The Government has published an open letter to business leaders, warning of the growing cyber security risks posed by advances in artificial intelligence and setting out steps organisations should take to protect themselves.

The letter follows the much-publicised announcement of Anthropic’s new model, Mythos, which is capable of detecting software vulnerabilities and bugs in “every major operating system and every major web browser”. As a result, Mythos has been held back from general release and made available only to a select number of users to test its capabilities, including the AI Safety Institute (AISI).

In their letter to business leaders, the Secretary of State for Science, Innovation and Technology and the Security Minister explain that AISI has found Mythos to be “substantially more capable at cyber offence” than any previous model, and warn that the speed at which AI capabilities are increasing poses significant risks for cyber security.

While the Government is taking action through the new Cyber Security and Resilience Bill (discussed here) which is working its way through Parliament, businesses are urged to play their part in mitigating AI-driven cyber threats by taking the following steps:

Cyber risk should be discussed regularly at board level, rather than treated as something to be delegated to an IT team. Organisations are encouraged to use the Cyber Governance Code of Practice (discussed here) and to rehearse how they would respond to a significant incident.

As the letter explains, cyber attacks often succeed by exploiting simple weaknesses such as outdated software or weak passwords. Organisations are therefore encouraged to join the Cyber Essentials scheme and embed its requirements across their supply chains.

Businesses are encouraged to sign up to the NCSC’s Early Warning Service, which alerts them to potential cyber attacks and provides “invaluable time to act before an incident escalates”.

The letter concludes by reminding businesses that “we are entering a period in which the pace of technological change may test every institution in the country. The businesses that act now – that treat cyber security as an essential part of running a modern company, not an optional extra – will be the ones best placed to thrive through it and seize its advantages”.

To read the letter in full, click here.