Home

Donate
Perspective

Why Europe’s Safeguards Against AI Disinformation Won’t Stop Russia’s Next Move

Gerald Mako / Jul 8, 2026

In this image taken from video provided by Russian Presidential Press Service on Friday, July 3, 2026. Russian President Vladimir Putin speaks while visiting one of the command posts of the Joint Group of the Russian Forces, in an undisclosed location. (Russian Presidential Press Service via AP)

Republish

In 2025, one in four foreign disinformation operations detected by the European External Action Service involved AI tools. That share is expected to grow sharply in 2026, but it still does not reflect the coming shift toward agentic systems, which represent a massive qualitative change. The difference lies in how they operate: unlike previous tools that mainly generate content on command, these new systems are goal-oriented. Give them an objective, and they will figure out how to achieve it by navigating platforms, using external tools, checking their own progress, and pivoting when necessary, all with barely any human involvement. Agentic systems can operate fake personas on a massive scale, engage directly with people, and tweak their tactics in real time based on how targets react. Even though the technology is still in its early stages, it's already making influence campaigns faster, more relentless, and much harder to trace back to the source. This raises the stakes considerably.

Over the past few years, Russia has demonstrated it all too well that it can integrate generative AI into disinformation tactics through campaigns such as Doppelgänger and Operation Overload. The addition of agentic capabilities would allow these networks to operate with greater autonomy, scale, and adaptability. Russian networks have already flooded the open web with millions of low-quality articles specifically designed to be scraped into training data, causing AI chatbots to repeat pro-Kremlin arguments and demonstrating how adversaries can shape the information environment that AI systems draw upon. Indeed, major Western chatbots have been shown to repeat Kremlin-aligned narratives at notable rates even after public exposure of Russian networks. In other words, disinformation is not just about playing whack-a-mole with fake posts anymore; it is aiming to compromise the supply chain of our information ecosystem.

Agentic AI is accelerating a shift that existing European frameworks are poorly equipped to handle. Unlike basic data poisoning, agentic systems can search for and target the specific weaknesses that manipulated or low-quality data introduces into AI models as they scrape the web. Russian or Russia-affiliated actors can exploit blind spots in real time, in effect turning compromised AI models and information ecosystems more broadly into instruments for mass manipulation.

Europe’s current regulatory architecture was built for an earlier stage of the problem: the Digital Services Act places obligations on platforms to mitigate systemic risks, including disinformation, the AI Act introduces transparency requirements for generative outputs and prohibits certain manipulative techniques, while the European Centre for Democratic Resilience seeks to strengthen coordination and early warning across member states.

These instruments do matter. But in practice they focus mostly on platform compliance and picking off individual pieces of content, while missing a more novel threat: coordinated activity carried out by networks of agents. Current guidance tends to treat agentic systems as just another interface for existing AI tools, applying the same risk categories and transparency rules, rather than recognizing them as systems that can plan, adapt, and act independently.

For instance, the AI Act does not treat coordinated agentic activity as its own category requiring tailored safeguards. Meanwhile, the Centre has improved information-sharing, but it still lacks both the technical capacity and the mandate to carry out sustained red-teaming of agentic threats or to support the development of defensive AI tools.

It would, however, be unfair to suggest that this gap is a uniquely European problem. It is not, and it goes well beyond disinformation. From military procurement and healthcare diagnostics to financial risk management and enterprise workflows, AI is evolving faster than the systems meant to govern it. The uncomfortable reality is that our current frameworks were not designed for a technological landscape that changes so fast that yesterday’s assumptions barely hold.

The consequences of this defensive gap extend well beyond episodic disinformation operations that cause much annoyance but generally can be kept in check. Relentless waves of autonomous AI attacks risk fracturing public support for Ukraine, scramble debates around EU enlargement, affect the European Democracy Shield, and heavily distort the landscape ahead of future European elections. Attacks are likely to concentrate on the precise areas where the EU is trying to demonstrate geopolitical cohesion, precisely because Moscow has a strategic interest in fracturing them.

The damage would not be limited to immediate political outcomes. Eroding baseline public trust in AI itself is a distinct possibility, as people may increasingly realize the chatbots they rely on are subtly feeding them manipulated narratives—although the vast majority will not. The asymmetry is stark: authoritarian states such as Russia and China can develop and deploy AI-driven influence capabilities with minimal internal constraints, while open societies must counter these threats without undermining the very openness and debate they seek to protect.

Closing this gap will require the EU to move from high-level commitments to operational capability. The Centre should be given a clearer operational role, technical testing capabilities, and dedicated resources to anticipate agentic threats. This includes a permanent red‑teaming operation dedicated to Foreign Information Manipulation and Interference related AI systems, linked to the Rapid Alert System and national task forces. At the same time, implementation of the AI Act and Digital Services Act must evolve beyond content-level transparency measures. Instead, it must actively target how networks of autonomous agents coordinate their behavior.

Sustained public investment in defensive AI is critical, but funneling it through standard, slow-moving research programs will not deliver results in time. A dedicated funding line for European public-interest AI tooling, focused on detection of coordinated agent behavior and rapid counter-narrative generation, would reduce reliance on external providers and strengthen sovereign resilience. Stronger operational links between national FIMI units, the Centre, and platforms can help move responses from reactive exposure to earlier disruption. Media literacy efforts will also need to evolve beyond detection of synthetic media to address the more complex challenge of identifying and responding to synthetic interactions generated by networks of autonomous agents.

While existing frameworks offer a vital baseline, they were simply not built for systems capable of planning, adapting, and coordinating on their own. Legislation like the AI Act and the Digital Services Act is heavily geared toward generative content, high-risk applications, and platform moderation. Crucially, these laws lack the specific tools needed to audit autonomous agents or tackle language-specific geopolitical bias as it happens.

The European Democracy Shield is similarly under-resourced for systematic, multilingual testing of emerging AI systems against foreign information manipulation. This shortfall can no longer be treated as a secondary concern. Unless Brussels rapidly aligns its democracy protection instruments, AI regulation, and security policy with the realities of agentic operations, instead of shaping the environment in which such campaigns unfold, it will find itself constantly reacting to the next campaign.

Support Tech Policy Press
If you've found our work helpful, consider supporting us.

Authors

Gerald Mako
Gerald Mako is a Research Affiliate of the Cambridge Central Asia Forum at Cambridge University. His research focuses on artificial intelligence, cybersecurity, and great power competition in Asia. He examines strategic threats from Chinese and Russian cyber operations and influence campaigns, as we...

Topics

Related

Perspective
Disinformation on Private Messaging Platforms Requires New Regulatory ApproachMarch 10, 2026