Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,500 words, this briefing is about a 7-minute read.
At a Glance.
- Trump signs AI deals with Gulf States.
- Delta's lawsuit against CrowdStrike permitted.
Trump administration signs international AI deal.
The news.
Last week, the Trump administration agreed to a new artificial intelligence (AI) deal with the United Arab Emirates (UAE). With this deal, the United States (US) and the UAE have agreed to build a new data center and improve the UAE’s access to advanced AI semiconductor chips. These international deals come after President Trump spent several days meeting with leaders across the Middle East resulting in several major policy announcements.
The data center portion of this deal will involve building a new ten-square-mile AI campus in Abu Dhabi that has five gigawatts of power capacity. When announcing this portion of the deal, Secretary of Commerce Howard Lutnick stated, “American companies will operate the data centers and offer American-managed cloud services throughout the region.” Regarding the AI semiconductor chip portion of this deal, the US has also given the UAE the right to import 500,000 advanced semiconductor chips per year. Lastly, the two nations have also finalized a technology framework agreement involving both sides making commitments to secure these advanced technologies.
This UAE deal is part of a broader push from the Trump administration across the Gulf, including a separate deal with Saudi Arabia.
The knowledge.
With the US and UAE’s partnership, the Trump administration has made an effort to expand its relations with the Gulf States. Alongside this deal, the US and Saudi Arabia also made a deal involving $600 billion in commitments from the Saudi government. In return for these commitments, US companies, like Nvidia, stated it would sell hundreds of thousands of AI chips in Saudi Arabia, and Qualcomm Inc also signed a memorandum of understanding to develop and build a data center central processor with Humain.
With each of these major deals, President Trump has signaled a notable departure from how the Biden administration had approached technological investments within the region. Previously, Microsoft had intended to form an extensive partnership with UAE firm G42 which would have provided G42 with the following:
- $1.5 billion in funding.
- Establishing Microsoft as a Board of directors member.
- A $1 billion fund to improve the region's AI developer skills.
However, after announcing the deal, Microsoft received substantial pushback from both the Biden administration and Congress regarding G42’s ties to China. At the time, Representatives Michael McCaul and John Moolenaar wrote a letter to former National Security Adviser Jake Sullivan that requested a comprehensive review of G42’s ties to China.
From this pressure, Microsoft revised its AI plans to offer products through lease agreements rather than selling them to exert more oversight as well as establish greater safeguards. After announcing these changes, members of the House China Committee noted:
“After we relayed national security concerns to the White House, Microsoft proactively adjusted the terms of its deal with G42 to ensure key American technology is not directly handed over to potentially problematic actors with close ties to [China].”
However, with the Trump administration signing these new deals and greenlighting the sale of advanced chips to these nations, it appears that these concerns are not as prominent.
The impact.
While the full impact of these deals will take time to materialize, they suggest a shift in how President Trump views AI and its role in US foreign policy. By building data centers and permitting the sale of advanced semiconductor chips, the Trump administration expanded the US’s technological presence in the Gulf, providing economic growth and diplomatic influence.
However, there are still unanswered questions. In addition to ensuring proper safeguards, preventing foreign adversaries, like China, from accessing these technologies will be critical. While previous efforts involved putting pressure on private business dealings, it is unclear if President Trump aims to use similar tactics or plans to manage security differently.
As the administration deepens its engagement in the Gulf, businesses should prepare for an expanded focus when using technology in international diplomacy.
Delta allowed to sue CrowdStrike.
The news.
On Monday, a Georgia state judge ruled that Delta can pursue most of its lawsuit against cybersecurity firm CrowdStrike. This case stems from a major outage that occurred last July, which caused the airline company to cancel over 7,000 flights.
In her decision, Judge Kelly Ellerbe stated that Delta may attempt to prove that CrowdStrike was grossly negligent when releasing a defective software patch, which caused the outage. In her opinion, Judge Ellerbe wrote:
“Delta has specifically pled that if CrowdStrike had tested the July update on one computer before its deployment, the programming error would have been detected.”
In addition to the gross negligence claims, Judge Ellerbe has also permitted Delta to pursue a computer trespass and a narrowed fraud claim. For the fraud claim, Delta is alleging that CrowdStrike fraudulently promised to not introduce unauthorized back doors.
CrowdStrike’s lawyer, Michael Carlinsky, responded to this development emphasizing that Delta’s case has no merit.
The knowledge.
Delta originally filed this lawsuit in October 2024, three months after the substantial outage crippled operations across multiple sectors. According to Delta’s complaint, the outage cost the airline over $500 million in damages and impacted over 1.3 million customers. Over the five-day outage, Delta was forced to cancel over 7,000 flights, making it the most impacted organization from the outage.
For context, this outage was related to a faulty software update that was deployed to CrowdStrike’s Falcon Sensor tool, which is a widely used endpoint protection platform. The update caused a conflict with Windows machines, leading to critical crashes and widespread reports of the infamous “blue screen of death.”
Though the patch affected a broad range of companies globally, including banks, media organizations, and other airlines, Delta claims its dependency on CrowdStrike made them particularly vulnerable.
However, since Delta filed this lawsuit, both Microsoft and Crowdstrike disputed Delta's claims. Microsoft emphasized that it would defend itself “vigorously” and that the outage was made significantly worse due to Delta not modernizing its IT infrastructure as other airlines had done.
The impact.
This lawsuit could become a landmark case in how liability is determined for widespread IT failures caused by software updates. If Delta can prove gross negligence or fraud, the outcome could set a greater precedent that software suppliers and cybersecurity vendors bear more responsibility.
Alongside setting a new precedent, the case could also raise the bar for pre-deployment testing, documentation, and risk disclosures.
Tech vendors and organizations should watch this case closely and monitor its developments. If the courts find that software providers can be held liable for damages on this scale, it could result in a readjustment for vendor contracts and insurance policies.
Highlighting key conversations.
In this week’s Caveat Podcast, our team discussed a significant preemption provision that is in a federal budget bill related to AI. For context, if passed this provision would ban all state regulation on AI for the next decade. During this episode, our team discusses this sweeping provision and the potential implications it would have on current and future legislation at the state level.
Like what you read, and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
Italy fines Replika $5.6 million.
What: Italy’s data protection agency has fined AI chatbot company, Replika, for breaching user personal data rules.
Why: On Monday, Garanta fined Replika following an investigation, which found that Replika lacked a legal basis for processing users’ data and had no age-verification system installed. For context, Garanta started an investigation after ordering the company to suspend its services in Italy in 2023.
Alongside this fine, Garanta also announced an additional separate investigation to determine if Replika's AI system is compliant with general European Union privacy rules, specifically focusing on the training of its language model.
DOJ launches investigation into Coinbase Global breach.
What: The Department of Justice (DOJ) has opened a probe into Coinbase Global breach.
Why: On Monday, the DOJ announced this investigation into the breach. Paul Grewal, Coinbase’s Chief Legal Officer, stated:
“We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors.”
For context, on May 11th, the company received an email claiming to have information regarding certain customer accounts and internal documents. Coinbase additionally confirmed that the attackers stole some data, including names, addresses, and emails, but not login credentials or passwords.