Global spyware boom spark UK cyber alarm, intelligence warns

A growing global market for commercial hacking tools and rapidly advancing artificial intelligence is reshaping the cyber threat landscape, according to UK intelligence assessments that warn of an emerging “perfect storm” for national security.

More than half of the world’s nation states are believed to have acquired technology capable of hacking into critical infrastructure, companies and private networks in the United Kingdom, the UK’s National Cyber Security Centre (NCSC) has found. The agency, part of the GCHQ intelligence service, estimates that around 100 countries have procured cyber intrusion software, highlighting how quickly access to offensive cyber capabilities is spreading beyond traditional powers, as per Politico.

The findings, to be discussed at the CYBERUK conference in Glasgow, underline how commercial spyware has become a major global industry over the past two decades. Products such as NSO Group’s Pegasus and Intellexa’s Predator have already been linked to surveillance campaigns targeting journalists, political dissidents and activists across multiple regions.

Officials say the threat is no longer limited to political surveillance. The NCSC has warned that the scope of spyware targets has “expanded” in recent years, with bankers, senior executives and wealthy individuals increasingly coming under attack as cyber intrusion tools become more widely available and easier to deploy.

UK cyber officials will use the conference to highlight a sharp escalation in hostile activity. According to government figures, the number of nationally significant cyberattacks on Britain has doubled in a single year. Authorities say most of these incidents are now attributed to state-linked actors rather than criminal organisations, signalling a shift toward more strategic and persistent digital espionage campaigns.

Richard Horne, chief executive of the NCSC, is expected to issue a stark warning to businesses about complacency in the face of these evolving threats.

“Companies that don’t see cybersecurity as a priority are ‘no longer just naïve,’ but are ‘failing to grasp the reality of today’s world,’” he will say, according to pre-released excerpts of his speech.

Horne is also expected to highlight the sophistication of some adversaries, noting that countries such as China possess an “eye-watering level of sophistication” in offensive cyber capabilities. He will warn that the UK faces a cybersecurity “perfect storm,” driven by the convergence of state-backed hacking operations, commercial spyware proliferation, and emerging artificial intelligence tools.

A key concern for security officials is the rapid development of so-called frontier AI systems, which could significantly lower the barrier to entry for cyber attackers. Horne will warn that such technology is “rapidly enabling discovery and exploitation of existing vulnerabilities at scale.”

Earlier this month, AI company Anthropic disclosed details of a new model, referred to internally as Mythos, which researchers said was too dangerous for release due to its potential to allow non-experts to “find and exploit sophisticated vulnerabilities” in digital systems. The claims have intensified debate among cybersecurity experts, some of whom have expressed alarm over the accelerating capabilities of AI-driven offensive tools.

In response, Britain’s National Protective Security Authority (NPSA), part of MI5, has reportedly contacted operators of critical national infrastructure — including nuclear energy, water and telecoms providers — to alert them to the emerging risks.

UK Security Minister Dan Jarvis is expected to call for deeper cooperation between government and AI companies. He will argue that such collaboration could enable Britain to protect its most sensitive systems by “autonomously identifying and addressing vulnerabilities at a speed and scale no human can match.”

Jarvis will also describe the development of AI-enabled cyber defence as a “generational endeavour” that will “test the absolute limits of our engineering and innovation,” underscoring the scale of the challenge facing governments and industry alike as cyber threats evolve.

By Sabina Mammadli