AI-enabled cyber attacks exacerbated by digital divide in UK
New NCSC report highlights the risk AI presents to the UK’s cyber resilience


A new digital divide is threatening UK businesses, with those that fail to keep up with AI-powered cyber crime at risk of being targeted by would-be hackers.
In a newly-released report, dubbed the Impact of AI on cyber threat from now to 2027, the UK’s National Cyber Security Centre (NCSC) warned threat actors are “almost certainly” using AI to support existing tactics.
The use of AI tools by hackers spans a number of key areas, the agency warned, including vulnerability research, victim reconnaissance, the development of malware, and the use of AI to ramp up social engineering techniques.
“To 2027, this will highly likely increase the volume and impact of cyber intrusions through evolution and enhancement of existing TTPs, rather than creating novel threat vectors,” the NCSC stated.
It added that while only “highly capable state actors” will have the resources to build their own offensive AI models, the remaining groups – which make up the majority of threat actors – will make use of off-the-shelf AI models to “uplift their capability”.
When it comes to protecting against these threats, not all companies are on a level footing. The NCSC warned that “over the next two years, a growing divide will emerge between organizations that can keep pace with AI-enabled threats and those that fall behind”.
The agency didn’t expand on which businesses are most likely to be affected by the adoption of AI tools by threat actors, but said “a large proportion” would be more vulnerable.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
AI-powered attackers aren’t the only risk
It’s not just malicious actors using AI that presents a risk, however. When businesses implement AI systems they increase the available attack surface, which is something organizations need to be aware of.
“AI technology is increasingly connected to company systems, data, and operational technology for tasks [and] threat actors will almost certainly exploit this additional threat vector,” the report said.
“Techniques such as direct prompt injection, software vulnerabilities, indirect prompt injection and supply chain attack are already capable of enabling exploitation of AI systems to facilitate access to wider systems.”
Ultimately, organizations using these systems need to ensure they keep as on top of their cybersecurity strategies here as they would anywhere else in the business.
MORE FROM ITPRO

Jane McCallion is Managing Editor of ITPro and ChannelPro, specializing in data centers, enterprise IT infrastructure, and cybersecurity. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.
-
Public sector IT leaders lament sluggish digital transformation progress
News Research from SolarWinds shows public sector transformation is progressing at a snail's pace despite IT leaders pushing for rapid improvements.
-
Why SAS is ringing the alarm bell on AI governance for enterprises
News Demonstrating responsible stewardship of AI could be the key differentiator for success with the technology, rather than simply speed of adoption