The UK’s leading cybersecurity agency has introduced plans to build an ambitious new national cyber-defense capability powered by agentic AI.
The National Cyber Security Centre (NCSC) said that the Cyber Shield project is necessary to counter the offensive threat to the UK’s critical technology systems from threat actors wielding AI. It was first trailed in a GCHQ speech in May.
“AI is already helping attackers to conduct elements of offensive cyber activity, such as vulnerability discovery and reconnaissance at a much greater scale and faster pace,” the NCSC explained in an article on July 7.
“As a result, activities that once took weeks can now take minutes, reducing the time available for defenders to respond, detect and contain them. This increases the likelihood of successful attacks.”
Such threats are more likely to succeed given many organizations are failing to implement best practice cybersecurity as per the aims set out in the Cyber Assessment Framework (CAF), the NCSC added.
Read more on AI-powered defense: GCHQ Chief Urges Action as AI Reshapes Cyber Threats
Another reason for urgency is that threat actors will soon be able to launch “fully autonomous attacks operating across the complete intrusion lifecycle” – reducing opportunities for detection and response and overwhelming network defenders, the NCSC argued.
“Developing viable solutions that scale and execute at the pace we need in the modern era is the remit of the Cyber Shield,” it said.
What Cyber Shield Will Look Like
The NCSC explained the system will comprise “red” and “blue” agents to identify weaknesses and defend against threats in real time.
It will require:
- Reliable and explainable AI for cybersecurity which can be used confidently in production environments at scale
- Federated agents to run national-level operations under the control of individual organizations, and securely communicate between each other
- Agentic AI to autonomously discover and mitigate vulnerabilities “beyond human scale”
- Agentic AI to harness real-time info-sharing between organizations, in order to detect and contain adversaries
- National-level, automated scanning of critical UK IP ranges for exposed vulnerabilities
- Automated workflows for rapid, national-scale mitigations, such as automated blocking of known malicious domains and networks
Partnership Is the Only Way Forward
The NCSC admitted Cyber Shield “faces significant delivery challenges” and can only work with the help of frontier AI and critical infrastructure (CNI) providers.
The idea is to partner initially with network defenders in government and CNI to test and deploy new capabilities in targeted areas, before transitioning to deliver “commercially-scalable solutions” for national resilience.
“The UK will pioneer this approach and provide a case study to the world on how to successfully engineer and deliver the future of active cyber defence in the AI era, in a safe and secure manner, consistent with our values and policies,” it said.
Security experts welcomed the announcement, but cautioned about possible roadblocks ahead.
“Future-facing defense will not mean much if preventable weaknesses remain open, but cyber teams also cannot wait until AI-driven attacks are fully mature to start adapting,” explained AttackIQ field CISO, Pete Luban.
“The biggest challenge will be getting government, critical infrastructure and private industry to share intelligence in a way that is trusted and actionable. If bought into, Cyber Shield could give the UK a stronger foundation to spot risk earlier, validate defenses faster, and respond before attackers gain momentum.”
The NCSC is working with the Department for Science, Innovation and Technology (DSIT) to “establish pathways” for partners across industry, academia and government to join the project.
