.svg)
The UK’s cyber watchdog has issued a stark warning that artificial intelligence (AI) could drastically increase the country’s vulnerability to cyber attacks, particularly targeting critical infrastructure, unless immediate action is taken.
In a recent report, the National Cyber Security Centre (NCSC) highlighted that AI is already reshaping the threat landscape, and by 2027, it could enable cybercriminals to exploit system weaknesses faster than ever before. Currently, the time between the discovery of a vulnerability and its weaponisation has shrunk to mere days – but with AI, that timeframe could be reduced to just hours.
A Growing Digital Divide
The NCSC is also cautioning against a widening digital divide between organisations that can effectively counter AI-driven threats and those that cannot. This gap could potentially amplify risks across the nation.
“There’s a real chance that AI will make critical systems more susceptible to attacks within the next two to three years,” said Paul Chichester, NCSC’s director of operations.
However, Chichester also noted that AI presents an opportunity for organisations to strengthen their defences if they act swiftly and implement best practices.
“The threat landscape is evolving rapidly,” he added. “Organisations need a robust strategy to manage these emerging risks or risk falling behind.”
The NCSC is urging both public and private sector entities to enhance their cyber resilience by integrating strong protections into AI systems and their dependencies. Recommendations include adhering to the NCSC’s cyber assessment framework and the government’s updated AI cyber security code of practice.
High-Profile Breaches
The NCSC’s warning follows a series of major cyber attacks on prominent UK retailers, including Marks & Spencer, Harrods, and Co-op, which saw customer data compromised and operations disrupted.
Many of these breaches have been linked to ransomware groups employing increasingly advanced tactics.
“AI can be both a weapon and a defence,” Chichester warned. “Failing to act now will only leave organisations more vulnerable tomorrow.”
According to GCHQ, the number of ‘nationally significant’ cyber attacks has more than doubled over the past year, underscoring the rapid evolution of the threat landscape.
AI as Critical Infrastructure
The warning comes as the UK government officially designates AI as a form of national infrastructure, placing it alongside energy, water, and transport.
But as AI systems become integral to essential services, energy demand is also rising. Data centres and AI model training are straining the UK’s already congested power grid, raising concerns about whether the country’s energy infrastructure can scale quickly enough to meet demand.
“The more AI becomes embedded in critical services, the more urgent it becomes to secure a stable energy supply,” Chichester said. “Cyber security and energy resilience must go hand in hand.”
Earlier this year, PwC highlighted the growing divide between firms investing in proactive cybersecurity measures and those relying solely on reactive approaches – a strategy that is increasingly unsustainable in the AI era.
A Race Against Time
While AI has the potential to drive productivity, it also heightens risk. With the UK government pushing to make AI a key part of the country’s economic strategy, the pressure is on for organisations, especially those in critical infrastructure, to adapt quickly.
“The risks are real, but so are the opportunities,” Chichester concluded. “Organisations must act decisively to ensure that AI-driven progress does not come at the cost of their security.”
.jpg)
