and Legal Uncertainty

The Midjourney case cuts to the heart of one of the thorniest questions in current copyright law, i.e., how much transformation is enough to qualify as fair use? Syracuse University professor Shubha Ghosh noted, “A lot of the images that Midjourney produces just seem to be copies of copyright characters that might be in new locations or with a new background.”

The studios argue this isn’t transformative in a meaningful sense. However, Midjourney’s defenders claim its models are trained on vast quantities of publicly available images and that user-generated content can vary widely in form and purpose. The outcome may hinge on whether courts see Midjourney’s tools as akin to remixing or as unauthorised reproduction.

It’s been reported that IP lawyer Randy McCarthy has warned that this case is far from clear-cut, saying: “No litigation is ever a slam dunk, and that is true for Disney and Universal in this case.” He points to Midjourney’s terms of service and the complexity of fair use law in the context of AI-generated content.

A Growing Legal Reckoning for AI

Both lawsuits essentially reflect a broader shift in how tech companies, regulators and rights holders are responding to the explosive growth of generative AI. While the technology is transforming fields from entertainment to education, it is also forcing courts to confront unprecedented questions about privacy, consent, and intellectual property at scale.

For example, while Meta is investing in machine learning to better detect nudify ads, legal pressure may ultimately do more to stop app makers from operating in the first place. Similarly, Hollywood’s case against Midjourney may define future boundaries for AI training, commercialisation and user outputs.

These cases also raise operational questions for AI developers and platforms alike. For example, businesses using AI models in customer-facing products will need to monitor legal risks more closely, especially where training data or outputs involve real people or proprietary content. The financial, reputational and regulatory costs of getting this wrong are starting to come into sharper focus.

What Does This Mean For Your Business?

The outcomes of these lawsuits could set influential precedents in how AI content is policed, monetised and legally challenged across both the tech and entertainment industries. In Meta’s case, the scale of abuse has forced the company to shift from reactive moderation to proactive disruption and litigation. The company’s legal and technical responses also highlight the degree to which AI-generated content has outpaced existing enforcement systems, raising critical questions about how other platforms will handle similar threats. While Meta’s use of machine learning and industry-wide collaboration may help close the gap, regulators and watchdogs will be watching closely to see whether these measures are sufficient, or merely reactive damage control.

For UK businesses, these developments highlight the need to approach AI integration with greater care, especially when it involves third-party content, image generation or user data. Any business using or developing generative tools must understand not just the technical capabilities, but also the legal and ethical frameworks now forming around them. Whether it’s a platform hosting user-generated images or a marketing agency using AI to create branded visuals, the risks associated with misuse, infringement or reputational harm are now more tangible than ever. Ensuring that AI systems are responsibly sourced, monitored and legally compliant is really now essential.

The legal action from Disney and Universal shows that large rights holders are prepared to challenge even the most technically complex cases of copyright use. Although Midjourney is not accused of creating content directly, it stands accused of enabling users to infringe at scale by offering tools trained on protected IP. This line of legal argument may soon be tested further if other AI firms follow similar models. For other stakeholders in the creative sector, from publishers to games studios, the message is that commercialising AI without clear safeguards can bring substantial legal exposure.

It seems the more AI tools intersect with real people’s identities and other people’s intellectual property, the more likely it is that platforms, developers and even users will be drawn into litigation. The next few months are likely to shape not just individual company policies, but broader norms around how AI is trained, deployed and held accountable across multiple sectors.

A growing number of major tech companies are turning away from the London Stock Exchange in favour of listings in the US, citing better valuations, deeper capital markets, and greater investor appetite for growth.

Wise and Others Moving Away

Last week, UK fintech firm Wise announced plans to shift its primary listing from London to New York. The move follows similar decisions by chip designer Arm, which chose Nasdaq in 2023, and Just Eat Takeaway, which exited London for Amsterdam. Wise’s CEO Kristo Käärmann said the shift would provide access to “the world’s deepest and most liquid capital market” and the largest potential customer base for its services.

Klarna, Spotify and other European tech players have already listed in the US or confirmed plans to do so. Revolut’s founder recently summed up the sentiment, describing a London listing as “not rational” under current conditions.

