#FactCheck -Prayagraj Celebration Video Falsely Shared as BJP Victory Celebration in West Bengal

The Expanding Governance Challenge of Artificial Intelligence
‍

Artificial intelligence (AI) systems are increasingly embedded in economic and social infrastructure. They are being adopted in financial services, healthcare diagnostics, hiring systems, and public administration. But while these systems improve efficiency and decision-making, they also introduce new forms of technological risk. 

Unlike conventional software, AI systems learn patterns from data and continue to evolve as they run. This poses governance issues since risks can arise throughout the AI life cycle, whether at the coding level or in their implementation.

The latest regulatory frameworks, such as the European Union’s AI Act (EU AI Act) and the UNESCO Recommendation on the Ethics of Artificial Intelligence, note that responsible AI governance depends on the realisation of where risks emerge across the development process. 

This article maps the AI system lifecycle, identifies the risks that emerge at each stage and evaluates the policy tools used to mitigate them using the lifecycle framework developed by the Organisation of Economic Co-operation and Development (OECD).
‍

The Lifecycle of an AI System
‍

AI systems are developed through a structured process that includes problem definition, dataset collection and preparation, model development, testing and validation, deployment, and monitoring.

The OECD conceptualises this development process as the AI system lifecycle. Each stage entails various technical and administrative procedures, since choices made during these stages will dictate the goals and limits of an AI system. Further, the quality and representativeness of training sets will have a strong effect on the behaviour of models after implementation.

Since this is an iterative and not a linear procedure, risks can be introduced at each stage of the AI lifecycle. New data can be retrained into different models, and systems are regularly updated once they have been deployed, to address performance degradation, model errors, or unintended outputs. This iterative process means governance must address risks across the entire lifecycle, not just at deployment.

‍

Where AI Risks Emerge
‍

AI risks usually emerge earlier in the development process, especially in the phases when system objectives are formulated and training data are chosen. The EU AI Act and the UNESCO Recommendation on the Ethics of AI outline the following risks:  bias and discrimination, privacy and data security violations, the absence of transparency in automated decision-making, and risks to fundamental rights.

‍

AI Governance Risk Landscape: Core Risk Categories Under International Frameworks
‍

 Risk categories jointly identified by the EU AI Act and UNESCO Recommendation on the Ethics of Artificial Intelligence

Outlining the risks throughout the AI lifecycle helps understand the areas where governance interventions are most necessary. For example, discriminatory outcomes often result from biased or unrepresentative training data, while safety failures are typically linked to inadequate testing before deployment. Risks such as misinformation arise post the development process, when generative AI systems are deployed at scale on digital platforms. 
‍

AI System Lifecycle: Key Risks at Each Stage
‍

Risks identified per the EU AI Act and UNESCO Recommendation on the Ethics of AI

Understanding where risks emerge across the lifecycle explains why governance frameworks classify AI systems by risk and apply oversight at multiple stages.
‍

Policy Tools for Mitigating AI Risks
‍

Governments and international organisations have developed regulatory tools to help mitigate AI risks in the lifecycle. These tools are meant to make sure that AI technologies are identified as up to standard in safety, accountability and fairness prior to and after deployment. 

For example, the OECD AI Policy Observatory recommends that governments adopt policy instruments such as risk evaluations, algorithmic auditing necessities, regulatory sandboxes, and transparency necessities of AI systems. The European Union’s Artificial Intelligence Act (AI Act) is one of the most comprehensive systems of governance that introduces a risk-oriented regulation strategy. It mandates adherence to requirements concerning data governance, documentation, human oversight, and robustness, and cybersecurity. Such requirements bring regulatory checkpoints to the lifecycle of AI systems.

Mapping these policy tools across the lifecycle illustrates how governance mechanisms can intervene at different stages of AI development. 
‍

‍

Governance Overlay: Policy Interventions Across the AI Lifecycle
‍

Regulatory tools mapped at each stage of AI development per the EU AI Act and UNESCO Recommendation on the Ethics of AI

Several policy tools are directed at the risks that occur in the pre-developmental stages. In one example, algorithmic impact assessment has been applied in various jurisdictions to measure the possible consequences of automated decision systems on society before implementation. On the same note, the requirements of dataset documentation, including dataset transparency requirements and model cards, are aimed at enhancing accountability during the training and development stages of the AI systems. Therefore, lifecycle-based policy design allows regulators to intervene before harmful outcomes occur, rather than responding only after AI systems have caused damage in real-world environments.
‍

The Policy Gap in AI Governance
‍

The misalignment between risks and governance tools across the AI lifecycle indicates a critical structural gap in existing regulations. Numerous governance processes become activated after AI systems are classified as “high risk” or after they are implemented in the real world. But the most serious sources of damage have their roots in earlier stages of the development procedure.

