Decoding the world of cybersecurity

NCSC sets out Cyber Shield plan

The NCSC and DSIT are developing Cyber Shield, a proposed national-scale approach to agentic AI cyber defence for critical UK networks and wider resilience.

NCSC sets out Cyber Shield plan
Summary
  • The NCSC and DSIT are developing Cyber Shield as a national-scale, sovereign cyber defence capability.
  • The plan involves agentic AI for vulnerability discovery, mitigation, detection, response, scanning, and national-level mitigation.
  • Delivery depends on government, critical sectors, frontier AI labs, cyber companies, academia, and organisational network defenders.

The National Cyber Security Centre and the Department for Science, Innovation and Technology are developing Cyber Shield, a proposed national-scale approach to agentic AI cyber defence for the UK.

The NCSC says the objective is to build a collaborative sovereign capability using frontier AI to identify, reduce, and resolve national cyber risk. The work follows comments by GCHQ director Anne Keast-Butler, who said the UK needed to reimagine cybersecurity in an AI world and had developed a blueprint for a national cyber defence capability.

Cyber Shield is described in an NCSC blog as a way to respond to attacks that are growing in scale, speed, and sophistication. The NCSC says frontier AI may shift the balance towards attackers by accelerating vulnerability discovery, exploitation, and the volume of activity defenders must handle.

The proposed capability would initially identify vulnerabilities and threats at machine speed before progressing towards automated remediation. The NCSC also says agents could generate and share insight while detecting and containing breaches, work under the control and authority of their owners across government and non-government institutions, and collaborate across organisational boundaries.

The list of required capabilities is ambitious. It includes reliable and explainable AI for cybersecurity, federated agents supported by trust infrastructure, automated vulnerability discovery and mitigation workflows, coordinated detection and response, national-level scanning of critical UK IP ranges, and rapid national-scale mitigation such as automated blocking of known malicious domains and networks.

The NCSC acknowledges that significant research is still needed. Systems authorised to make real-time changes in production environments must be reliable, explainable, governable, and safe. A defensive agent that acts too slowly may be ineffective against machine-speed attacks, while one that acts too quickly without adequate controls could disrupt services, block legitimate activity, or create new operational risk.

Governance will shape whether Cyber Shield can operate safely. The capability would need to work across public and private networks without weakening ownership, responsibility, or legal accountability. Critical infrastructure operators, cloud providers, telecoms companies, managed security providers, public bodies, and frontier AI labs may all have roles, but authority to scan, act, share telemetry, or trigger mitigation will need precise rules.

The proposal also creates procurement and market considerations. The NCSC says the UK will initially partner with defenders across government and critical sectors before aiming for commercially scalable solutions. That could create opportunities for UK cyber companies and AI research groups, while requiring assurance over model behaviour, data access, supplier concentration, and dependence on frontier AI providers.

Cyber Shield sits against wider UK policy pressures. The government is moving towards stronger cyber resilience obligations, while the NCSC has repeatedly warned that AI will increase the pace and scale of cyber threats. Public services, critical infrastructure, and large enterprises already face exposure from internet-facing systems, legacy assets, identity compromise, and supplier dependencies. AI reduces the time available to manage those weaknesses.

The NCSC is inviting engagement from academia, critical national infrastructure organisations, frontier labs, the cyber defence sector, and others. The consultation phase will need to turn a strategic blueprint into operating rules, technical limits, liability models, and evidence that automated defence can protect critical systems without creating avoidable disruption.

×