Key Takeaways
- The National Cyber Security Centre (NCSC) reported that the volume of security incidents it handled in 2025 more than doubled compared with the previous year.
- NCSC CEO Richard Horne warned in his CYBERUK 2026 keynote that hostile states are increasingly leveraging artificial‑intelligence (AI) tools to discover and exploit vulnerabilities at scale.
- AI‑driven capabilities are highlighting longstanding weaknesses in the cyber‑defence landscape, especially unverified code from technology vendors, inconsistent patching practices, and reliance on outdated legacy systems.
- In response, the UK government has launched a voluntary Cyber Resilience Pledge that asks enterprises to commit to three concrete actions aimed at raising baseline security hygiene.
- Enterprises that adopt the pledge and integrate AI‑aware risk management are likely to see reduced exposure to rapid, automated exploits, while those that lag behind may face escalating breach costs and reputational damage.
Rise in Security Incidents Managed by the NCSC
The National Cyber Security Centre’s annual statistics for 2025 revealed a striking surge in the number of security incidents it managed, with the total more than doubling year‑on‑year. This jump reflects not only a higher volume of attempted intrusions but also the growing sophistication of the attacks themselves. The NCSC’s incident‑handling framework—encompassing detection, triage, mitigation, and post‑event analysis—was strained as analysts confronted a broader array of threat vectors, ranging from ransomware campaigns to state‑sponsored espionage operations. The increase underscores the urgency for organisations to bolster their defensive postures and for national agencies to adapt their capabilities to a rapidly evolving threat environment.
Statements from NCSC CEO Richard Horne
At CYBERUK 2026, NCSC Chief Executive Richard Horne delivered a keynote that framed the current cyber‑security landscape in stark terms. He asserted, “We know our adversaries will increasingly apply AI tooling,” highlighting a strategic shift among hostile nation‑states and criminal groups toward harnessing machine‑learning algorithms for offensive cyber operations. Horne pointed to recent media coverage illustrating how frontier AI models can autonomously scan vast codebases, identify subtle flaws, and generate exploit payloads with minimal human intervention. His remarks served both as a warning and a call to action, urging stakeholders to recognise that traditional defenses may no longer suffice against AI‑augmented adversaries.
AI‑Enabled Threat Landscape
The proliferation of generative and predictive AI technologies has lowered the barrier to entry for conducting large‑scale vulnerability discovery. Unlike manual penetration testing, which is constrained by human expertise and time, AI systems can continuously ingest threat intelligence, correlate disparate data points, and propose novel attack paths in near‑real time. This capability enables adversaries to zero‑day exploits at a pace that outstrips many organisations’ patch cycles. Moreover, AI can be employed to craft highly convincing phishing lures, deep‑fake social engineering tactics, and adaptive malware that modifies its behaviour to evade signature‑based defenses. Consequently, the threat surface is expanding not just in volume but in the velocity and adaptability of attacks.
Vulnerabilities in Software Supply Chains
Horne specifically noted that AI is “rapidly enabling discovery and exploitation of existing vulnerabilities at scale,” a trend that poses acute risks for software supply chains. Modern applications rely heavily on third‑party libraries, open‑source components, and proprietary code snippets, many of which contain latent flaws that remain undetected for extended periods. When attackers deploy AI‑driven scanning tools across public repositories, they can quickly pinpoint high‑impact defects—such as memory‑corruption bugs, injection points, or insecure deserialization pathways—and weaponise them before vendors issue fixes. This reality places added pressure on technology producers to adopt rigorous secure‑by‑design practices, continuous vulnerability monitoring, and transparent disclosure processes.
Legacy Systems and Patch Gaps
Another focal point of Horne’s address was the persistence of outdated legacy infrastructure within both public and private sectors. Many organisations continue to run critical workloads on systems that lack vendor support, receive infrequent security updates, or rely on proprietary protocols that are difficult to monitor. These environments become fertile ground for AI‑assisted exploits, as attackers can predictably target known weaknesses that have remained unpatched for years. The CEO urged organisations to “grasp the nettle of replacing old legacy systems,” emphasising that modernization—not merely patching—is essential to reduce the attack surface. Incremental upgrades, containerisation, and zero‑trust architectures were cited as viable pathways to mitigate risk while preserving operational continuity.
Government Response: Cyber Resilience Pledge
Recognising the mounting challenges, the UK government introduced a voluntary Cyber Resilience Pledge aimed at encouraging organisations to adopt three concrete actions: (1) implement a baseline of cyber‑hygiene controls aligned with the NCSC’s 10 Steps to Cyber Security; (2) establish a regular, measurable patch management regimen that prioritises critical vulnerabilities within a defined timeframe; and (3) conduct annual tabletop exercises that simulate AI‑enhanced attack scenarios to test incident‑response readiness. By signing the pledge, enterprises commit to a transparent, accountable framework that can be audited by industry peers and regulatory bodies. The initiative is intended to foster a culture of continuous improvement rather than a one‑off compliance checkbox.
Implications for Enterprise Strategy
For enterprises, the convergence of rising incident volumes, AI‑driven threat tactics, and governmental guidance necessitates a strategic reassessment of cyber‑risk management. First, organisations should invest in AI‑augmented defensive tools—such as anomaly‑detection platforms, automated threat‑hunting solutions, and predictive vulnerability scanners—to keep pace with adversary capabilities. Second, supply‑chain security must be elevated to a board‑level concern, incorporating software‑bill‑of‑materials (SBOM) generation, third‑party risk assessments, and mandatory security clauses in vendor contracts. Third, legacy‑system migration plans need clear timelines, budget allocations, and executive sponsorship to avoid perpetual technical debt. Finally, participation in the Cyber Resilience Pledge can serve as a differentiator, signalling to customers, partners, and investors that the organisation takes proactive steps to safeguard its digital assets.
Conclusion and Outlook
The NCSC’s data and Richard Horne’s warnings make clear that the cyber‑security battlefield is evolving at an unprecedented pace, driven largely by the offensive use of artificial intelligence. While the doubling of managed incidents in 2025 reflects the growing intensity of attacks, it also highlights the expanding role of national cyber‑defence agencies in coordinating response efforts. The government’s Cyber Resilience Pledge offers a pragmatic, voluntary pathway for organisations to fortify their defences against AI‑enabled threats, yet its success will depend on broad uptake and genuine implementation of the prescribed actions. Looking ahead, the interplay between advancing AI capabilities and defensive innovation will likely dictate the trajectory of cyber risk; organisations that embrace AI‑driven security modernization, harden their software supply chains, and retire outdated infrastructure will be best positioned to withstand the next wave of sophisticated, machine‑learning‑powered assaults.