An example is that prejudiced or unbalanced training data is almost inevitably a source of discriminative results in automated decision systems. When these types of models are applied in areas like staffing, credit rating, or in providing services to the public, such biases can quickly spread to large populations and undermine democratic rights. In the same way, the lack of transparency in model design might result in the fact that the regulator or individuals are affected by the decision-making process. This reflects a broader timing gap in AI governance, where risks originate during design and development, but regulatory intervention typically occurs only after deployment. 

Analysis
‍

1. Key risks originate before deployment: As depicted in the lifecycle mapping, the data collection and model development phase presents several significant governance risks as opposed to the deployment phase. Structural issues can be entrenched within AI systems even before they are deployed in practice due to bias in data sets, incomplete reporting of training sets, and obscured network designs.

2. Data governance is a primary point of vulnerability: Most of the instances of algorithmic discrimination listed above are associated with training material that is not representative of some population groups or is historical. Since machine learning models are optimisations of patterns that exist in datasets, these biases can be carried through the whole lifecycle and reproduced after deployment. 

3. Regulatory approaches remain mismatched across jurisdictions: Different countries adopt varying approaches to AI governance, ranging from risk-based frameworks such as the EU AI Act to more sector-specific or voluntary guidelines in other regions. This divergence creates inconsistencies in safety, accountability, and enforcement standards, allowing risks to persist across borders and potentially undermining the protection of users in globally deployed AI systems. 

4. Governance interventions remain uneven across the lifecycle: Whereas the various regulatory instruments aim at deployment and monitoring, fewer instruments systematically tackle the risks that are posed by the previous design and development phases.
‍

Recommendations
‍

1. Introduce mandatory lifecycle risk assessments: The regulatory systems need to demand systemic risk evaluation at the beginning of AI development, especially at the problem design and dataset selection phases. This would assist in detecting possible harmful applications in advance, before systems are constructed and installed.

2. Strengthen dataset governance standards: Training datasets must be supplemented with documentation as to their provenance, composition and limitations. Standardised documentation frameworks of data sets can assist in the discovery by regulators and auditors of the potential sources of bias or privacy threats.

3. Expand independent algorithmic auditing: AI systems can be assessed by regular third-party audits based on fairness, strength, and security weaknesses. The auditing mechanisms especially apply to high-risk systems employed in employment, finance or the public services.

4. Integrate continuous monitoring requirements: AI systems may be monitored regularly after implementation to identify model drift, unforeseen consequences, or abuse. Reporting systems can facilitate the process where the regulators can see the emerging risks and modify the governance systems.
‍

Conclusion - The Need for Global AI Governance
‍

Despite growing regulatory attention, global air governance remains fragmented. Different jurisdictions adopt varying approaches to risk classification, oversight, and enforcement, leading to inconsistencies in safety and accountability standards. Given that AI systems are often developed, deployed, and used across borders, this lack of coordination allows risks to persist beyond national regulatory frameworks.

Addressing these challenges requires a shift towards greater international cooperation and lifecycle-based governance. Developing shared standards, improving cross-border regulatory alignment, and embedding oversight across all stages of AI development will be essential to ensuring that AI systems are safe, transparent, and accountable in a globally interconnected environment.
‍

References
‍

• OECD AI lifecycle
• OECD AI system lifecycle description
• OECD AI governance lifecycle framework
• EU AI Act overview
• EU AI Act risk categories
• UNESCO Recommendation on the Ethics of AI
• AI governance lifecycle analysis
• OECD AI policy tools database

‍

Executive Summary
‍

A video showing a massive gathering of people dressed in black is widely circulating on social media. The clip is being shared with the claim that it shows crowds mourning the funeral of Iran’s Supreme Leader Ayatollah Ali Khamenei following his alleged killing in February 2026 However, research by the CyberPeace found that the claim is misleading and the video is unrelated to Iran.

