BOTTOM LINE UP FRONT

The UK is sustaining four nationally significant cyberattacks per week, more than double the year before. The majority are attributed directly or indirectly to nation states.

The thesis of this paper is not that a major attack is imminent. It is that the pre-positioning has already occurred. Adversary states have established persistent access inside Western critical systems and are waiting for the political decision to activate. When UK Security Minister Dan Jarvis told CyberUK 2026 in Glasgow this week that AI models now exist capable of identifying security vulnerabilities at scale, he was confirming a capability adversaries have been building for years. They have read the same briefings and are deploying the same tools.

For boards, PE firms, and government departments: the question is no longer whether to act, but whether to act before or after the trigger is pulled.

This is not only a corporate challenge. The same state actors targeting critical infrastructure are targeting individual executives, lawyers, and financial professionals on British soil. What you do with your personal devices, accounts, and communications is now a security question, not a preference.

This paper is the strategic synthesis in The Interlock’s AI and National Security series, and addresses what decision-makers should do.

1. THE THREAT ENVIRONMENT

Confidence: CONFIRMED

The most consequential statement at CyberUK 2026 came not from the NCSC but from Jarvis. He cited Anthropic’s Mythos, a frontier AI system Anthropic’s own researchers assessed as too dangerous to release publicly, as a capability that could scan entire organisations and identify exploitable weaknesses at speeds no human penetration team could approach. If Western intelligence has built tools of that capability, adversary states have been working the same problem. The assumption that this logic stops at AI-augmented cyber tools is supported not by evidence but by hope.

AI-native attack is qualitatively different from the intrusion patterns that shaped current Western defensive posture. Legacy security operations centres were built for human-paced intrusion: reconnaissance over days, lateral movement (spreading through a network from the initial entry point) over weeks. According to Mandiant’s M-Trends reporting, skilled attackers typically take 21 to 60 days to move from initial access to objective. AI-augmented attack reduces that window to hours. Centres configured to detect anomalous behaviour across multi-day patterns will not respond in time. The attacker’s cost curve has collapsed. The defender’s has not.

NCSC CEO Richard Horne disclosed at CyberUK 2026 that the UK recorded 204 nationally significant cyber incidents between September 2024 and August 2025, more than double the prior year. Eighteen were assessed as highly significant. These are detected incidents only. Volt Typhoon, the Chinese pre-positioning operation inside US critical infrastructure, remained undetected in some cases for five or more years. Salt Typhoon, which compromised at least eight major US telecoms carriers, persisted undetected for months. What has been detected is a fraction of what exists.

The UK’s National Protective Security Authority (NPSA), the MI5 arm responsible for protecting critical national infrastructure, has moved from advisory to direct warning. Following publication of details about Mythos, NPSA directly contacted operators of UK nuclear energy, water, and telecommunications networks. That is institutional recognition that the capability gap has become operational.

The most dangerous assumption in current Western posture is that defences are adequate. They are adequate against attacks already detected and catalogued. They are not adequate against AI-native attack at machine speed. The acute vulnerability sits not in corporate IT but in operational technology (OT) and industrial control systems (ICS), the specialised computers that run physical machinery: power generation, water treatment, manufacturing lines. Most were built for longevity, not security. Many run unsupported operating systems. Many are connected to corporate IT through pathways that were not designed as attack vectors but function as them. NCSC and CISA have flagged OT/ICS as the critical gap consistently. The gap has not closed at the rate the threat has advanced.

2. ADVERSARIES AND THEIR TARGETS

Confidence: PROBABLE overall; CONFIRMED for specific attributed operations

China possesses what the NCSC has described as an “eye-watering” level of sophistication. The PLA’s cyber units have integrated AI into offensive operations since at least 2017, accelerating since 2023. Volt Typhoon, attributed by CISA, NCSC, and the Five Eyes alliance, maintains persistent pre-positioned access inside US and allied critical infrastructure, specifically energy grids, water treatment, and telecommunications, designed for activation during a US-China confrontation over Taiwan. Its defining technique is living-off-the-land: using a system’s own legitimate tools against it, avoiding signatures that standard detection tools are built to catch. Salt Typhoon compromised at least eight major US telecoms carriers and persisted undetected for months. Both demonstrate the same doctrine: establish access during peacetime, preserve it, activate at the moment of maximum geopolitical effect.

