TL;DR:

• Security Minister Dan Jarvis will use his CYBERUK speech to call on leading AI firms to co-build UK cyber defence capabilities, framing it as a “generational endeavour” covering critical national networks.
• The speech is paired with a voluntary Cyber Resilience Pledge — board-level responsibility, NCSC Early Warning sign-up, Cyber Essentials across supply chains — and a £90 million, three-year investment for SMB cyber resilience.
• The number that matters most is the NCSC’s disclosure: nationally significant incidents more than doubled in 2025, driven in part by hostile states and criminals running automated AI systems to find and exploit vulnerabilities.

Security Minister Dan Jarvis will today tell delegates at CYBERUK that leading AI firms should work with the British government on national cyber defence. The department framed the ask as a call to build capabilities that “can protect our nation’s most critical networks by autonomously identifying and addressing vulnerabilities at a speed and scale no human can match”. It is the clearest signal yet of the direction the National Cyber Action Plan, due this summer, is taking.

The three components

The speech sets out three interlocking pieces. First, the call for frontier AI labs — Anthropic, OpenAI, Google DeepMind — to deepen cooperation with HMG on AI-enabled cyber defence. Second, a voluntary Cyber Resilience Pledge for UK businesses, requiring signatories to make cyber security a board-level responsibility, sign up to the NCSC’s free Early Warning service, and require Cyber Essentials certification across their supply chains. Baroness Lloyd has already written to over 180 UK CEOs and chairs encouraging sign-up ahead of the formal launch later this year. Third, a further £90 million over three years to boost cyber resilience among small and medium-sized businesses, delivered through DSIT and NCSC schemes.

What has changed since the last plan

The NCSC’s datapoint is the motive force. Nationally significant incidents handled by the centre more than doubled in 2025, and the centre attributes much of that increase to hostile states and criminal actors using automated AI to find and exploit vulnerabilities. That framing anchors the day’s other UK-cyber news: Anthropic’s Claude Mythos disclosure, NCSC chief Richard Horne’s “warning shots” speech, and the Bank of England’s parallel summoning of City firms to strengthen defences. Wednesday’s CYBERUK events are best read as a coordinated UK-government pivot — from characterising AI as a future-threat category to treating it as a live compliance and capability shift.

What it means for UK businesses

The Pledge is voluntary, but the signal value is not. Firms that sign early will be the reference group for how HMG treats AI-cyber compliance maturity, and insurers are likely to align cyber premium adjustments with Pledge signatory status within months. For SMBs, the £90 million support route is the more practical handle — worth understanding before the National Cyber Action Plan is published this summer.

Looking forward

Two near-term signals to watch: how many of the 180 contacted firms publicly sign the Pledge before the formal launch, and whether the NCSC’s promised AI-defence capability moves beyond Project Glasswing bank trials into a broader UK Industry AI Cyber Alliance. The Plan’s publication this summer will be the clearer read on whether the call is backed by binding commitments or stays voluntary.