‍

Claim:

‍

The viral video shows a large crowd gathered in a public square, with a mosque featuring a golden dome visible in the background. Social media posts claim that the footage captures mourners attending Ayatollah Khamenei’s funeral after his reported death in a joint US-Israel operation.
‍

• https://www.facebook.com/reel/25853039284304550 
• https://perma.cc/PHB8-DUPL 

‍

‍

Fact Check:

‍

To verify the claim, we extracted keyframes from the video and conducted a reverse image search. This led us to a similar clip uploaded on January 15 by an Iraqi broadcaster, Karbala TV, on Facebook. In the footage, a large crowd can be seen carrying a symbolic coffin near a shrine with a golden dome—matching the visuals seen in the viral video. According to the Arabic caption, the video shows a “symbolic funeral” procession held at the Kazimayn Shrine in Baghdad, Iraq. The event is part of an annual religious observance commemorating Imam Musa al-Kazim, the seventh Imam in Shia Islam, who is believed to have died after being poisoned in the 8th century.

Every year, large numbers of Shia devotees gather at the shrine in Baghdad to pay their respects during this commemoration. The visuals seen in the viral clip are consistent with this annual gathering.
‍

• https://www.facebook.com/reel/4350956585190139 

‍

‍

Conclusion:
‍

The claim that the video shows crowds at Ayatollah Khamenei’s funeral is false. The footage is unrelated and actually depicts a religious gathering in Baghdad, Iraq, held as part of an annual Shia ritual.

‍

Introduction

A zero-click cyber attack solely relies on software and hardware flaws, bypassing any human factor to infect a device and take control over its data. It is almost impossible to discover the attack and know that the device is hacked unless someone on your side is closely monitoring your network traffic data.

At Kaspersky, security analysts used their SIEM solution KUMA to monitor their corporate WiFi network traffic and discovered this mysterious attack. They took necessary actions to investigate it and even went a step further to dive right into the action and uncover the entire attack chain.

A few months ago, Kaspersky shared their findings about this attack on iOS devices. They shared how these zero-click vulnerabilities were being exploited by the attackers and called this attack ‘Operation Triangulation’.

A zero-click exploit in the network

Kaspersky detected a zero-click attack on the iPhones of their colleagues while monitoring their corporate WiFi network traffic. They managed to get detailed information on all the stages of the attack by simply identifying a pattern in the domain names flowing through their network. Although the attackers were quite experienced, their mistakes helped Kaspersky detect critical vulnerabilities in all iOS devices.

The name-pattern

These previously unsuspected domains had a similar name-style which consisted of two names and ended with ‘.com’, such as ‘backuprabbit.com’ and ‘cloudsponcer.com’. They were used in pairs, one for an exportation process and the other served as a command and control server. These domains showed high outbound traffic, they were registered with NameCheap and protected with Cloudflare.

The network pattern

Each time a connection to these suspicious domains was made, it was preceded by an iMessage connection which indicated these domains are being accessed by iOS devices. It was observed that the devices connected to these domains, downloaded attachments, performed a few requests to a first level domain which was an exploitation framework server, then made regular connections with the second level domain which was a command and control server controlled by the attackers.

Getting more information

To get more information about the attack all the infected devices were collected and backed up after carefully informing the device owners. Although the attackers had managed to clean their artefacts, the backed up data was used to perform digital forensic procedures and find traces of the attacks. This helped Kaspersky to figure out how the infection might be taking place.

The attacker’s mistakes

The attackers deleted all the attachment files and exploits but did not delete the modified SMS attachment folder. That folder had no files left inside it. The attackers removed evidence from other databases as well, like the ‘SMS.db’ database, however another database called ‘datausage.sqlite’ was not sanitised.

The ‘datausage.sqlite’ database is the most important database when it comes to iOS forensics as its contents can be used to track applications and network usage. Upon examination of this database, a process logged as ‘BackupAgent’ was found to be making network connections at the same time the device was making connections to the suspicious domains.

The indicator of compromise

‘BackupAgent’ stood out in this scenario because although it is a legitimate binary, it has been deprecated since iOS4 and it should not have been making any network connections. This identified the ‘BackupAgent’ process as the first solid indicator of compromise in Operation Triangulation. The indicator is termed as- ‘Data usage by process BackupAgent’, and was used to determine if any specific device was infected.

Taking it a step ahead

The team at Kaspersky successfully identified the indicator of compromise and determined which devices were infected, but as the attackers were experienced enough to delete their payloads, they decided to set a trap and perform a man-in-the-middle attack. When they did, the attackers were unable to detect it.

