Published on the opening day of CYBERUK, the UK’s flagship cybersecurity conference, the report outlines how both state and non-state actors are already exploiting AI to increase the speed, scale, and sophistication of cyber operations. Generative AI is enabling more convincing phishing attacks and faster malware development – significantly lowering the barrier to entry for cybercrime and cyber intelligence.

Of particular concern is the rising risk to the UK’s democratic processes, critical national infrastructure (CNI), and commercial sectors. AI-powered tools are expected to make targeted attacks more frequent and more difficult to detect, as adversaries use advanced language models and data analysis capabilities to craft highly tailored and persuasive content at scale.

The NCSC Assessment warns of a growing digital divide between organisations with the resources to defend against AI-driven threats and those without. It also highlights a realistic possibility that, without significant improvements in cyber resilience, critical systems will become more vulnerable to advanced threat actors by 2027.

Andy Ward, SVP International at Absolute Security, commented: “AI is rapidly reshaping the cybersecurity landscape – accelerating both the speed and sophistication of attacks. The NCSC’s warning of a growing digital divide is a wake-up call for all UK organisations, particularly those responsible for critical national infrastructure. While AI offers significant opportunities to bolster defences, our research shows 54% of CISOs feel unprepared to respond to AI-enabled threats. That gap in readiness is exactly what attackers will take advantage of.

"To counter this, businesses must go beyond adopting new tools – they need a robust cyber resilience strategy built on real-time visibility, proactive threat detection, and the ability to isolate compromised devices at speed. As AI continues to reduce the window between vulnerability and exploitation, the ability to respond in real time is no longer optional – it’s foundational.”

This latest warning forms part of the UK Government’s wider cyber strategy after announcing the new AI Cyber Security Code of Practice earlier this year. The Code of Practice will form the basis of a new global standard to secure AI and ensure national security keeps pace with technological evolution, safeguarding the country against emerging digital threats.

As AI becomes increasingly embedded in daily digital activity, the centre is urging organisations to act now by building robust cyber hygiene practices and understanding how AI might be used both as a defensive tool and a potential attack vector.

By anticipating how AI is likely to shape the threat landscape, the UK can harness its benefits while staying ahead of adversaries in an increasingly complex cyber environment.

For more startup news, check out the other articles on the website, and subscribe to the magazine for free. Listen to The Cereal Entrepreneur podcast for more interviews with entrepreneurs and big-hitters in the startup ecosystem.