Brussels slows down, attackers speed up—and Beijing cracks down
Three reports in ten days, one common thread: The business fundamentals of industrial AI deployment are being renegotiated. At the end of June, the EU finalized the postponement of its high-risk regulations; in early July, researchers documented the first fully autonomous AI ransomware; and on July 7, Reuters reported that Beijing is considering cutting off foreign access to China’s most powerful models.
13 Jul 2026Share
Those who make decisions about AI in industry have, for the most part, relied on two key factors: What can the technology do, and how much does it cost? Now a third factor is coming to the fore—and it’s the most uncomfortable one: What can we rely on? On regulators who push back their own deadlines? On a security landscape where attackers no longer have to be human? On model access that becomes a geopolitical bargaining chip overnight?
A Delay with a Footnote: What the Digital Omnibus Really Means
At the end of June, the EU Council approved the Digital Omnibus Regulation—thereby easing the deadline that had been marked in red on many compliance calendars. Autonomous high-risk AI systems won’t have to meet the strict requirements of the AI Act until December 2, 2027, and AI embedded in regulated products—such as medical devices—won’t have to comply until August 2, 2028. Officially, the postponement of at least 16 months gives companies breathing room for the complex conformity assessment.
However, the fine print is significant: not everything has been postponed. Starting August 2, 2026—just a few weeks from now—general transparency and registration requirements will take effect. Anyone operating chatbots in customer service or publishing AI-generated content must disclose this; the requirement for staff to possess AI competence has long been in effect anyway. Violations are punishable by fines of up to 35 million euros or seven percent of global annual revenue. Anyone who interprets the headlines about the postponement as a all-clear is confusing a grace period with a free pass—and squandering the time gained to take stock of and classify the risks of their own systems.
JADEPUFFER: When Ransomware Thinks for Itself
While Brussels is slowing down, the attackers have shifted into high gear. In early July, the threat research team at security provider Sysdig documented what it believes to be the first ransomware attack carried out entirely by an AI agent, dubbed JADEPUFFER: Initial access via a known vulnerability in the AI tool Langflow, followed by reconnaissance, theft of credentials, lateral movement within the network, and finally the encryption of 1,342 configuration entries in a production database along with the deletion of the originals—over 600 payloads, orchestrated by a language model that continuously commented on its own actions within the code. When a login attempt failed, the agent diagnosed the error and provided the correction within 31 seconds.
What’s alarming isn’t the sophistication—none of the techniques were new. What’s alarming is the chaining of these actions: What previously required experienced operators is now handled by an agent whose operation costs little more than the computing time. In their May guidelines on agent-based AI, the cybersecurity agencies of the Five Eyes countries had already warned to expect unexpected behavior from such systems and to prioritize resilience over efficiency. JADEPUFFER provides practical proof sooner than hoped—and neglected, internet-exposed legacy systems will be systematically exploited in the future, almost at no cost.
Beijing is openly considering export controls
The third shift concerns the source of supply itself. As Reuters reported on July 7, citing three insiders, Chinese authorities—led by the Ministry of Commerce—held discussions last month with Alibaba, ByteDance, and the startup Z.ai about restricting foreign access to China’s most powerful AI models, including systems that have not yet been released. Discussions centered on limits for both open and closed models, classifying technology leaks as violations of national security law, and requirements for investors. Nothing has been decided yet; it might only affect future models—solutions that have already been freely released can hardly be retrieved anyway.
The timing is particularly significant: According to a Citi analysis—which should be interpreted with caution—some Chinese models cost as little as 18 cents per million tokens, while top U.S. models cost around four dollars—which is why Western companies have recently been switching en masse to the cheaper competition. After Washington temporarily blocked access to top-tier U.S. models in June, Beijing is now following suit: Frontier AI is being treated as a strategic asset on both sides of the Pacific.
The lesson: Agility is the new compliance
Three news items, one consequence: Regulation, the threat landscape, and model access have become dynamic factors. Anyone planning their AI architecture today treats model sourcing like a supply chain risk—seeking alternatives rather than relying on a single source—makes productive use of Brussels’ grace period, and secures agent-based systems as if they were privileged insiders. Because only one thing can be reliably predicted at this point: the next change in course.
Related Exhibitors
Related Speakers
Related Events
Interested in news about exhibitors, top offers and trends in the industry?
Browser Notice
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.
Update Browser