News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Protect your organisation
  3. Frontier AI: Managing the increasing risks from vulnerabilities
Guidance

Frontier AI: Managing the increasing risks from vulnerabilities

This guidance is aimed at network defenders and outlines how to manage the increasing risk from vulnerabilities discovered with the introduction of Frontier AI.

Roles & Audiences

IT Specialist Decision makers Government Large organisations

PUBLISHED DATE: 18 June 2026

Frontier AI

Frontier AI represents the most advanced models of AI software.  Frontier AI models have demonstrated the ability to discover vulnerabilities in software products, with implications for the threat landscape. 

This guidance is aimed at network defenders and outlines how to manage the increasing risk from vulnerabilities discovered with the introduction of Frontier AI.

It includes the following:

As new vulnerabilities continue to be discovered, the best line of defence remains effective security controls. The NCSC recommends that organisations review their current security posture to ensure that it remains fit for purpose and that appropriate methods to detect and contain malicious activity are implemented across the network.

To read more guidance about Frontier AI, see The implications of Frontier AI models for cyber defence and Cyber readiness in the Frontier AI era.

Using AI to find vulnerabilities

There has been significant industry reporting on the capability of AI to identify vulnerabilities in source code. Some organisations that write their own code are now seeking to establish programmes to scan their source code using AI so that they can remediate any vulnerabilities found. 

Secure use of AI for vulnerability discovery

If you do decide to use AI for vulnerability discovery, it is important that you do this in a secure manner to prevent accidentally leaking information or creating disruptions in your systems.

This includes:

  • Limiting what the AI can do and what it can access so it can perform no more than its intended function.
  • Ideally only giving it access in a testing or development environment.
  • Running it in a service account with only the permissions it needs.
  • Running it in a sandboxed environment.
  • You should also understand your organisation’s operating environment and obligations including policies, laws and standards, as using ‘AI as a Service’ may send your source code, intellectual property, or other sensitive information to the vendor.
  • To read more on this, see Careful Adoption of Agentic AI Services.
Ensure you have a robust vulnerability management process

Vulnerability discovery, even without AI, is part of a larger vulnerability management process. This includes patch management as well as vulnerability identification, prioritisation, validation, remediation, and reporting. To benefit from discovering vulnerabilities using AI, it is important that you have the capability to manage them. This should include processes for filtering out false positives, prioritising what remains, and making changes that address root causes and classes of vulnerabilities, rather than just one-off solutions.

Keep investing in people

Whether you are using AI for discovering vulnerabilities or focusing on the fundamentals, investing in people and training will significantly improve the security of your organisation. For vulnerability discovery in code, people with experience in cybersecurity or in the IT systems in question can guide and validate AI vulnerability discovery to increase speed and accuracy. AI models should be used to complement the skills of your staff.

Assuming compromise

Threat actors are increasingly using AI to discover and exploit vulnerabilities. Some of these, such as zero-day vulnerabilities, could be difficult to prevent and detect. As for newly published vulnerabilities, AI reduces time between discovery and exploitation, leaving organisations with less time to patch. As such, organisations should assume that they will be compromised.

Defending in this environment means meeting minimum standards, implementing defence in depth principles, monitoring for suspicious behaviour on networks and endpoints, and having a good incident response plan.

To read more about assuming compromise: read Detect Unusual Behaviour, Response Planning, and Data Recovery.

Reducing exposure to the internet 

One of the most effective ways to reduce the number of exploits targeting your organisation is to minimise the number of systems exposed to the internet. This is especially important for high-risk systems like admin login panels, legacy systems, and systems relating to Operational Technology (OT).

The first step for this is identifying what systems you have and which of them are internet accessible.

Once you have identified the internet accessible systems, you can assess whether they need to be exposed and, if they do, what compensating controls can be put in place. 

To read more about identifying what systems you have, see Assets and their Importance and Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.

Managing supply chain risk

Depending on how much software development your organisation does, exposure to vulnerabilities in code may be via products or services that you have limited control over. 

The first step to securing your software supply chain is working to understand what you use. This may include commercial software, open-source software and related dependencies.

Commercial software

For commercial software, including cloud services, we recommend working with software suppliers to understand their security practices and their vulnerability management processes so that you can ensure they meet your needs. If this includes AI services, ensure you review your suppliers’ AI assurance policies, such as security and privacy documentation, data sovereignty statements, and information on third-party models. We also recommend working to ensure that when your supplier does put out an update with security impacts, you are able to apply the update as quickly as possible.

Open-source software and dependencies

For open-source software and dependencies, we recommend using Software Bill of Materials or tools to identify dependencies and vulnerabilities impacting them. These vulnerabilities will have to be prioritised based on the severity of the impact, how accessible the systems are, and the ease of exploitation.

It is likely that AI will be used extensively to discover vulnerabilities in open-source software, as source code is inherently accessible.

We are also aware that open-source supply chains have been targeted, with malware like Shai-Hulud being used to compromise major packages.

To read more about supply chains, see Supply Chain Cyber Security: In Safe Hands.

Recommended actions

Based on what we’ve discussed above, these are the actions you can take in addition to the actions from our previous guidance:

  • Apply Minimum Cyber Security Standards.
  • Ensure you have a good vulnerability management process, including frequent and timely patching.
  • Put controls in place to manage any use of AI for vulnerability discovery.
    • Limit AI access to only what it needs for its intended function.
    • Consider your legal and contractual obligations, and
    • Invest in cybersecurity skills and training.
  • Apply an ‘assume compromised mindset’.
    • Implement defence in depth principles
    • Monitor for suspicious behaviour on networks and endpoints, and
    • Have a good incident response plan.
  • Reduce exposure to the internet.
  • Manage your supply chain.
    • Understand supplier security controls
    • Apply updates quickly, and
    • Identify and mitigate vulnerabilities in your supply chain.

Topics

Artificial intelligence