Bigger Capital Pools and Bolder Investors

It seems that this trend is being driven primarily (and not surprisingly) by financial factors. For example, the US offers much larger pools of capital, higher valuations, and a more supportive investor culture. The New York Stock Exchange has a market capitalisation of about $27 trillion, compared to £2.8 trillion for the LSE. It’s this sheer scale that’s creating more liquidity and attracts more institutional investment.

For example, UK semiconductor and chip design company Arm achieved a far higher valuation on Nasdaq than analysts expected it could reach in London. Wise is hoping for the same, believing US investors are more likely to back its revenue-first, long-term model.

US markets also tend to favour growth over immediate profit, and this appears to align more closely with the business models of many tech firms. In the UK, by contrast, investors often demand revenue visibility early on and, for high-growth companies, that kind of risk aversion can be limiting.

A Shrinking Share of Global Markets

The decline of the LSE is visible in the numbers. For example, in 2024, 88 companies delisted or moved their primary listing away, which is the highest annual outflow in over a decade. At the turn of the millennium, UK-listed companies made up 11 per cent of the MSCI World Index. Today, that share has dropped to just 4 per cent.

For the wider UK economy, this shift poses long-term risks. For example, as more firms list overseas, the UK loses influence over its most dynamic sectors. There is also a risk of a talent drain, as companies with international ambitions may choose to relocate senior teams and operations.

Deliveroo’s underwhelming 2021 IPO on the LSE is often cited as a turning point. The company’s falling share price and lukewarm investor reception cast doubt over London’s ability to support innovative tech listings. That failure has made other firms wary of following the same route.

Government Reforms Are on the Table

That said, UK policymakers now appear to be trying to respond. For example, the Edinburgh Reforms aimed to improve access to public markets for scale-ups, and Labour’s Chancellor Rachel Reeves has proposed further deregulation. Changes include relaxing rules on sovereign fund investment, reducing tax friction for traders, and streamlining disclosure obligations.

Dual-class share structures, which allow founders to retain control, are also under discussion. Raspberry Pi recently adopted such a structure in its successful LSE debut, suggesting the market can support innovative tech companies when the conditions are right.

AIM’s Decline and the Call for Radical Change

The UK’s Alternative Investment Market (AIM), originally designed to support fast-growing smaller companies, has lost nearly 400 listings in the past nine years. Critics argue it has become too weak to serve its intended purpose, with concerns over liquidity and transparency deterring new listings.

Benedict Macon-Cooney from the Tony Blair Institute has called for a far more radical overhaul. He argues that the UK needs to stop “nibbling” at the problem and instead make high-growth sectors a national economic priority. That means rethinking regulation, investment, skills, and infrastructure to support innovation from the ground up.

New York Isn’t the Only Winner

While US exchanges are drawing the lion’s share of attention, other global markets are also benefiting. Amsterdam, in particular, has positioned itself as a hub for digital and fintech firms. For example, Just Eat Takeaway moved its primary listing there in search of a more aligned investor base.

Some believe the UK could build partnerships with emerging markets such as India, Nigeria, or the Middle East to attract listings from new tech sectors. ReachX CEO Rafael S. Lajeunesse argues that offering structured dual-listing pathways could help London gain exposure to future tech powerhouses outside of the US.

Making the LSE Fit for Growth Companies

Several experts believe the LSE could still thrive if it focused more on attracting £500m to £1bn market cap tech companies, i.e. the kinds that might struggle to gain attention on Nasdaq but are too big for venture capital alone.

For example, Raspberry Pi succeeded in part because its leadership team understood the IPO process and prepared well for the demands of public investors. More tech founders could follow suit with the right education, support, and guidance.

There are also structural changes that could help. Reducing the cost of listing, increasing analyst coverage for growth firms, allowing dual-share structures, and introducing faster listing routes are all on the table.

What Does This Mean For Your Business?

What’s now becoming clear is that the London Stock Exchange is no longer the default destination for ambitious UK tech companies. For many founders, the capital, scale and investor mindset offered by the US are proving too attractive to ignore. This is not simply a matter of prestige or visibility. The decision to list in New York or Amsterdam is often about achieving a better valuation and securing the kind of long-term backing needed to grow globally. If London cannot compete on those fundamentals, it risks being left behind.

