Systems Facing Increased Risk of AI-Enhanced Cyber Attacks, Warns NCSC

The window between discovering and exploiting a vulnerability has already narrowed to just days, and AI is expected to shorten it even further, experts said.
Systems Facing Increased Risk of AI-Enhanced Cyber Attacks, Warns NCSC
Chancellor of the Duchy of Lancaster Pat McFadden delivers a keynote speech to the CyberUK conference at the Central Convention Complex in Manchester, England, on May 7, 2025. Ryan Jenkinson/PA Wire
Victoria Friedman
Updated:
0:00

By 2027, artificial intelligence tools will significantly increase the ability of malicious actors to find and exploit vulnerabilities in our systems, the National Cyber Security Centre (NCSC) has warned.

The NCSC, which is the UK’s technical authority for cyber security and part of the GCHQ intelligence agency, said in its report published on Wednesday that AI will “almost certainly” continue to make cyber intrusion more effective and efficient, “leading to an increase in frequency and intensity of cyber threats.”

It also warned that the window between discovering and exploiting a vulnerability has already narrowed to just days, and that AI is expected to shorten it even further, making it harder for those working to keep networks secure.

The cyber security specialists said that malicious actors, such as cyber criminals and those acting on behalf of hostile states, are very likely already using AI to enhance their existing tactics to penetrate systems, including through victim reconnaissance, vulnerability research, and malware generation.

Critical Systems

If cyber security does not keep pace with these advancements, “there is a realistic possibility of critical systems becoming more vulnerable to advanced threat actors by 2027,” the report said.

The NCSC says that in order to protect themselves, organisations must implement advanced strategies to counter AI-driven attacks, including continued monitoring and using AI-based defence systems.

Paul Chichester, NCSC director of operations, said: "We know AI is transforming the cyber threat landscape, expanding attack surfaces, increasing the volume of threats, and accelerating malicious capabilities.

“While these risks are real, AI also presents a powerful opportunity to enhance the UK’s resilience and drive growth—making it essential for organisations to act.

“Organisations should implement strong cyber security practices across AI systems and their dependencies and ensure up-to-date defences are in place.”

Serious Organised Crime

The report’s publication coincided with the first day of the annual security conference put on by CyberUK, which is hosted by the NCSC.

In his keynote speech to the conference on Wednesday, Chancellor of the Duchy of Lancaster Pat McFadden called cyber attacks “serious organised crime.”

He told business leaders and tech experts: “The purpose is to damage and extort good businesses. It’s the digital version of an old-fashioned shake down. Either straight theft or a protection racket where your business will be safe as long as you pay the gangsters.

“And what we’ve seen over the past couple of weeks should serve as a wake-up call for everyone - for government and the public sector, for businesses and organisations up and down the country, as if we needed one, that cybersecurity is not a luxury - it’s an absolute necessity.”

Chancellor of the Duchy of Lancaster Pat McFadden delivers a keynote speech to the CyberUK conference at the Central Convention Complex in Manchester, England, on May 7, 2025. (Ryan Jenkinson/PA Wire)
Chancellor of the Duchy of Lancaster Pat McFadden delivers a keynote speech to the CyberUK conference at the Central Convention Complex in Manchester, England, on May 7, 2025. Ryan Jenkinson/PA Wire

His remarks come after major British retailers Marks & Spencer, the Co-op, and Harrods all experienced serious cyber incidents.

The minister announced that the government would be investing an extra £7 million in the Laboratory for AI Security Research, which was launched by the Labour administration in November and comprises of experts from organisations including Oxford University, the Alan Turing Institute, and the Department for Science, Innovation, and Technology (DSIT).

DSIT said a further £8 million will be given to Ukraine for its cyber defences and £1.1 million will go to the Moldovan government to “protect the country’s upcoming Parliamentary Election.”

China Becoming a ‘Cyber Superpower’

In his speech, the minister specifically highlighted China as a key point of discussion, saying, “we need to be clear-eyed about the challenge posed” by the nation.

He said: “It is well on its way to becoming a cyber superpower. It has the sophistication. The scale. And the seriousness.

“It’s one of the world leaders in AI, as the world’s second largest economy it’s deeply embedded in global supply chains and markets.”

“Disengagement economically from China is not an option. Neither’s naivety,” McFadden said.

“Our approach should be to engage constructively and consistently with China where it is in the UK’s economic interests, but also to be clear that we will robustly defend our own cyberspace,” he said.

His comments come after British intelligence services have raised the alarm in recent years over the threat that Beijing poses to the UK’s cyberspace.
The NCSC’s annual review published in December said that China “continues to be a highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including in the UK.”
Last year, the then-Conservative government accused hackers affiliated with the Chinese communist regime of having been responsible for two “malicious cyber campaigns” on the Electoral Commission and against parliamentarians.