Breaking
DEBundestag stimmt heute über GKV-Sparpaket ab – Widerstand aus dem SaarlandCN新北觀旅局:颱風「巴威」襲來 景點暫停開放ITBimba aggredita da un lupo ad Arrone, terrore in ValnerinaTRAnkara'da Uyuşturucu Ticareti ve Özendirme Operasyonu: 119 Şüpheli Hakkında Gözaltı KararıVNGAC GS3 Emzoom ra mắt tại Việt Nam, giá 639 triệu đồngCN哈兰德:00后“吸金机器”的商业变现之路RUТурция может продать ЗРК С-400 стране Персидского заливаCN中聯油脂大豆沙拉油驗出致癌物苯駢芘超標,檢方搜索4大油廠並約談11名高層DEGesundheitsreform: Was kommt auf Bürger und Kassen zu?ARAnthropic تكتشف "فضاء J": منطقة سرية في نموذج Claude لمعالجة المفاهيمDEBundestag stimmt heute über GKV-Sparpaket ab – Widerstand aus dem SaarlandCN新北觀旅局:颱風「巴威」襲來 景點暫停開放ITBimba aggredita da un lupo ad Arrone, terrore in ValnerinaTRAnkara'da Uyuşturucu Ticareti ve Özendirme Operasyonu: 119 Şüpheli Hakkında Gözaltı KararıVNGAC GS3 Emzoom ra mắt tại Việt Nam, giá 639 triệu đồngCN哈兰德:00后“吸金机器”的商业变现之路RUТурция может продать ЗРК С-400 стране Персидского заливаCN中聯油脂大豆沙拉油驗出致癌物苯駢芘超標,檢方搜索4大油廠並約談11名高層DEGesundheitsreform: Was kommt auf Bürger und Kassen zu?ARAnthropic تكتشف "فضاء J": منطقة سرية في نموذج Claude لمعالجة المفاهيم
Newsgather
BackNCSC: 100 Nations Have Purchased Cyber Intrusion Technology, UK Faces 'Perfect Storm'
NCSC: 100 Nations Have Purchased Cyber Intrusion Technology, UK Faces 'Perfect Storm'
Urgent
Politico EU4/21/2026Tech2 min read

NCSC: 100 Nations Have Purchased Cyber Intrusion Technology, UK Faces 'Perfect Storm'

UK intelligence reveals doubling of nationally significant cyberattacks as China and AI threats escalate

Quick Look

  • The UK National Cyber Security Centre has revealed that approximately 100 countries have procured cyber intrusion software, marking a significant drop in barriers for states to access such technology.
  • Speaking ahead of the CYBERUK conference in Glasgow, chief executive Richard Horne warned of a cybersecurity 'perfect storm' driven by nation-state attackers and frontier AI, with nationally significant attacks on Britain doubling in a single year.

AI-generated summary

Why It Matters

Commercial spyware has become a booming market over the past two decades, with products like NSO's Pegasus and Intellexa's Predator used to target journalists and political dissidents. The scope of targets has expanded beyond activists to include bankers and wealthy executives.

Font size

GLASGOW — More than half of the world's nation states are believed to have purchased technology that could be capable of hacking into Britain's infrastructure, companies and private networks, U.K. intelligence has found. The U.K. National Cyber Security Centre — which is part of the GCHQ intelligence agency — believes around 100 countries have procured cyber intrusion software, suggesting the barrier for states to get their hands on the technology is dropping, the agency told POLITICO ahead of a discussion about its findings at its CYBERUK conference in Glasgow Wednesday.

Commercial hacking technology, often referred to as spyware, has become a booming market over the past two decades. Products such as NSO's Pegasus and Intellexa's Predator have been used to target journalists and political dissidents across the world. The NCSC said the scope of spyware targets has "expanded" in recent years, with bankers and wealthy executives increasingly under attack.

U.K. cyber officials and government ministers will also use the CYBERUK conference to highlight a doubling in the number of nationally significant cyberattacks on Britain in a single year, pointing out the majority of incidents are now linked to attackers from nation states, rather than criminal gangs.

Richard Horne, the agency's chief executive, will say companies that don't see cybersecurity as a priority are "no longer just naïve," but are "failing to grasp the reality of today's world," according to pre-released extracts of his speech. Countries such as China possess an "eye-watering level of sophistication" to attack other nations, he will add, warning the U.K. faces a cybersecurity "perfect storm."

Mythos threat

Chief among the threats is the emergence of frontier AI technology, which Horne will warn is "rapidly enabling discovery and exploitation of existing vulnerabilities at scale." Earlier this month, the AI company Anthropic released details of its new Mythos model, which its researchers claim is too dangerous to be released due to its alleged ability to allow members of the public to "find and exploit sophisticated vulnerabilities" in systems. Its capabilities have prompted widespread concern, and even panic, from security experts.

Britain's National Protective Security Authority (NPSA) — a part of the MI5 intelligence agency — has contacted companies running U.K. critical infrastructure such as nuclear energy, water, and telecoms to highlight the emerging threat.

U.K. Security Minister Dan Jarvis will use his speech at the conference on Wednesday to call for AI companies to become more involved in Britain's cyber defenses, arguing cooperation could ensure Britain has the capability to protect its most critical networks by "autonomously identifying and addressing vulnerabilities at a speed and scale no human can match." Building this tool is a "generational endeavour" that will "test the absolute limits of our engineering and innovation," Jarvis will say.

What to Watch

AI outlook — possibilities, not facts

  • More nations will be publicly attributed to specific cyberattacks against UK infrastructure in coming months

    Very likely · Within months

  • UK government will announce formal partnership with AI companies for cyber defense development

    Likely · Within months

  • Additional critical infrastructure companies will receive threat briefings from NPSA

    Very likely · Within weeks

Open Questions

  • Which specific countries besides China pose the greatest threat?
  • What are the exact attack vectors being used?
  • How will AI companies respond to the government's call for cooperation?
  • What specific vulnerabilities in UK infrastructure have been identified?

Related Topics

This article was originally published by Politico EU.

Related Stories

More on this topiccyber security