Government issues open letter to business leaders outlining AI cyber threats

16 Apr 2026 03:00 PM

The government has sent an open letter to UK business leaders warning of the rapidly evolving cyber risks posed by advancements in AI systems. This follows the announcement that some new models have the potential to find vulnerable cyber defences at unprecedented speeds.

The letter coincides with a separate letter from Richard Horne, CEO of the National Cyber Security Centre in the Financial Times, who highlights the accelerating pace of change in cyber security and urges organisations to raise their security baselines.

Recent analysis from the Department of Science, Innovation and Technology’s (DSIT) AI Security Institute (AISI) found that models such as Mythos has substantially more capabilities in cyber offence than any model they have previously tested. AISI’s latest report found that frontier model capabilities are doubling every 4 months, compared to every 8 months previously.

Government are recommending that businesses take the same steps to protect against AI-driven cyber attacks as they would for traditional cyber threats. These are:

• Cyber security should be taken very seriously, even at the top of your organisations. Boards should use the Cyber Governance Code of Practice.
• Businesses should use Cyber Essentials – the government-backed certification scheme to protect against the most common attacks.
• Follow NCSC to receive their free, practical advice, training and guidance. The Early Warning service is a free to use and helps organisations consider the steps they should take before an incident escalates.

You can read the open letter here,  NCSC’s blog on why cyber defenders need to be ready for frontier AI here and Jonathan Ellison OBE, Director of National Resilience at NCSC’s blog here.

techUK reaction

The potential for AI to transform cyber security is not new. For many years, industry has anticipated the defensive benefits and the risks associated with increasingly capable AI models, and we’ve seen the steady development of standards and frameworks designed to reduce the harm businesses may face. What has changed is the speed and scale at which these vulnerabilities can now be identified. This has rightly caused concern in government, and it should be prompting equal concern for business leaders.

From conversations with members, it’s clear that the journey for frontier models is only just beginning. We are witnessing a new attack surface emerging and one that evolves as quickly as the models themselves. The shift has the potential to reshape how businesses think about and deploy cyber security standards. Crucially though, it’s something business leaders can no longer afford to treat as an abstract risk and could the development that forces the hand of business leaders when it comes to thinking about their operational resilience.

To find out more about what techUK is doing on AI security, please contact annie.collings@techuk.org.