UK cyber agency handling four major incidents a week as nation-state attacks surge

Britain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers, as the government unveiled a £90 million (about $121.48 million) package to bolster the country's digital defences.

Richard Horne, chief executive of the National Cyber Security Centre (NCSC), told the annual CYBERUK conference in Glasgow that while the incident rate had held relatively steady since he first disclosed the figure last October, the origin of those attacks had shifted dramatically.

“The majority of the nationally significant incidents that my teams are handling now originate directly or indirectly from nation states,” said Horne.

China, Russia and Iran were each singled out. Horne described China's military and intelligence agencies as displaying an “eye-watering level of sophistication,” making Beijing not just a capable adversary but what he called “a peer competitor in cyberspace.”

Russia, he said, was exporting tactics developed on the battlefields of Ukraine and directing them at states it considers hostile, with sustained hybrid activity already detected across the U.K. and Europe.

Earlier this month, the NCSC published a technical advisory warning that Russia's GRU military intelligence agency has been compromising home and small office routers to redirect internet traffic through servers under their control, enabling them to intercept credentials and map networks for further targeting.

Iran was accused of using cyber operations to target British individuals on U.K. soil who are seen as threats to the regime. In March, following U.S. and Israeli strikes that killed Iran's Supreme Leader, the NCSC said British organizations were at a heightened risk of indirect cyber threats, particularly for those with a presence or supply chains in the Middle East.

Security Minister Dan Jarvis used the same stage in Glasgow to announce the £90 million investment package and a new Cyber Resilience Pledge, which the government will ask major organizations to sign this summer, committing them to treat cybersecurity as a board-level responsibility.

Jarvis invoked a recent attack on Jaguar Land Rover to illustrate the stakes, arguing the damage inflicted would have been equivalent, in physical terms, to hundreds of masked criminals smashing up dealerships and driving cars off forecourts across the country. 

“The truth is, there is no significant difference between these types of attacks,” he said.

Both officials pointed to artificial intelligence as reshaping the threat landscape at speed. Horne warned that frontier AI is already enabling adversaries to discover and exploit vulnerabilities at scale, while Jarvis cited testing of Anthropic's recently disclosed Mythos Preview model, which he said had autonomously identified thousands of previously unknown software flaws — some overlooked by human experts and automated tools for more than two decades.

The government's own AI Security Institute has offered a more measured assessment of the software. 

It found Mythos was more capable at cyber offense than any model it had previously evaluated, but stressed that its test environments were deliberately simplified and easier to compromise than real-world systems — lacking active security teams, monitoring tools and the risk of detection — making it difficult to assess how the model would perform against well-defended networks.

The AI threat intersects with a concern Horne has raised repeatedly in recent months that the software ecosystem is riddled with preventable vulnerabilities that neither vendors nor customers have moved quickly enough to fix.

Officials have warned for years that baseline practices — patching systems, monitoring networks, preparing incident response plans — remain unevenly implemented across industry, and that governments have so far failed to change those behaviors at the pace the threat demands.

Jarvis called on major AI companies to go beyond selling commercial products and partner directly with the government to build national-scale, AI-powered cyber defense capabilities. 

“Capabilities that can protect our nation's most critical networks by autonomously identifying and addressing vulnerabilities at a speed and scale no human can match,” he said.

“This is a generational endeavour, and it will test the absolute limits of our engineering and innovation.”

His point comes amid concerns that advanced forms of AI-enabled cyber operations may already be emerging in state-backed programs. 

That ambition reflects a broader race already underway. As reported by Recorded Future News earlier this year, leaked Chinese technical documents outline efforts to build AI systems capable of navigating defended networks while avoiding detection — pointing to a future of far greater automation on both sides of the conflict. 

“Whoever possesses the better AI wins,” one expert warned at the time, “because if an AI system attacks you, no human can defend it.”

A full National Cyber Action Plan is expected to be published this summer.