Britain’s National Cyber Security Centre is planning a countrywide cyber-defense system that would use autonomous AI agents to look for security holes and, eventually, repair them across government networks and critical national infrastructure.
The program, called Cyber Shield, is meant to answer a blunt operational problem: attackers using AI can search, test and move through systems faster than human defenders can usually respond. In a blog post, the NCSC said AI-assisted adversaries can already reduce reconnaissance and vulnerability discovery from weeks to minutes. That shrinks the time defenders have to spot activity, confirm it and act before damage is done.
The agency described Cyber Shield as a sovereign national defense capability, though the plan is still more blueprint than deployed shield. The NCSC gave no schedule for delivery and said some parts need major research progress before they can work at the scale and autonomy being proposed.
The central design pairs two kinds of AI agents. “Red” agents would act like automated penetration testers, probing systems for weaknesses. “Blue” agents would monitor and defend those systems, responding in real time. The NCSC said the agents would operate across critical national infrastructure under the control of the organizations that own and run those networks.
That ownership point matters. Critical infrastructure is not one tidy government rack in a basement. It includes systems run by utilities, telecoms providers, transport operators and other organizations with their own risk models, legacy equipment and tolerance for automated change. Letting software identify a flaw is one thing. Letting it alter live infrastructure without breaking something useful is the harder part.
The NCSC said Cyber Shield would need six core functions. Those range from automated scanning of British networks, which the agency said already exists in some form, to autonomous remediation of vulnerabilities, which it said does not yet exist. In plain English: finding the broken window is becoming easier; safely fixing it at machine speed is still an unsolved engineering and governance problem.
The plan follows other warnings from Britain’s signals intelligence community about AI changing the tempo of cyber operations. The NCSC has separately warned about an AI-driven “patch wave,” where newly discovered vulnerabilities arrive faster than many organizations can repair them. GCHQ has also said offensive and defensive cyber capabilities are likely to be transformed within months as AI tools improve.
GCHQ director Anne Keast-Butler previewed the Cyber Shield concept in her first annual lecture earlier this year. She said the agency intended to build agentic AI into machine-speed cyber defense and warned that the U.K. had a narrowing window to stay ahead of adversaries.
The NCSC is not pretending it can build the whole thing alone. The agency said it wants to develop Cyber Shield with frontier AI companies, cyber-defense firms, universities and operators of critical infrastructure. Initial testing would involve network defenders in government and key U.K. sectors before any attempt to turn the approach into commercially scalable tools.
The rollout plan is described as test, iterate and scale. That is suitably cautious for a project whose end state involves autonomous software making security decisions on national systems. The hard part will be proving that the cure can move at machine speed without becoming another machine-speed failure mode.
This story draws on original reporting from The Record.