UK launches Cyber Shield and industry cyber resilience pledge

On July 7 the UK launched Cyber Shield to use agentic AI in national cyber defence and a Cyber Resilience Pledge signed by 60 organisations for board accountability, early warning and Cyber Essentials.

The government on July 7 published detailed plans for Cyber Shield, a national programme to integrate agentic AI into cyber defence, and announced a Cyber Resilience Pledge signed by 60 organisations committing to board-level responsibility, the NCSC early-warning service and Cyber Essentials across supply chains.

At the first annual GCHQ lecture on May 27 at Bletchley Park, GCHQ director Anne Keast-Butler said, “We need to reimagine cybersecurity in the AI world. In the past few months, GCHQ has developed the blueprint for a new national cyber defense capability that will hardwire cutting-edge agentic AI into machine speed cyber defense.” The National Cyber Security Centre (NCSC) published the Cyber Shield plans on July 7 and invited partners from academia, critical national infrastructure, frontier AI labs and the cyber sector to join development work.

The NCSC described Cyber Shield as a national-scale, collaborative effort to use frontier AI to identify, reduce and resolve national cyber risk. Officials said the programme aims to prepare defences for more capable AI-driven attacks as threat actors adopt AI tools that can find and exploit vulnerabilities faster than before.

The authority noted that fully autonomous attacks spanning an entire intrusion lifecycle have not yet been observed in real systems but are expected to emerge. Cyber Shield proposes agentic red and blue teams that can find and automatically fix vulnerabilities, detect and contain breaches, and operate across government and non-government boundaries.

The NCSC set out six core capabilities for Cyber Shield: reliable and explainable AI for cybersecurity, federated agents that share signals without exposing raw data, automated vulnerability discovery and mitigation, coordinated national detection and response, national-level scanning, and national-level mitigation mechanisms.

The Cyber Resilience Pledge was launched by the secretary of state for science, innovation and technology, Liz Kendall, and lists three core commitments: make cybersecurity a board responsibility, sign up to the NCSC early-warning service, and apply Cyber Essentials standards through suppliers. Kevin Curran, a professor of cybersecurity at Ulster University, described the pledge as “a voluntary scheme with three modest asks” and said the pledge arrives alongside legislative and planning work on cyber security and resilience.

Industry responses highlighted practical limits. Michael Jepson, head of penetration testing at CybaVerse, said many current breaches stem from process and configuration failures rather than advanced AI-driven attacks, citing asset management, access control, patching and monitoring as persistent issues. Michael Adjei, director of system engineering at Illumio, noted constraints such as legacy infrastructure, slow patching cycles and uneven AI maturity that could slow the adoption of autonomous agents, and he said agent performance will depend on identity systems, data quality, supply chain security and governance.

The NCSC said delivery of Cyber Shield will require cooperation across government, industry and research communities, and officials emphasised the need for explainable, reliable AI and federation mechanisms that protect privacy while allowing coordinated action. The government published both the Cyber Shield plans and the Cyber Resilience Pledge on July 7, 2026, and invited organisations interested in partnering to contact the NCSC.

Articles by this author