GLASGOW — More than half of the world’s nation states are believed to have purchased technology that could be capable of hacking into Britain’s infrastructure, companies and private networks, U.K. intelligence has found.
The U.K. National Cyber Security Centre — which is part of the GCHQ intelligence agency — believes around 100 countries have procured cyber intrusion software, suggesting the barrier for states to get their hands on the technology is dropping, the agency told POLITICO ahead of a discussion about its findings at its CYBERUK conference in Glasgow Wednesday.
Commercial hacking technology, often referred to as spyware, has become a booming market over the past two decades. Products such as NSO’s Pegasus and Intellexa’s Predator have been used to target journalists and political dissidents across the world.
The NCSC said the scope of spyware targets has “expanded” in recent years, with bankers and wealthy executives increasingly under attack.
U.K. cyber officials and government ministers will also use the CYBERUK conference to highlight a doubling in the number of nationally significant cyberattacks on Britain in a single year, pointing out the majority of incidents are now linked to attackers from nation states, rather than criminal gangs.
Richard Horne, the agency’s chief executive, will say companies that don’t see cybersecurity as a priority are “no longer just naïve,” but are “failing to grasp the reality of today’s world,” according to pre-released extracts of his speech.
Countries such as China possess an “eye-watering level of sophistication” to attack other nations, he will add, warning the U.K. faces a cybersecurity “perfect storm.”
Mythos threat
Chief among the threats is the emergence of frontier AI technology, which Horne will warn is “rapidly enabling discovery and exploitation of existing vulnerabilities at scale.”
Earlier this month, the AI company Anthropic released details of its new Mythos model, which its researchers claim is too dangerous to be released due to its alleged ability to allow members of the public to “find and exploit sophisticated vulnerabilities” in systems.
Its capabilities have prompted widespread concern, and even panic, from security experts. Britain’s National Protective Security Authority (NPSA) — a part of the MI5 intelligence agency — has contacted companies running U.K. critical infrastructure such as nuclear energy, water, and telecoms to highlight the emerging threat.
U.K. Security Minister Dan Jarvis will use his speech at the conference on Wednesday to call for AI companies to become more involved in Britain’s cyber defenses, arguing cooperation could ensure Britain has the capability to protect its most critical networks by “autonomously identifying and addressing vulnerabilities at a speed and scale no human can match.”
Building this tool is a “generational endeavour” that will “test the absolute limits of our engineering and innovation,” Jarvis will say.
