The UK government has announced plans to develop a custom agentic artificial intelligence system for cyber threat detection and mitigation in a bid to shore up cyber resilience.
The initiative, dubbed Cyber Shield, will be deployed to identify vulnerabilities in legacy systems, generate automated insights and coordinate security remediation at a national level. It will be developed by the UK’s National Cyber Security Centre and the Department for Science, Innovation and Technology as part of “national-scale, collaborative approach to agentic cyber defence, using frontier AI,” the NCSC said on Monday.
While the NCSC has not detected attacks using fully autonomous AI systems yet, it said the rapid developments within cyber-capable models are concerning, as they could allow attackers to move at machine speed and scale, making detection harder. “This has the potential to overwhelm traditional defences and increase the risk of advantage shifting towards the attacker,” the NCSC said.
With Cyber Shield, the government intends to “transition to commercially scalable solutions to deliver a level of national resilience which is ready for the future threat,” the NCSC said.
UK urges firms to strengthen cyber defences
The UK government on Monday also unveiled a new Cyber Resilience Pledge, which seeks voluntary commitments from its signatories. These include making cyber a priority for their board, signing up to the country’s early warning system, and adhering to Cyber Essentials, a government-backed cyber hygiene measure.
Marks & Spencer (M&S), Nationwide, ITV, Microsoft UK and Cloudflare are among 60 companies across the UK that have supported the latest initiative.
The UK government’s concerns over critical infrastructure cyber resilience heightened in the wake of multiple high-profile attacks in recent months. The 2025 Jaguar Land Rover hack, for instance, is estimated to have cost the UK economy a loss of $2.5 billion. Meanwhile, hacks against M&S crippled the retailer’s supply chain ecosystem, costing the company an estimated loss of $180 million.
To shore up critical infrastructure security, the government in November 2025 introduced the Cyber Security and Resilience Bill. The proposed legislation makes measures such as patching and incident reporting mandatory for organizations across the energy, transport, health, drinking water and water infrastructure sectors.
Image credit: Crown Copyright