The Chairman of the Senate Committee on ICT and Cyber Security, Afolabi Salisu (APC, Ogun), has announced ongoing efforts to review the National Data Protection Act (2023) in response to emerging threats from technological advancements, particularly artificial intelligence.
AI-Powered Cyber Attack Attempt
Google revealed in research published on May 12, 2026, that a criminal hacking group recently attempted a widespread cyber-attack that appeared to rely on artificial intelligence to detect a previously unknown software bug. This highlights the potential threat AI poses to digital security.
Speaking at the opening of a three-day workshop on Data Protection Awareness Promotion, organized for the Joint National Assembly Committee on ICT by the Nigeria Data Protection Commission (NDPC) and Ampersand Development Partners, Salisu noted that since the Act's enactment in 2023, new developments such as AI and the United Nations Convention on Cyber Crimes have emerged.
Strengthening Data Governance
The lawmaker emphasized the connection between data governance and cybercrimes, stressing the need to review the Act and strengthen necessary handshakes. He stated, "We need to ensure the security of our country, particularly in cyberspace and our data governance as well as technology advancement like AI."
"As legislators, we need to know about data privacy and protection for us to be able to effectively legislate in that area. You cannot legislate in an area you are not sufficiently knowledgeable in; this workshop affords us the opportunity to build our capacity to understand modern principles of data protection and to be in a position to review the National Data Protection Act," Salisu added.
The Chairman of the House Committee on ICT and Cyber Security, Stanley Olajide (APC, Oyo), likened data to gold, noting that Nigeria's next prosperity will come from data, not oil.
Google's Findings on AI and Zero-Day Vulnerabilities
Security experts have long feared that malicious hackers could eventually use AI models to identify undisclosed flaws in computer code to launch crippling attacks. That fear was largely theoretical until now. Google's report stated, "We have high confidence that the actor likely leveraged an AI model to support the discovery and weaponisation of this vulnerability."
The tech giant did not specify when the thwarted attack occurred, who the target was, or which AI platform the hackers used, but it confirmed that it was not its own Gemini chatbot.
Google's research comes as the technology industry and governments, including the Donald Trump administration, reassess how to police advanced versions of AI, largely due to growing concerns over cybersecurity implications.
Flaws like the one identified are known as "zero-day vulnerabilities" — security holes unknown to software makers. They were once considered so rare and valuable that they could fetch millions of dollars on black markets for hacking tools.
However, new AI models like Anthropic's Mythos, announced last month, appear to be highly effective at finding such holes. Anthropic shared Mythos only with a limited number of firms and government agencies in the United States and Britain. When announced, Anthropic said it had identified thousands of zero-day vulnerabilities "in every major operating system and every major web browser," including many that were decades old.
Details of the Zero-Day Flaw
The zero-day flaw was detected by the Google Threat Intelligence Group within the past few months and was exploited by "prominent cybercrime threat actors" in a Python script. It would have allowed hackers to bypass two-factor authentication on "a popular open-source, web-based system administration tool," though successful exploitation also required valid credentials like usernames and passwords.
