Skip to content
Dutch intelligence agencies have warned that Russia is increasingly using artificial intelligence to support cyber operations across Europe. The development signals a shift towards more automated, scalable and harder to detect attacks, reinforcing concerns about the growing sophistication of state-backed cyber activity.
The warning forms part of a broader assessment of so-called hybrid threats, where cyber attacks are combined with disinformation, espionage and disruption to critical infrastructure. While the focus is on EU member states, the implications are equally relevant for UK organisations operating within interconnected supply chains and digital ecosystems.
A shift towards automated and scalable attacks
The reported use of AI reflects a wider trend in cyber threat evolution. Automation allows threat actors to increase the speed and volume of attacks, while reducing the resources required to carry them out. This can include everything from more convincing phishing campaigns to faster vulnerability exploitation and adaptive malware.
As these capabilities mature, organisations are likely to face attacks that are not only more frequent, but also more difficult to identify using traditional security tools and processes. This raises the risk of successful compromise, particularly where legacy systems or reactive security models remain in place.
NCSC warnings highlight growing state-backed threat
The National Cyber Security Centre has consistently warned that state-backed cyber threats are increasing in both frequency and sophistication. In recent guidance, the NCSC has highlighted the risks posed by advanced persistent threat groups, particularly those linked to hostile states such as Russia, China and Iran.
These actors often target critical national infrastructure, government bodies and large enterprises, but their impact is not limited to these sectors. Many attacks reach smaller organisations through supply chains, managed service providers and third-party relationships.
For UK organisations, this reinforces the need to view cyber security not just as a technical function, but as a core component of organisational resilience.
Cyber risk is now a geopolitical issue
The latest intelligence underlines a broader shift in how cyber risk should be understood. Cyber attacks are increasingly being used as tools of geopolitical influence, sitting alongside economic and military measures.
This means organisations may be affected even if they are not the intended target. Disruption to suppliers, service providers or infrastructure can have cascading effects, particularly in sectors such as manufacturing, logistics, healthcare and professional services.
Understanding this wider context is essential for effective risk management and strategic planning.
What this means for UK organisations
As AI continues to be adopted by threat actors, organisations should expect cyber attacks to become more dynamic and less predictable. Defending against these threats requires a proactive approach that goes beyond traditional perimeter-based security.
Key priorities include improving visibility across systems and networks, strengthening detection and response capabilities, and ensuring that incident response plans are regularly tested and updated.
Aligning with recognised frameworks and guidance, including that provided by the NCSC, can help organisations build a more resilient security posture that is better equipped to deal with evolving threats.
Strengthening resilience in an evolving threat landscape
The use of AI in cyber operations is not a future concern. It is already shaping the threat landscape. For UK organisations, the focus should be on resilience, readiness and the ability to respond effectively when incidents occur.
By taking a strategic approach to cyber security and recognising its role within a broader risk environment, organisations can reduce their exposure and improve their ability to operate securely in an increasingly complex digital world.
