WIREDGOV

• GCHQ’s National Cyber Security Centre warns a ‘digital divide’ between organisations that can keep pace with AI-enabled threats and those that cannot is set to heighten the UK's overall cyber risk.
• New report, published day one of CYBERUK conference, says artificial intelligence will almost certainly further reduce time between vulnerabilities being disclosed and being exploited by malicious actors.
• The NCSC urges organisations to follow advice to implement AI tools securely and maintain protective security measures on wider systems.

Over the next two years, a growing divide will emerge between organisations that can keep pace with AI-enabled threats and those that fall behind – exposing them to greater risk and intensifying the overall threat to the UK’s digital infrastructure, cyber chiefs have warned today (Wednesday).

A new report, launched by Pat McFadden, the Chancellor of the Duchy of Lancaster at the National Cyber Security Centre’s (NCSC) CYBERUK conference, outlines how artificial intelligence will impact the cyber threat from now to 2027, highlighting how AI will almost certainly continue to make elements of cyber intrusion operations more effective and efficient.

It warns that, by 2027, AI-enabled tools are set to enhance threat actors’ ability to exploit known vulnerabilities, adding that whilst the time between the disclosure and exploitation has already shrunk to days, AI will almost certainly reduce this further, posing a challenge for network defenders.

The report also suggests that the growing incorporation of AI models and systems across the UK’s technology base, particularly within critical national infrastructure and where there are insufficient cyber security controls, will almost certainly present an increased attack surface and opportunities for adversaries.

As AI technologies become more embedded in business operations, organisations are being urged to act decisively to strengthen cyber resilience and mitigate against AI-enabled cyber threats.

Paul Chichester, NCSC Director of Operations, said:

"We know AI is transforming the cyber threat landscape, expanding attack surfaces, increasing the volume of threats, and accelerating malicious capabilities. 

"While these risks are real, AI also presents a powerful opportunity to enhance the UK’s resilience and drive growth—making it essential for organisations to act. 

"Organisations should implement strong cyber security practices across AI systems and their dependencies and ensure up-to-date defences are in place."

The integration of AI and connected systems into existing networks requires a renewed focus on fundamental security practices. The NCSC has published a range of advice and guidance to help organisations take action, including by using the Cyber Assessment Framework and 10 Steps to Cyber Security.

The report also highlights, in the rush to provide new AI models, developers will almost certainly prioritise the speed of developing systems over providing sufficient cyber security, increasing the threat from capable state-linked actors and cyber criminals.

Earlier this year, the UK government announced the new AI Cyber Security Code of Practice, produced by the NCSC and the Department for Science, Innovation and Technology (DSIT), which will help organisations develop and deploy AI systems securely.

The Code of Practice will form the basis of a new global standard for secure AI through the European Telecommunications Standards Institute (ETSI).

The assessment builds on the NCSC’s previous report, the near-term impact of AI on the cyber threat assessment, published in January 2024 and looks to highlight the most significant impacts on cyber threats to the UK from AI developments over the coming years.

View The Impact of AI on Cyber Threat - From Now to 2027 assessment