The concern is not just for the stock exchange itself but for the broader ecosystem around it. When companies go elsewhere to list, there is a knock-on effect across the UK’s professional services, capital markets, and innovation economy. It becomes harder for growth-stage UK investors to plan domestic exits. It also sends the wrong signal to the next generation of entrepreneurs who may begin building with one eye already on an overseas IPO. For UK businesses more broadly, this erosion of the local tech sector could weaken supply chains, reduce local collaboration opportunities, and limit talent retention in key innovation areas.

That said, there is still time to turn things around, but it will require more than minor regulatory tweaks. The UK will need to create a genuinely competitive listing environment that reflects how tech businesses operate and grow. That means improving access to capital, updating market rules to support dual-share structures, and better educating investors on modern business models. It also means giving smaller tech firms a credible path to public funding that isn’t crowded out by legacy sectors.

Recent success stories like Raspberry Pi show what’s possible when those conditions are met. If the LSE can build on that momentum, focus on realistic growth sectors, and reframe its pitch to scale-up companies, it may yet reclaim its place as a serious option for the UK’s most promising tech businesses.
Until then, more of them will continue to look west.

Tesla will tentatively begin offering public rides in driverless robotaxis in Austin, Texas on 22 June, according to Elon Musk, marking the long-delayed debut of a service he first promised back in 2019.

A Delayed Vision Finally Approaches Reality

Tesla (and SpaceX) boss Elon Musk has been claiming for years that fully autonomous Teslas were just around the corner. For example, in 2019, he said Tesla would have a million driverless cars on the road by 2020. Instead, the company spent years refining its Full Self-Driving (FSD) software and shifting its hardware strategy, meaning that the commercial robotaxi launch never materialised, until now.

Rollout in Austin, Texas

Musk now says that Tesla’s planned launch in Austin will involve a small fleet of around 10 to 20 Model Y SUVs operating within a geofenced zone of the city. These vehicles will use what Musk has called “FSD Unsupervised”, meaning they are intended to operate without a human driver behind the wheel. Musk stated in a post on X: “Tentatively, June 22. We are being super paranoid about safety, so the date could shift.”

Spotted

The announcement came just days after testing vehicles were spotted in southeast Austin with the word “Robotaxi” printed on them. In a separate post, Musk also claimed that from 28 June, “the first Tesla that drives itself from factory end of line all the way to a customer house” will take place, something he has described as a major milestone in autonomous production.

What Exactly Is a Robotaxi?

A robotaxi is a fully autonomous vehicle that provides taxi services without a human driver. The idea is that a customer can summon a vehicle via an app, ride to their destination, and exit, all without interacting with a human operator. Tesla’s version of the service will begin in a limited area, with remote monitoring for safety.

Following Waymo and Cruise

It should be noted that Tesla is not the first company to the market with a robotaxi service. For example, Tesla’s approach resembles that of competitors like Waymo and Cruise, who also began robotaxi rollouts in restricted zones under strict conditions. Waymo, for example, already operates commercially in Phoenix and parts of San Francisco and Los Angeles. Cruise, backed by General Motors, had a promising start but suspended operations in late 2023 following a pedestrian injury incident that drew regulatory scrutiny.

Why It Took So Long

The idea of self-driving cars has been around for over a decade, but mass-market deployment has proven far more difficult than early estimates suggested. In Tesla’s case, the core challenge has been both technical and regulatory.

For example, Tesla’s FSD system has been under investigation by the US National Highway Traffic Safety Administration (NHTSA) following multiple incidents involving crashes, some reportedly due to the software’s failures in low-visibility conditions. In one case, a pedestrian was killed.

While Tesla has previously claimed that all its cars since 2016 had the necessary hardware for autonomy, Musk admitted earlier this year that many vehicles will require upgrades to run the current FSD software. The company has now moved to a vision-only system, removing radar and LiDAR, a decision that has been widely criticised by autonomous vehicle experts.

Data Troubles Too

There is also the matter of data. Unlike Waymo, which maps its operating areas in detail using high-definition 3D maps, Tesla has tried to rely on neural networks trained on massive volumes of driving footage. This has made scaling difficult and introduced variability that regulators have found hard to approve.

