Explained: Why the UK is Looking to AI for Cyber Defence

The UK Government is leveraging the rapid advancement of frontier AI models to strengthen national cyber defence capabilities, marking a significant shift in how AI is being deployed for security purposes.

With a £90m (US$118m) investment commitment aimed at securing the defences small and medium-sized businesses, the initiative comes as models like Anthropic's Claude Mythos Preview and OpenAI's GPT 5.4-Cyber demonstrate unprecedented capabilities in vulnerability detection at machine speed.

The potential implications of these AI systems being used adversarially could present substantial challenges for national security infrastructure.

"Today I'm making a call to action for leading AI companies and UK innovators to work with the UK Government to build AI cyber defence capabilities," says Dan Jarvis MBE, the UK's Security Minister.

"We've already made the UK a top destination for AI investment and want to take this work a step further in a generational endeavour to protect the UK from a new era of threats.

"This work sits alongside all the action we're taking, through the National Cyber Action Plan, to work with businesses and strengthen cybersecurity across the country."

AI deployment for national security

The collaboration between public and private sectors represents what Jarvis describes as a "generational endeavour" that could enable the protection of critical national networks by autonomously identifying and addressing vulnerabilities at a speed and scale beyond human capability.

As hostile states increasingly deploy AI systems, the National Cyber Security Centre (NCSC) has observed a significant shift in threat patterns.

Security incidents managed by the NCSC more than doubled in 2025, highlighting the growing challenge posed by AI-enabled attacks.

"We know our adversaries will increasingly apply AI tooling," said Richard Horne, CEO of the NCSC, in his keynote speech at CYBERUK 2026.

"As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale.

"Illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed, such as code shipped by tech producers with significant vulnerabilities, organisations that are not patching with the completeness or urgency they should or that are failing to grasp the nettle of replacing old legacy systems."

The government has also introduced a voluntary Cyber Resilience Pledge, inviting enterprises to commit to three "concrete actions" aimed at strengthening their security posture.

Balancing AI innovation with security

Industry response to the government's AI-focused security commitment has been cautiously optimistic.

According to Trevor Dearing, Director of Critical Infrastructure at Illumio, the initiative represents "a positive signal from [the] government", saying that "it is right to push cyber security into the boardroom". 

However, Trevor notes the complexity of the challenge. "Despite more spending, more tools and more people, the impact of cyber attacks keeps getting worse. That's because most security models still optimise for compliance and detection, not for limiting real‑world damage when breaches inevitably occur."

He adds that, while the Cyber Resilience Pledge could help establish direction, delivering consistent outcomes at scale requires focus on measurable returns through reduced risk and improved resilience.

Research suggests that organisations prioritising resilience experience lower breach costs, stronger customer trust and greater operational stability.

AI infrastructure and identity management

Ev Kontsevoy, CEO of Teleport, describes the government's call for collaboration in AI-driven cyber defence as a "step in the right direction" but emphasises the need for urgency.

"The speed of AI development is currently far outpacing the speed at which the traditional cybersecurity industry is responding," Ev explains.

"Building cyber resilience in the AI-age begins by establishing identity as the core part of infrastructure AI runs on, unifying all human and non-human identities into a single layer secured with cryptographic, hardware-backed trust and short-lived privileges.

"Only then can organisations truly enforce limits on what AI accesses and who receives this information."

The initiative highlights how frontier AI models are reshaping both the threat landscape and defensive capabilities, positioning artificial intelligence as a central component of modern security infrastructure.