-optimized.jpg){kind=avatar}
AI companies and UK innovators ought to work with the UK Government to ‘co-develop’ AI for national cyber defence, says the Home Office security minister Dan Jarvis. He was speaking at the three-day UK official CYBERUK gathering in Glasgow.
He stated that ‘the cyber security of British business is a matter of national security’. For the speech in full visit the Home Office website. He described basic cyber hygiene as no longer optional, ‘but the baseline โ the absolute minimum we should expect of any serious organisation operating in the modern economy’. Promised were ‘practical, targeted support to help our small and medium-sized businesses’ and a ‘boost’ to cyber resilience in ‘priority areas’.
Mythos
He referred to the ‘revelation’ of Anthropicโs new Claude Mythos AI model. He said: “In testing, it autonomously found thousands of zero-day vulnerabilities across major operating systems. It uncovered critical flaws that had gone unnoticed by human experts and automated tools for over two decades. Neither industry nor government can close that gap on their own.”
CNI
He argued that protecting Critical National Infrastructure ‘requires a fundamentally different approach’. He said: “We will not secure the central pillars of the UK state simply by purchasing off-the-shelf vendor solutions. We need a new model of collaboration, and it is time to set a higher standard for responsible action.” On the co-developing of AI for national cyber defence, ‘we will be setting out our formal agenda in due course’, he said. He summed up: “Whether you are a sole trader, a supplier to an NHS trust, or the CTO [chief technology officer] of a multi-national โ you are part of our national defence.”
Background
As background, a ‘National Cyber Action Plan’ is due to be published this summer. Dan Jarvis and Department for Science, Innovation and Technology (DSIT) Secretary of State Liz Kendall have meanwhile published an open letter to business leaders about AI cyber threats. DSIT Cyber Security Minister Baroness Liz Lloyd has written to the CEOs and Chairs of 180 major UK businesses to ‘encourage’ them to sign up to a ‘Cyber Resilience Pledge’ ahead of a formal launch later this year.
About the Pledge
In his speech Dan Jarvis described the pledge as a ‘public commitment, to their investors,ย their customers, their supply chains, to make cyber security a board responsibility to sign up to the NCSCโs Early Warning service to demand that your suppliers are Cyber Essentials certified’. Companies that sign the pledge will be listed online and highlighted as exemplars of good practice, Dan Jarvis said.
Comments
David Shepherd, SVP EMEA at the cyber firm Ivanti, welcomed the UK governmentโs voluntary Cyber Resilience Pledge, especially for how it makes cybersecurity a board-level responsibility. He said: “This aligns with our own research, with 94 per cent of organisations now saying that cybersecurity is discussed at board level. However, we also see that intent does not always translate into action. A worrying execution gap remains between organisations that have an existing, documented framework for defining risk (81pc) and those that follow this framework in day-to-day operations (45pc) โ highlighting the need to better embed cyber hygiene throughout the business.
โBut responsibility cannot rest with UK businesses alone.ย Dan Jarvis rightly recognises thatย increased collaborationย is neededย between the UK government andย AI companiesย onย national cyber defence.ย Withย criminals using AI to reverse-engineer patches in under 72 hours, and Mythos and GPT 5.4-Cyber lowering the barrier to sophisticated attacks, the lines betweenย business and national are increasingly blurred.
โAs AIย rapidly shapes both the threat landscape and our defences,ย government, AIย providersย and business leaders all have a role to play in strengthening the UKโs collectiveย cyberย defences.โ
And Iain Slater, sales director, Barrier Networks said: “By introducing the Cyber Resilience Pledge, and encouraging the adoption of Cyber Essentials across supply chains, this is placing a commercial incentive on organisations to comply with the certification. If organisations don’t comply with Cyber Essentials, this means they won’t be able to work organisations that have signed the pledge.ย This will undoubtedly be a catalyst for greater adoption.”
