AI-driven cyber threats prompt UK warning to businesses

A UK open letter says AI-driven cyber threats require faster action on cyber hygiene, governance, and incident preparedness.
Department for Science, Innovation and Technology branding illustrating a UK government open letter warning businesses about AI-driven cyber threats

The United Kingdom’s Secretary of State for Science, Innovation and Technology, Liz Kendall, and Security Minister Dan Jarvis have issued an open letter urging businesses to strengthen cyber hygiene in response to increasingly advanced frontier AI cyber capabilities and potential cyber threats.

The letter says newer AI models are becoming capable of finding software weaknesses, writing exploit code, and operating at a speed and scale that previously required rare expertise.

Recent testing by the Department for Science, Innovation and Technology’s AI Security Institute, cited in the letter, found that Anthropic’s Mythos model is substantially more capable at cyber offence than any model previously assessed, making it one of the potential cyber threats to observe.

The ministers say the institute now assesses that frontier-model cyber capabilities are doubling every 4 months, compared with every 8 months previously. The letter also points to OpenAI’s expansion of its Trusted Access for Cyber programme.

The letter points to the AI Security Institute, the National Cyber Security Centre, the Cyber Security and Resilience Bill currently progressing through Parliament, and a forthcoming National Cyber Action Plan as part of the UK response.

At the same time, the ministers stress that government action alone will not be enough, arguing that attackers will target ordinary companies as well as government systems and critical infrastructure.

The ministers call on business leaders to treat cybersecurity as a board-level issue and to regularly review cyber risk, rather than leaving it solely to information technology teams. They urge organisations to use the Cyber Governance Code of Practice, while smaller businesses are directed to the National Cyber Security Centre’s Cyber Action Toolkit. The letter also recommends planning and rehearsing responses to major cyber incidents, including the role of cyber insurance in response and recovery.

A second recommendation is to adopt Cyber Essentials, the government-backed certification scheme designed to reduce exposure to common cyber threats such as outdated software, weak passwords, and missing backups. The ministers say larger organisations should also use the National Cyber Security Centre’s Cyber Assessment Framework and embed Cyber Essentials requirements across supply chains.

The letter also urges organisations to follow National Cyber Security Centre guidance and sign up to its Early Warning service. Its central message is that the protective steps needed against AI-driven cyber threats are the same core cyber hygiene measures recommended for traditional cyber threats, but that the pace of technological change makes early action more urgent.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.