7-minute read | 1,750 words

What to know this week

US court rules Ohio can restrict children’s use of social media.

A US appeals court has overturned a ruling to allow Ohio to implement social media bans for minors under the age of sixteen.

Five Eyes warns about AI cybersecurity risk.

The Five Eyes alliance released a three-page document warning about the dangers and risks related to frontier artificial intelligence (AI) models.

This week's full stories

Court allows for Ohio to implement restrictions on social media use.

THE NEWS

Last week, the 6th US Circuit Court of Appeals overturned a lower-court ruling. The lower-court ruling had blocked enforcement of a law passed by the Ohio legislature that regulates how minors under the age of sixteen access social media platforms. In the appeals court’s ruling, the panel found that the law did not violate free speech protections. 

In his ruling, US Circuit Judge Eric Clay wrote:

“At bottom, the Act imposes a parental consent requirement. That requirement constitutes a marginal burden that precisely targets the multi-faceted problem that Ohio has identified: Children’s unsupervised assent to terms and conditions for use of platforms that take advantage of and harm them.”

With the ruling, Ohio Attorney General Andy Wilson stated:

This decision “gives parents the tools to be involved and provide oversight.”

NetChoice, the trade group that originally requested that the law be blocked, commented on the recent ruling stating:

The group “remains fully confident that this unconstitutional law will ultimately be struck down permanently.”

THE KNOWLEDGE

For context, the law is known as the Social Media Parental Notification Act, and it was originally passed in 2023, taking effect in January 2024. However, the law was later blocked from enforcement by US District Judge Algenon Marbley.

The law requires covered websites and online services that may be accessed by children under sixteen to verify users’ ages.

This legal challenge is just one of several from NetChoice. Alongside targeting Ohio’s social media restriction law, Netchoice has also challenged similar age restrictions laws in Arkansas, Louisiana, South Carolina, and Mississippi. 

For many of these lawsuits, NetChoice argues that these age restrictions violate the First Amendment. More specifically, NetChoice argues that these laws “regulate how covered services select, rank, recommend, and display speech to their users - all protected expression.”

Outside of the Ohio lawsuit, the other cases are in the following states:

• Arkansas: NetChoice secured a permanent injunction and summary judgement victory in March 2025. The state legislature has attempted to enact revised legislation. 
• Louisiana: In December 2025, a District Court granted NetChoice’s motion for summary judgement and issued a permanent injunction, finding that the law violated the First Amendment and was impermissibly vague.
• Mississippi: In 2024, the federal district court initially blocked the law, but in April 2025 the Fifth Circuit vacated the injunction and sent the case to the Supreme Court. After the injunction was vacated, the Supreme Court declined to restore it, allowing Mississippi to continue enforcing the law while litigation proceeds.
• South Carolina: While NetChoice has filed its lawsuit, there has not been a major rules update.

As litigation continues, the results of these cases, and whether the recent Ohio ruling is successfully appealed, will be critical for assessing how states seek to regulate minors’ access to social media platforms.

THE IMPACT

The Ohio decision is particularly significant because it suggests that courts may be willing to distinguish parental consent requirements from broader restrictions on online speech. If other courts adopt similar reasoning, states could increasingly pursue age-verification and parental oversight requirements as viable methods for regulating children’s access to social media platforms.

As each of these cases continues to develop, the resulting rulings will play a major role in determining how states attempt to regulate social media platforms and online services used by minors. 

At the same time, the mixed outcomes across Ohio, Arkansas, Louisiana, and Mississippi demonstrate that courts remain divided on where to draw the line between child-safety regulations and First Amendment protections. While some judges have viewed these laws as permissible consumer and parental protection measures, others have concluded that they improperly restrict access to protected speech and place unconstitutional burdens on online platforms.

As more states enact similar legislation, the growing number of conflicting rulings could eventually increase pressure for the Supreme Court to provide clearer guidance on the constitutionality of social media age restrictions.

Five Eyes warns about the frontier AI model.

THE NEWS

On Monday, the Five Eyes released a three-page document warning global leaders about the risks associated with frontier AI models. 

In the document, the alliance members wrote:

“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.”

Additionally, the statement urged leaders to:

• Understand and assess risk, readiness, and accountability.
• Prioritize foundational cybersecurity practices and controls.
• Empower cyber leaders with authority and resources.
• Stay actively engaged as threats and guidance evolve.

The alliance noted that this advisory was driven by the rising sophistication of frontier models. Specifically, the alliance noted that these new models lowered “barriers for malicious actors and [increased] the speed and complexity of attacks.”