Musk’s Image and Its Impact on Tesla

Elon Musk’s personal brand has become increasingly polarising in recent years. His public alignment with cryptocurrency memes, his vocal support for Dogecoin, and a turbulent relationship with Donald Trump have drawn both criticism and ridicule. While once celebrated for visionary innovation, Musk has also faced backlash over controversial posts, involvement with DOGE, erratic business decisions, and mass layoffs at several of his companies.

More recently, Musk’s role in advising Trump (followed by a very public fallout) has alienated large segments of Tesla’s consumer base, particularly in Europe. Tesla’s EV sales have shown signs of slowing, with increased competition from Chinese automakers and established rivals in Europe and the US. This has placed added pressure on the robotaxi rollout to deliver fresh growth.

Why Austin?

It seems that Austin is a strategic choice for a rollout for several key reasons. Texas has relatively permissive regulations around autonomous vehicle testing and deployment, especially compared to states like California. Also, Tesla already has a significant presence in Austin through its Gigafactory, and the area offers a variety of suburban and semi-urban driving conditions ideal for early robotaxi trials.

Start in the “Safest” Areas

The service will begin only in the “safest” areas of Austin, Musk has said. Vehicles have been repeatedly seen mapping and testing routes in the same neighbourhoods in southeast Austin. This narrow initial footprint allows Tesla to mitigate risk while gathering user data and refining its service.

What’s at Stake for Tesla and the Industry

At this point for Tesla and Musk, the financial stakes are high. Tesla has pivoted sharply away from its earlier strategy of producing affordable EVs for the mass market. Instead, it now appears to see autonomy, and robotaxis specifically, as its key to future growth. If successful, the robotaxi service could create a powerful new revenue stream with high margins and recurring user engagement.

For Tesla, therefore, this launch is not just a new product but is a test of its ability to deliver on technological promises that have been years in the making. It is also a reputational gamble. Any high-profile failure could undermine consumer confidence and invite further regulatory scrutiny, and further criticism or damage to the Musk brand.

For the wider industry, Tesla’s move is likely to intensify competition. Waymo, Zoox (Amazon-owned), and Apple’s long-rumoured autonomous vehicle programme will all be watching closely. A working Tesla robotaxi in a live environment could reignite investor interest in autonomy after a period of cooling.

Urban Mobility

If Tesla can prove its model works safely and reliably, the implications for urban mobility may be significant. Businesses could use robotaxis for employee transport, client travel, or local delivery in a cost-effective, on-demand way. Fleet management costs could drop, while ride availability and convenience could increase.

For example, local firms in Austin that rely on staff movement between offices or sites may benefit from more predictable, automated transport. It could also open new possibilities for tourism, hospitality, and customer service sectors where flexible, affordable point-to-point mobility can add real value.

However, some business leaders remain cautious. Liability in the event of an accident, limited coverage areas, and regulatory grey zones still pose challenges. Insurance, data privacy, and workplace policy updates would also need to evolve to support robotaxi use at scale.

Early Enthusiasm Meets Persistent Criticism

Despite the enthusiasm, experts remain wary. Tesla’s refusal to use LiDAR, i.e. a tool nearly all other AV companies rely on for precise spatial mapping, has been called “reckless” by some in the field. Public demonstrations have also drawn criticism. For example, in 2024, a group of safety advocates staged a protest using child-sized mannequins in San Francisco to show that Tesla’s FSD software failed to stop in simulated pedestrian scenarios.

Also, regulators are bound to be watching closely. The NHTSA’s ongoing investigations may yet influence the pace and scope of Tesla’s rollout, and cities with stricter AV policies may not welcome Tesla’s robotaxis without additional testing and third-party validation.

How Others Have Fared in This Space

As noted earlier, Tesla is not the first company to offer driverless ride services. Waymo has been operating in Phoenix since 2020 and has expanded gradually to parts of San Francisco and Los Angeles. Its vehicles use LiDAR, detailed mapping, and a cautious rollout process that has largely avoided major safety incidents.

Cruise, another major player, ran services in multiple US cities but paused all operations after an accident in late 2023 triggered widespread scrutiny and a loss of confidence in its safety protocols. Zoox, owned by Amazon, has been slower to launch but continues to test its purpose-built autonomous shuttles in California and Nevada.

Tesla’s approach is arguably more ambitious, but also riskier. Its reliance on general-purpose AI rather than detailed pre-mapping sets it apart, for better or worse. Whether that gamble pays off now rests, in large part, on the roads of Austin.

