Skip to main content
Geopolitics & DefenseNational Security

UK Confronts Escalating Russian Cyber Hostility

British flag and computer setup at National Cyber Security Centre conference.

"We do know from conflicts around the world this last year that cyber operations are now integral to conflict, as much a reality of modern warfare as drones and missiles, and the scope of targeting is getting wider," Richard Horne, chief executive of the National Cyber Security Centre, told delegates at CyberUK in Glasgow.

Richard Horne and the NCSC's caseload

At the 10th annual CyberUK conference, Horne outlined a surge in major investigations: the NCSC now probes roughly four major attacks per week. He said the center handled "over 200 nationally significant incidents last year, more than double the year before." The NCSC, which sits within Britain's signals intelligence agency GCHQ, is tracking a shift in the nature of those incidents away from pure criminality toward nation-state operations.

GCHQ signals and the rise of state-backed operations

Anne Keast-Butler, director of GCHQ, echoed the scale of incidents handled by Britain’s security apparatus. Horne and Keast-Butler framed the current environment as one in which financial cybercrime—particularly ransomware—remains the chief threat to businesses, even as "the majority" of incidents the NCSC investigates trace to nation-state threat actors. Horne singled out China for its "eye-watering level of sophistication in their cyber offerings," placing that capability on a par with Britain's. He also highlighted Russia's use of cyber tactics beyond traditional battlefields.

Russia's hybrid activity and MI6's warning

Speakers at CyberUK described a widening of Russian cyber operations into "sustained Russian hybrid activity targeting assets across the U.K. and Europe." Blaise Metreweli, chief of Britain's Secret Intelligence Service (MI6), said in a December speech that "Russia is testing us in the gray zone with tactics that are just below the threshold of war," and listed a range of measures Moscow deploys: "cyberattacks on critical infrastructure," drones buzzing airports and bases, aggressive maritime and undersea activity, "state-sponsored arson and sabotage" and "propaganda and influence operations" targeting societal divisions. Dan Jarvis, minister of state for security, told CyberUK that Russia has "worked out that the most effective way is not to confront us directly but to quietly hollow us out."

Frontier AI models such as Claude Mythos and defensive planning

Speakers at the conference raised the prospect that frontier artificial intelligence models are changing how vulnerabilities are discovered and exploited. Officials named Claude Mythos as an example and warned that open-source models offering similar capabilities could arrive within six months. Jarvis said the government is committed to closer ties with frontier AI model developers and argued for "national scale, AI-powered cyber defense capabilities—capabilities that can protect our nation's most critical networks by autonomously identifying and addressing vulnerabilities at a speed and scale no human can match."

What this means for technologists and security teams, policymakers, and affected enterprises

  • Technologists and security teams: expect broadened defensive responsibilities beyond traditional IT to include "securing the operational technology that controls energy systems, to production lines, robotics, space-based communications autonomous systems and agents," as Horne put it.
  • Policymakers and regulators: the government has signaled a push to partner with AI developers and scale up autonomous defensive capabilities, a strategic choice that will shape procurement and oversight priorities.
  • Affected enterprises and procurement leaders: with the NCSC investigating several major nation-state incidents weekly and with "the majority" of serious incidents attributed to state actors, businesses that run critical infrastructure will need to factor nation-state tactics—and emerging AI-enabled exploit techniques—into resilience planning.

Officials at CyberUK portrayed the current environment as a learning moment: "We have a unique window to learn how cyber operations have been used in conflict situations and shore up our resilience at home," Horne said. For now, Britain's intelligence and military leaders say they are racing to study evolving tactics—particularly "sustained Russian hybrid activity"—and to build AI-assisted defenses capable of operating at machine speed. How quickly those defensive investments and industry partnerships translate into demonstrable resilience remains the strategic question posed by the officials' own account.

Original story