Summary
- GC3 used frontier AI models in a month-long pilot across nine government organisations.
- Participants identified 407 findings, including critical weaknesses involving authentication bypass, data exposure, and remote code execution.
- The government says all critical weaknesses were remediated and no evidence of exploitation was found.
The UK Government Digital Service has published findings from a government cyber defence pilot using frontier AI models to identify vulnerabilities across public code repositories.
The month-long pilot was run through the Government Cyber Coordination Centre, known as GC3, a partnership between the National Cyber Security Centre and the Department for Science, Innovation and Technology. It involved nine government organisations and cost £13,000 in AI tokens, according to the case study.
Participants identified 407 findings in total, including critical weaknesses that exposed services to authentication bypass, data exposure, and remote code execution. Some findings were already understood and mitigated through compensating controls, while others were previously unknown. The government says all critical weaknesses have been remediated and no evidence of exploitation was identified for any finding.
The case study says AI models traced vulnerabilities across service boundaries, linked business logic with technical detail, and identified weaknesses that traditional scanners may not detect. One example involved legacy GitHub Actions in a repository supporting a key government digital service. The issue allowed an external user to trigger a workflow chain by posting a specially structured comment on an open pull request, bypassing normal protections for unknown contributors because the workflow was triggered by a comment rather than the pull request itself.
The pilot gives a practical view of how frontier AI may change defensive testing. Much public debate around AI and cyber focuses on attacker enablement: faster reconnaissance, exploit development, phishing, malware modification, and vulnerability discovery. The same capability can be used defensively when findings are validated, prioritised, and remediated through controlled assurance processes.
Governance will determine whether that capability improves resilience or adds noise. AI can increase the volume and complexity of security findings, but organisations still need people and processes to decide what is real, exploitable, urgent, and safe to fix. False positives, duplicated findings, context gaps, and unreviewed model output can waste effort or create risky changes.
The pilot also exposes a long-standing public-sector software issue. Public code repositories and digital services often carry historical workflows, inherited automation, and integration logic that may not be visible to conventional scanning. CI/CD systems, pull request triggers, deployment permissions, secrets handling, and legacy automation can create attack paths that sit between application security and infrastructure governance.
The result should not be read only as a vulnerability count. The more durable finding is that frontier models were able to connect business logic with technical execution paths across service boundaries. That kind of analysis is difficult to scale manually, particularly in large estates with multiple departments, suppliers, and shared platforms.
Turning the pilot into routine capability will require controls around model access, data handling, prompt logging, repository permissions, vulnerability disclosure, supplier involvement, and evidence retention. Public bodies will also need rules for what code and system information can be exposed to which model providers, under which contractual and security conditions.
The case study places AI inside practical cyber defence rather than abstract strategy. The technology found weaknesses, but resilience came from validation, remediation, and accountable ownership of the findings. That distinction will shape how public bodies and regulated organisations use AI in vulnerability management, secure development, and assurance.





