Cyber threats
Barometer

August 2, 2025 marked the implementation of a set of specific requirements for general-purpose AI models (GPAI) in terms of transparency, security, and governance. This follows the introduction of the AI Act, which requires AI products to comply with these requirements as soon as they are launched on the European market. Several leading AI models on the market, including OpenAI, Microsoft, Cohere, Amazon, Google, Anthropic, and Mistral AI, have already signed the Code of Good Practice for GPAI.

These obligations require GPAI providers to implement a series of measures: technical documentation, transparency on training data, risk assessments, intrinsic model safety, and incident preparedness, with significant financial consequences for non-compliance (fines of up to 7% of global turnover or €35 million). At the institutional level, this date also marks the operationalization of the AI Office and the AI Board. This establishes key mechanisms for coordinating and enforcing the regulation, as well as the designation by Member States of their competent national authorities.

The stakes are high: the regulation of GPAI is transforming the very foundations of the AI industry. Technology companies must now rethink their development cycle to integrate compliance processes from the design stage onwards. The proactive publication of guidelines by the European Commission indicates a willingness to provide support, but also to be firm in the application of the framework.
In conclusion, the implementation of this regulatory framework (August 2, 2025) represents a historic turning point. It establishes the EU as a pioneer in robust AI control while posing a major challenge to suppliers: combining innovation, transparency, and security in a rapidly evolving legal environment.

General-purpose artificial intelligence models (GPAIs) refer to AI systems trained on large sets of non-specialized data, designed to develop the ability to adapt and generalize to a wide variety of tasks. Unlike specialized AI models (e.g., facial recognition or fraud detection), GPAI can be used, sometimes without significant adaptation, in multiple contexts: natural language generation, image understanding, translation, document summarization, behavior modeling, etc.

Malware, critical vulnerabilities, advanced persistent threats, industries particularly targeted, weak signals of emerging attacks…It’s no secret that knowledge of one’s adversary is a key factor for the security of an enterprise. The Cyber Threats Barometer gives you a monthly overview of the cyber threats detected by Gatewatcher CTI, our Cyber Threat Intelligence platform.

Gatewatcher CTI’s automated collection, analysis and correlation engines are continuously fed by more than 4000 data sources from multiple channels: social networks, specialized sites, dark and deep web. They make threat information available an average of 24 hours in advance of the competition and help operational response teams make better decisions by dramatically reducing their analysis and incident treatment times.