System will detect and flag threats across critical infrastructure
GCHQ has announced plans for a new cyber defence system to protect UK infrastructure and companies, relying on agentic AI.
GCHQ director Anne Keast-Butler, who also this week warned against the threat posed by Russia and China, announced the new system at GCHQ’s inaugural annual lecture.
The new system is intended to be operational within five years. It is being designed to detect and alert to threats across critical national infrastructure, airlines, telecoms firms and other “major” companies like Jaguar Land Rover, whose breach in March last year was the most expensive ever recorded in the UK.
In her speech, Keast-Butler called AI an “unstoppable force” and said the UK must be able to use it for good.
To that end, GCHQ ” has developed the blueprint for a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence.”
She added, “We’re also embedding frontier AI deeper into our operations – responsibly and ethically – to enhance algorithms, translate foreign language, and find needles in haystacks quicker than ever before.”
She said the tech industry must work with national security bodies to drive advancements “at the frontier” – though tech firms have proven unwilling to play ball with the public sector in recent years.
Keast-Butler elaborated on the cyber-AI message, saying, ““The AI revolution is now fully upon us – with ever faster pace of model releases, increasingly sophisticated agents and greater system autonomy – transforming the world with both promise and peril.
“That’s equally true for intelligence and security, where the latest frontier AI is rapidly unearthing the fault lines in technologies that our society relies on every single day.
“The ground beneath our feet is shifting, and shifting fast. Which means cyber security has never been more important.”
“Shocking” timescale
Industry watchers welcomed GCHQ’s announcement but criticised the planned length of development.
Jon Abbott, CEO of ThreatAware, said “the five-year timescale is rather shocking… In the age of AI, five months is a long time, let alone five years.”
Meanwhile Patricia Titus, field CISO at Abnormal AI, called the five-year plan “ambitious,” but noted that “adversaries aren’t on that schedule.”
“The pressure to stand up early operational capability faster should be relentless. Every month of delay is a month the threat landscape evolves without this capability in place.”
Titus also noted that the partnership between security agencies and tech companies will be a “harder challenge” than building the AI system itself.
“Government can set the vision and provide the intelligence backbone, but innovation velocity lives in industry. GCHQ calling on the tech sector to move at frontier speed is exactly the right ask. Now the industry has to show up and deliver on that.”
Leave a comment