THE KNOWLEDGE

Outside of stressing the importance of getting ahead and securing frontier AI models, the alliance also recommended a series of practical actions. These actions included:

1. Reducing your attack surface by limiting unnecessary system access and external connectivity.
2. Accelerating patching processes to reduce the time between vulnerability discovery and exploitation alongside ensuring security updates are applied accordingly to manage associated risk levels.
3. Addressing legacy systems as unsupported systems can be easy targets.
4. Reviewing and strengthening identity and access controls to limit who can access critical systems.
5. Prepare for incidents before they happen by testing response plans, train and prepare teams, and assume breaches will occur.

Alongside these practical recommendations, it is likely that this advisory was released due to the release of Fable 5, Anthropic’s latest publicly available security model.

Acting as a more toned-down version of Mythos, Fable 5 was designed to be a publicly available model that would function as a key security tool without creating the major risks associated with malicious actors exploiting Mythos. However, despite its recent release, the new model has already been seen concerning exploit reports and responses from the White House.

Less than a week after Fable 5’s release, reports emerged that a hacker was able to achieve a prompt-based jailbreak. While Anthropic did push back on these claims highlighting their red team efforts and how the jailbreak was not a true success, government actors already began to take action. 

Shortly after, the Trump administration issued a directive to suspend access to both Fable 5 and Mythos 5 for all customers to ensure compliance. More specifically, the administration stated that it will not lift its export control enforcement due to jailbreaking concerns. 

THE IMPACT

Given the potential of frontier AI models, the Five Eyes warning reflects a growing shift in how governments are approaching these models. Rather than treating AI as a future challenge, intelligence and cybersecurity agencies are increasingly framing frontier systems as a near-term threat multiplier capable of enhancing both defensive security capabilities and malicious operations.

Additionally, the advisory highlights a growing concern that organizations may be underestimating the pace of change. While many discussions focus on AI’s long-term risks, the Five Eyes specifically warned that these capabilities could emerge within months rather than years. This accelerated timeline leaves nations and organizations alike with an ever-shrinking window to strengthen cyber hygiene practices, modernize legacy infrastructure, and improve resilience efforts.

Lastly, as newer and more advanced models continue to emerge, incidents like jailbreaking, misuse, and export control will likely continue to emerge further driving pressure to increase model scrutiny. This effort could lead to additional safeguards, reporting requirements, and stronger oversight mechanisms.

This Week's Caveat Podcast: HR1 and the future of U.S. tech security.

In this week’s Caveat Podcast, we revisit one of our previous Policy Deep Dive conversations. For this month’s deep dive, our team broke down HR1, or as it is more commonly known, the One Big, Beautiful Bill. During this conversation, our team looked at the various funding measures that the bill implemented and how these initiatives contributed to the Trump administration's overall policy strategy.

Listen to the episode now.

OTHER NOTEWORTHY STORIES

Meta lobbies Congress for protection from child-harm lawsuits.

What: Meta Platforms has lobbied the US Congress for legal immunity related to child-harm claims. 

Why: On Friday, Meta lobbied Congress to institute legal immunity from child-harm claims related to its social media platforms. For this provision, Meta was aiming to implement this legal immunity into the Kids Online Safety Act (KOSA), which is currently under consideration in the Senate.

The proposed regulation reads as follows:

Online companies would be “immune from suit or liability under state law with respect to all claims for loss caused by, arising out of, relating to, or resulting from the safety or privacy of individuals under the age of eighteen online or otherwise related to the provisions” of KOSA.

Regarding this lobbying effort, Meta spokesperson Stephanie Otway stated that the provision “does not extinguish existing lawsuits, nor does it represent blanket immunity.”

JUNE 19, 2026 | Source: Reuters

Trump signs Executive Order accelerating post-quantum cryptography migration.

What: Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031.

Why: On Tuesday, President Trump signed Executive Order 14409. With this order, federal agencies are required to inventory their high-value assets and high-impact systems and prepare them for post-quantum cryptography (PQC). The order also instructs agencies to designate a PQC migration lead, with the Department of Commerce running a pilot project through 2027.

The White House wrote:

“The pilot program will showcase a successful migration by 2027, setting a clear example for agencies to fortify their cyber defenses as quantum technology advances.”

JUNE 23, 2026 | Source: Security Week

Bank of England softens stablecoin rules in final policy draft.

What: The Bank of England (BoE) published new policies regarding stablecoins.

Why: On Monday, the BoE published a series of new policies that will ease regulations regarding stablecoin rules. With these new rules the BoE removed provisions that would have placed a cap on the amount of stablecoins an individual could hold. Instead, the new rules will limit the total issuance per stablecoin, set at 40 billion pounds.

Additionally, these new rules relaxed a proposal on backing assets to allow issuers of stablecoins to invest up to 70%, instead of the proposed 60%, of assets. 

JUNE 22, 2026 | Source: Reuters