‘We cannot fight a machine speed threat with human speed bureaucracy,’ says security minister as new £90 million cyber fund unveiled in Glasgow 

Britain’s security minister today unveiled a new £90 million fund to help small and medium-sized businesses boost their cyber resilience.

Dan Jarvis said the money would be used to ‘provide practical, targeted support’ to firms, including through the adoption of of the UK Government’s Cyber Essentials standard.

In addition, major organisations will be asked to sign a ‘cyber resilience pledge’, to make a public commitment to their investors, customers and supply chains to make cybersecurity a board-level responsibility.

The measures will be set out in detail this summer when the UK Government publishes a new National Cyber Action Plan, with a series of ‘concrete actions’ government will take alongside business.

Jarvis, who was speaking at the opening day of the CYBERUK conference in Glasgow, said: “The plan will demonstrate how we will tackle the growing threat, how we will strengthen our collective resilience and how we will harness the opportunity for our world-leading cyber sector to secure the UK’s economic growth for years to come.

“The nature of the threat is changing faster than any previous government has had to confront. AI is lowering the barrier to entry for our adversaries. It is automating attacks. It is finding vulnerabilities in critical systems faster than any human team can patch them. We cannot fight a machine speed threat with human speed bureaucracy.”

Jarvis, a former paratrooper, highlighted the growing risk of agentic AI to IT systems. He said the UK’s AI Security Institute had been working with the US frontier AI pioneer Anthropic on its latest Claude Mythos model.

In testing, engineers found that the new model, which has been delayed by the Silicon Valley-based company, was able to autonomously find ‘thousands of zero day vulnerabilities across major operating systems.’

The tool, which has been delayed for release owing to security concerns, was found to be able to uncover critical security flaws that had gone unnoticed for over two decades by human experts and autonomous tools.

Jarvis used the example to emphasise the need for greater collaboration between government and industry.

He said: “Government has something industry cannot replicate, sovereign classified intelligence, the deepest picture of the threat landscape built over decades, and the people in this room and beyond have something that government cannot replicate – the speed of the market, commercial agility and the engineering talent to build at scale.”

“In short, we need to work together, and we’re wasting no time. Our world-leading AI Security Institute tested Mythos and is working directly with a range of companies on frontier AI. In a joint public letter issued last week, the secretary of state for science innovation and technology and I urged businesses to take specific actions to strengthen their cybersecurity.”

Despite the growing threat posed by AI, Jarvis said frontier AI companies are increasingly choosing UK as a base for operations. Last week Open AI – the developer behind Chat GPT – announced it was choosing the UK as its first permanent home outside the US, joining DeepMind, Meta, AI video platform Synthesia and autonomous vehicles specialist Wayve.

Anthropic itself will also be creating 800 jobs in the UK as it expands its European presence.

But Jarvis warned that Britain could not secure itself against the new AI-powered cyber threats by buying off-the-shelf solutions, and said we need a ‘new model of collaboration’ with industry.

He said: “We will need to build national scale AI-powered cyber defense capabilities, capabilities that can protect our nation’s most critical networks by autonomously identifying and addressing vulnerabilities at a speed and scale that no human can match. To achieve this, my message to the frontier AI companies is this: the responsibility goes beyond releasing enterprise software.”

He added: “We want you to work with us directly. Partner with the UK Government to co develop AI for national cyber defence.”

Earlier in the day, National Cyber Security Centre chief Dr Richard Horne said the UK was experiencing around four ‘nationally significant’ cyberattacks a week. Although ransomware remains the most prevalent form of attack, the nationally significant attacks are being orchestrated principally by hostile nation states, either directly or indirectly, he added.