UK businesses have been urged to treat cyber security with far greater urgency as artificial intelligence (AI) rapidly reshapes the threats facing the country and its allies.
Anne Keast-Butler, director of GCHQ, the UK’s top intelligence agency, issued the warning during the agency’s first annual lecture at Bletchley Park on May 27.
In a rare public speech, she said the UK and its allies face a narrowing window to stay ahead on technology, and that the risk of miscalculation is as high as she has seen in three decades in national security.
The intervention follows a similar message last month from Richard Horne, head of the UK’s National Cyber Security Centre (NCSC) who said that fast-moving AI developments and geopolitical tensions are causing “tumultuous uncertainty.”
Read more on the NCSC’s assessment: UK Faces a Cyber ‘Perfect Storm’
A Front-Line Role for Business
Keast-Butler framed cybersecurity as a matter of national defense rather than an IT concern, telling businesses to act immediately rather than wait for guidance to mature.
She argued that protecting systems now serves the “front-line defense of our nation, our economy and our way of life.”
The point was aimed squarely at boardrooms, with the Keast-Butler stressing that everyone from company directors to households has a part to play.
Much of the danger, she said, stems from the speed of AI development. Vendors are releasing AI tools at a remarkable pace, and the resulting capabilities are being turned into weapons that operate just beneath the threshold of open warfare.
Industry voices welcomed the framing. Patricia Titus, field CISO at Abnormal AI, said the move was the right one because the era of meeting automated attacks with human-paced defenses is over.
“You cannot fight machine-speed attacks with human-speed defenses,” Titus said. She added that resilience is now as much a leadership problem as a technical one, since AI-powered threats do not wait for the next budget cycle.
Preparing for AI and Quantum
To keep pace, GCHQ said it has drawn up plans for what officials describe as a world-first national cyber defense capability that builds agentic AI into machine-speed defense.
According to briefing details, the system would use AI agents to detect and flag threats to critical national infrastructure, airlines and telecoms firms. It is expected to be operational within five years.
The agency is also embedding frontier AI deeper into its own work to translate languages and surface intelligence faster.
Not everyone was reassured by the timeline. Jon Abbott, CEO and co-founder of ThreatAware, said the five-year horizon was startling in an era when frontier models will find and exploit gaps at machine speed long before any shield is in place.
The practical lesson for infrastructure operators and businesses, he argued, is to fix the basics rather than wait. “Your critical controls, EDR, web proxy and MFA, need zero gaps now, not in five years,” Abbott said.
Keast-Butler also pointed to quantum computing as the next disruption, warning that operational machines will eventually break the encryption that protects today’s secrets. She repeated the NCSC’s call for organizations to begin migrating to quantum-resistant cryptography within the timelines the it has set.
She singled out Russia for scaling up daily hybrid activity against the UK and Europe, from undersea cables to cyberspace, alongside attempts to smuggle Western technology. China, she added, has become a technology superpower with advanced cyber and intelligence capabilities.
For individuals, the director’s advice was more immediate: switch from passwords to passkeys. For wider society, she said, the task is to hardwire security into new technology, protect supply chains and treat cyber resilience as a shared responsibility before any escalation arrives.