The man-in the-middle attack

Kaspersky prepared a server with ‘WireGuard’ and ‘mitmproxy’. They installed root certificates on devices that could be used as targets for the attackers and routed all the network traffic to that server. They also developed a ‘Telegram’ bot to notify them about new infections as they decrypted the network traffic.

Setting up a bot proved to be an effective way of real time monitoring while modifying all the network packets on-the-fly with ‘mitmproxy’, this gave them unlimited power! Their trap was successful in capturing a payload sent by the attackers and it was analysed in detail.

The name was in the payload

The payload was an HTML page with obfuscator javascript which performed various code checks and canvas footprinting. It rendered a yellow triangle and calculated its hash value. This is why the operation was named Operation Triangulation.

The team at Kaspersky started cracking various layers of asymmetric cryptography with regular expressions. They patched the stages one-by-one on the fly to move the logic from each stage to ‘mitmproxy’ and finally implemented a 400 line ‘mitmproxy’ add-on. This add-on decrypted all the validators, exploits, spyware and additional modules.

The mystery 

It is remarkable how Kaspersky detected the attack and identified multiple vulnerabilities, set up a trap to capture a payload and decrypted it completely. They shared all their findings with the device manufacturer and Apple responded by sending out a security patch update addressing four zero-day vulnerabilities. 

A zero-click vulnerability

Traditionally any spyware relies on the user to to click on a compromised link or file to initiate the infection. However a zero-click vulnerability is a specific flaw in the device software or hardware that the attacker can use to infect the device without the need for a click or tap from the user.

The vulnerabilities identified

1. Tricky Font Flaw (CVE-2023-41990): A clandestine method involving the manipulation of font rendering on iPhones, akin to a secret code deciphered by the attackers.Apple swiftly addressed this vulnerability in versions iOS 15.7.8 and iOS 16.3.

2. Kernel Trick (CVE-2023-32434): Exploiting a hidden language understood only by the iPhone's core, the attackers successfully compromised the kernel's integrity.Apple responded with fixes implemented in iOS 15.7.7, iOS 15.8, and iOS 16.5.1.

3. Web Sneakiness (CVE-2023-32435): Leveraging a clever ploy in the interpretation of web content by iPhones, the attackers manipulated the device's behaviour.Apple addressed this vulnerability in iOS 15.7.7 and iOS 16.5.1.

4. Kernel Key (CVE-2023-38606): The pinnacle of the operation, the attackers discovered a covert method to tamper with the iPhone's core, the kernel.Apple responded with a fix introduced in iOS 16.6, thwarting the intrusion into the most secure facets of the iPhone

Still, how these attackers were able to find this critical vulnerability in a device which stands out for it’s security features is still unknown.

CyberPeace Advisory

Zero-click attacks are a real threat, but you can defend yourself. Being aware of the risks and taking proactive steps can significantly reduce vulnerability. Regularly installing the latest updates for your operating system, apps, and firmware helps patch vulnerabilities before attackers can exploit them.

• Keep your software updated as they contain crucial security patches that plug vulnerabilities before attackers can exploit them.
• Use security software to actively scan for suspicious activity and malicious code, acting as a first line of defence against zero-click intrusions.
• Be cautious with unsolicited messages if the offer seems too good to be true or the link appears suspicious as it can contain malware that can infect your device.
• Disable automatic previews as it can potentially trigger malicious code hidden within the content.
• Be mindful of what you install and avoid unverified apps and pirated software, as they can be Trojan horses laden with malware.
• Stay informed about the latest threats and updates by following reliable news sources and security blogs to stay ahead of the curve, recognize potential zero-click scams and adjust your behaviour accordingly.

Check out our (advisory report)[add report link] to get in depth information.

Conclusion

Operation Triangulation stands as a testament to the continuous cat-and-mouse game between cybercriminals and tech giants. While the covert spy mission showcased the vulnerabilities present in earlier iPhone versions, Apple's prompt response underscores the commitment to user security. As the digital landscape evolves, vigilance, timely updates, and collaborative efforts remain essential in safeguarding against unforeseen cyber threats.

References:

1. Operation Triangulation: iOS devices targeted with previously unknown malware | Securelist, 1 June, 2023
2. Operation Triangulation: The last (hardware) mystery | Securelist, 27 December, 2023.
3. 37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers (youtube.com), 29 December,2023