Russia has used Ukraine as a live-fire testing range for a decade. The 2015 and 2016 attacks on Ukrainian power grids, the 2017 NotPetya deployment (the most economically destructive cyberattack in history at the time), and the sustained campaign since 2022 have given GRU-linked Sandworm and FSB-linked units operational experience at scale no other state possesses. The NCSC assesses that Russia is applying Ukraine-developed tactics to wider Western targeting, consistent with observable evidence on NATO member networks.

Iran operates on two tracks. The first is intelligence collection against Western governments. The second, confirmed by NCSC at CyberUK 2026, is the targeting of British-based individuals assessed as threats to the Islamic Republic: dissidents, journalists, former officials. This is state coercion on British soil using cyber means. The threshold has already been crossed. Lawyers on sanctions matters, academics researching Iranian policy, and bankers on Iran-adjacent transactions are within the population being monitored.

North Korea’s Lazarus Group funds a material portion of the weapons programme through cyber theft and cryptocurrency operations. Its tools are recycled in criminal markets, blurring the line between state actor and criminal proxy in ways adversaries exploit deliberately for attribution ambiguity.

Commercial proliferation has compounded every threat above. The NCSC confirmed at CyberUK 2026 that approximately 100 countries have now procured commercial cyber intrusion software, of which NSO Group’s Pegasus and Intellexa’s Predator are the most documented. The NCSC stated explicitly that targeting has expanded: bankers and wealthy executives are increasingly under direct attack alongside journalists and dissidents. Zero-click attack capability, historically exclusive to the most advanced state actors, is now commercially available. AI-augmented offensive tools will follow the same proliferation curve, and the export controls to constrain it do not yet exist.

The deal room is an intelligence target. The data rooms, due diligence files, and communications of a live transaction represent concentrated, high-value intelligence for any adversary state interested in Western capital allocation in defence, energy, and dual-use technology. Most deal teams do not treat it as one. In 2024, Arup lost $25 million when an employee was deceived by a deepfake video call impersonating colleagues. The loss was preventable with a single phone call to a number in the company directory. The same second-channel principle protects a deal room.

3. WHAT SHOULD BE DONE

What follows is operational. It is written for boards, PE firms, and individuals who need to act this quarter, not next year. Not every attack can be stopped. Every attack can be made harder.

For boards and executives:

• Commission an OT/ICS security assessment. Commit budget this quarter; realistic commission-to-first-report timeline for a multi-site organisation is six to nine months, using the NCSC Cyber Assessment Framework as baseline.

• Test detection latency against AI-attack timelines. Commission a red team exercise simulating initial access to objective within four hours; if your security operations centre cannot detect and initiate response inside that window, the architecture has a structural gap.

• Establish a board cyber trigger protocol. Define in advance which incidents require immediate board notification, what pre-authorised response authorities exist, and the escalation path from CISO (Chief Information Security Officer) to CEO to board within the first four hours. Answer the question before an incident, not during one.

• Map and govern third-party access credentials. Most significant intrusions enter through managed service providers, IT vendors, and software updates; prioritise by access tier, complete the highest tier within twelve months, and require defined security standards as a contract condition.

• Review your cyber insurance policy now, not after an incident. Standard commercial policies routinely exclude state-sponsored attacks, ransomware triggered by pre-positioned access, and business interruption from OT/ICS shutdown. Commission a gap analysis against your actual risk profile: confirm whether theft of funds by deepfake-assisted fraud and operational shutdown by triggered ransomware are explicitly covered, at what limit, and on what conditions. If your broker cannot answer those questions in writing, change broker.

For PE firms and M&A advisors:

• Add pre-positioning assessment to deal due diligence. For deals in defence, energy, dual-use technology, financial services, or critical infrastructure supply chains, commission technical assessment of unexplained outbound connections, dormant privileged accounts, and lateral movement evidence. A portfolio company with undetected adversary access is a liability, not an asset.