China’s Robotaxis Are Already Operating at Scale

While the US and Musk have drawn much of the global attention around autonomous vehicles, it’s worth noting here that China has quietly moved ahead with large-scale robotaxi deployments in several major cities. Companies like Baidu, Pony.ai and AutoX have all launched commercial driverless ride services in selected urban areas, in some cases without any human safety drivers onboard.

For example, Baidu’s Apollo Go service currently operates in cities including Beijing, Wuhan, Chongqing and Shenzhen. In certain districts of these cities, passengers can hail a fully driverless robotaxi using a mobile app, with the vehicle arriving and completing the journey without any human intervention. Baidu has already reported over 3 million autonomous rides completed and says that, in Wuhan, it now runs more than 100 driverless cars each day.

Pony.ai, backed by Toyota, is also operating robotaxi trials in Beijing and Guangzhou and has obtained permits for driverless testing in key urban zones. Meanwhile, AutoX, which is backed by Alibaba, claims to be the first company in China to run a completely driverless fleet in Shenzhen. Its vehicles operate on open roads with no onboard safety driver and no remote monitoring, under the approval of local authorities.

Why Is It Working In China?

China’s progress has been driven in part by a supportive regulatory environment. For example, several cities have introduced staged permission systems for autonomous vehicles, often designating specific districts for testing and public use. These areas are typically well-mapped, controlled and connected, which helps reduce the complexity and risk of operating without a driver.

Unlike Tesla’s reliance on vision-based AI alone, Chinese robotaxi providers typically use a combination of LiDAR, radar, high-definition mapping and vehicle-to-infrastructure data. This hybrid approach has allowed them to demonstrate higher consistency and, so far, avoid high-profile safety failures.

The result is that robotaxis in China are no longer just test cases but have become part of everyday urban mobility for some residents. While the scale remains relatively localised, the maturity of these deployments provides a valuable benchmark for global players, including Tesla.

What Does This Mean For Your Business?

Whether Tesla’s robotaxi launch becomes a turning point for the company or another overhyped milestone will depend heavily on how it performs in the real world. Unlike earlier promises tied to theoretical capabilities, this rollout involves real passengers, real roads, and real expectations. A smooth and safe service could help re-establish confidence in Tesla’s long-term vision and give the company fresh momentum at a time when its EV market share is under pressure and its public image is increasingly tied to the unpredictability of Musk himself.

For regulators, competitors, and the wider public, this trial will serve as a test case for what a driverless future might actually look like. If Tesla’s system operates reliably within its geofenced limits, it could pressure US cities and lawmakers to accelerate AV frameworks and could encourage other providers to speed up their deployments. However, any serious incidents could lead to renewed regulatory clampdowns or stall the broader industry’s progress.

UK businesses, while not directly impacted by the Austin launch, should be watching carefully. If Tesla proves its robotaxi model can be safe, efficient, and scalable, pressure may build for the UK to define clearer policies on AV services. Sectors like logistics, corporate travel, hospitality, and facilities management could all benefit from more flexible, low-emission transport solutions, especially in urban areas facing congestion and net zero targets. It may also prompt innovation across Europe’s mobility sector, where trust, data security, and transparency will be essential.

For now, Tesla’s plan to move from test footage to public fares is quite a bold move. The company has much to prove, both in terms of technology and trust. Whether the robotaxi rollout marks the beginning of a new chapter or another delay in an already chequered timeline remains to be seen.

Meta’s new AI app is under fire after users unknowingly shared private chats, including legal queries, personal data and audio clips, on the public web.

The issue lies with a “share” button that appears after each chatbot response. Users can post content without realising it’s publicly visible, especially if logged in via a public Instagram account. Security expert Rachel Tobac called it a “privacy nightmare” after spotting names, addresses and court-related questions shared online.

Some posts appear jokey or attention-seeking, but many involve sensitive or reputationally risky content. One user asked about a rash, another discussed tax evasion, and several uploaded CVs and legal references, seemingly unaware they were going public.

Launched on 29 April, the app has already hit 6.5 million downloads. However, experts say Meta should have anticipated the risks of blending private AI queries with social sharing.

Businesses should avoid using AI tools through personal logins and steer clear of sharing anything sensitive unless privacy settings are crystal clear.