Ministers Urge Firms to Bolster Cybersecurity Amid AI Hacking Concerns

Ministers are pressing the largest businesses in the UK to enhance their cybersecurity measures, amidst growing apprehensions that artificial intelligence tools, such as Anthropic’s Mythos, could initiate a new era of hacking. Baroness Lloyd of Effra, the cybersecurity minister, has reached out to nearly 200 business leaders, encouraging them to adopt a new “cyber-resilience pledge” aimed at strengthening their security posture.

This pledge will be embraced by companies that prioritise cybersecurity at the board level; those that enrol in the National Cyber Security Centre’s early-warning system and achieve “cyber essentials” certification across their supply chains. The government is optimistic that this initiative, which is set to be formally launched in the summer, will establish a new industry standard, providing both investors and clients with increased confidence as anxieties around AI’s security implications rise.

Recently, Anthropic announced the decision not to release Mythos, an AI model developed with a focus on cybersecurity, because of its effectiveness in identifying vulnerabilities within software systems. Instead, the company has distributed it to 40 US technology firms to help them enhance their cyber-defences.

Although some experts have raised doubts about whether this was merely a marketing strategy, financial markets and regulators appear to be taking it seriously. British banks, including Barclays, Lloyds, and NatWest, are currently in discussions with Anthropic to access the AI model. Andrew Bailey, governor of the Bank of England, stated that Anthropic may have discovered a method to fundamentally alter the landscape of cyber-risk.

The UK’s AI Security Institute, one of the few independent evaluators outside the US, described Mythos as a significant advancement in capability, noting it is capable of autonomously attacking small and poorly defended enterprise systems once network access is gained. However, it remains uncertain if Mythos would be effective against well-defended establishments.

Baroness Lloyd remarked that the cyber threat facing UK businesses is not only serious but also rapidly evolving. AI is providing attackers with unprecedented capabilities that were unimaginable even a year ago. It is imperative for organisations to adopt a proactive stance.

Every sector has a role to play in fortifying the UK’s cyber-defences, and the call has been made for all boardrooms throughout the nation to treat cybersecurity as a core responsibility. Dan Jarvis, the security minister, is expected to advocate for this pledge during his address at the upcoming CyberUK conference, highlighting the disparity between perceptions of cybercrime and physical criminal acts.

The recent cyberattack on Jaguar Land Rover is a case in point, demonstrating the extensive damage inflicted on the business. Had this disruption been caused by a traditional physical assault, it would have been likened to a gang of criminals vandalising dealerships and stealing vehicles.

Warnings from the government and the National Cyber Security Centre about the escalating threat of hacking remain unheeded by many businesses. In 2025, only 56,000 certificates under the NCSC’s cyber-essentials programme were granted, representing just one per cent of UK businesses. The Cyber Security and Resilience Bill, currently progressing through parliament, aims to compel companies in critical sectors to enhance their resilience.