• Price cyber incident risk into deal economics. Direct response costs for a significant incident at a mid-market company start around £1.5 million before regulatory fines under UK GDPR and the Network and Information Systems (NIS) Regulations (EU operations also trigger NIS2). For large corporates, costs run an order of magnitude higher.

• Protect deal communications. Use end-to-end encrypted platforms and brief teams on AI-augmented spear-phishing constructed from publicly available transaction information. Verify any financial instruction arriving through a single channel via a separate pre-agreed channel before acting.

• Plan the exit as well as the entry. Add pre-exit cyber assurance to your readiness checklist, because acquirers in 2027-2028 will price adversary access exposure into valuations.

• Audit OT security across the portfolio. For any portfolio company in manufacturing, energy, utilities, logistics, or healthcare, OT exposure is direct, and the cost of a baseline assessment is modest relative to the downside.

For individuals:

• Apply a second-channel verification rule. Any instruction involving financial authorisation, or sensitive decisions arriving through a single channel should be verified through a separate pre-agreed channel before acting. It is the single most effective individual control against AI-augmented social engineering.

• Treat your device as compromised in high-risk jurisdictions. Use a clean travel device for China, Russia, and Iran; this is standard UK government operational security for senior officials.

• Use a VPN on every network you do not control. A VPN (Virtual Private Network) encrypts your internet traffic and prevents network-level surveillance, whether on hotel WiFi, conference networks, or any connection outside your own router. Three options consistently rated highly by independent security reviewers: Mullvad (no accounts, no email required, accepts anonymous payment, audited no-logs policy — the privacy-first choice); ProtonVPN (Swiss jurisdiction, open-source and independently audited, good for professional use); NordVPN (widely used, independently audited no-logs policy, easiest for non-technical users). Any of the three is significantly better than no VPN. The critical point: a VPN does not make you invisible, but it removes the easiest passive interception layer, which is where most opportunistic surveillance operates.

• Use a password manager and eliminate reused passwords. The majority of account compromises exploit reused or weak passwords. A password manager generates and stores a unique, complex password for every account; you remember one master password only. 1Password and Bitwarden (open-source) are the two most widely recommended for professional use. The browser’s built-in password storage is not a substitute.

• Use hardware two-factor authentication for high-value accounts. Two-factor authentication (2FA) requires a second proof of identity beyond your password. SMS-based 2FA is better than nothing but is vulnerable to SIM-swap attacks, where a criminal convinces your mobile provider to transfer your number. The more robust approach is an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) or, for highest-value accounts, a hardware security key such as a YubiKey, which requires physical possession of the device to authenticate. Apply 2FA to email, financial accounts, and any platform that holds sensitive professional information as a minimum.

• Do not accept cookies or give away data. One of the best ways people can target you or your system is through gaining information and data points on you. Do not be lulled into the habit of not worrying about your data as ‘no one would be interested in me / who cares’. Would you let a state actor or criminal look at your financial history or private mail, of course not, so do not let companies get information on what you do on your computer no matter what the reason. Always deny access or make it as hard as possible.

Key Judgements

• The NCSC assessment of 204 nationally significant incidents in twelve months, more than double the prior year, establishes this as an active operational crisis. CONFIRMED.

• China and Russia have pre-positioned access inside Western critical infrastructure with the assessed intent of preserving it for activation at the political moment of their choosing. PROBABLE overall; CONFIRMED for Volt Typhoon and Salt Typhoon.

• AI-augmented offensive tools are available to state and commercial actors and are being applied to Western targets now. PROBABLE to CONFIRMED depending on sector and jurisdiction.

• Western defensive architecture has a structural gap against AI-native attack at machine speed. CONFIRMED as a structural vulnerability. The exploitation timeline is the open variable.

• Approximately 100 nations now have some form of commercial cyber intrusion capability. CONFIRMED per NCSC at CyberUK 2026 (Politico EU, 22 April 2026).

• The most actionable near-term step for any board, PE firm, or government department is an OT/ICS security assessment and a red team exercise simulating AI-augmented attack timelines. CONFIRMED.

The adversaries have already made their preparations. The only question left is whether we make ours before or after they decide to act.