A few recent examples of the increased threat include the US Cyber operations used to support the US operation ‘Absolute Resolve’ in Venezuela in January 2026, the suspected Russian cyber-attack that almost shut down the entirety of Poland’s power infrastructure in December and, much closer to home, a cyber-attack in August 2025 on Jaguar Land Rover’s infrastructure in the UK which caused an estimated £1.9 billion in damages to the UK economy.
AI as a Capability Multiplier for Threat Actors
Recent threat intelligence (from Google Threat Intelligence Group) confirms that AI is now acting as a significant force multiplier, enabling threat actors to enhance their cyber capabilities at speed and scale. AI reduces the time, expertise and resources required to create or adapt cyber tools.
Generative AI can generate tailored ‘exploit code’ in near real time and modify existing malware to new target environments. ‘Exploit code’ is a specialised set of software instructions or a sequence of commands that is designed to take advantage of a specific cyber security vulnerability. Generative AI can also interrogate and share feedback on reconnaissance data, to identify methods of exploitation without requiring specialist expert knowledge.
Agentic AI systems can integrate multiple models and tools to automate actions traditionally requiring human coordination. This includes the autonomous execution of complex attack sequences; adapting strategies to changing circumstances and scaling operations exponentially.
Classification Systems can assist threat actors in coordinating cyber activity with physical intrusion or drone-based reconnaissance. This increases the feasibility of targeting environments that were previously considered secure or isolated.
The Exposed Fabric of UK Society
The UK’s 13 Critical National Infrastructure (CNI) sectors rely on diverse, interconnected technology estates that often combine legacy operational technology (OT) with safety-critical systems that use a mix of commercial off-the-shelf or bespoke components.
This creates a fabric that is highly complex, interdependent and prone to cascading failures, with legacy equipment making it difficult to patch or modernise. AI-enabled, low-cost cyber weapons can exploit these conditions at scale, with attackers no longer requiring direct logical access or detailed insider knowledge.
Defensive Considerations
Addressing AI-enabled cyber threats requires a shift in defensive posture. Traditional approaches alone will not provide adequate protection. It is critical that organisations act to implement:
- Robust but efficient threat and risk identification that explicitly focusses on how system/service degradation and denial might happen.
- Identification of software provenance across the estate, to enable rapid identification of instances where disclosed vulnerabilities need action.
- The incorporation of existing security detection and response solutions with AI-based capabilities, to improve detection time and increase human analyst efficiency.
- A baseline level of cyber hygiene across the estate to prevent unforgiveable vulnerabilities.
- Not just breach prevention, but an equal emphasis on impact reduction and service continuity, backed up with breach refutation (threat hunting) activities.
How Can Leonardo Help
Leonardo is one of the UK’s largest defence organisations and experiences cyber threats every second of every day. Having helped design and run one of the world’s largest cyber security detection and response capabilities for NATO, we understand how and where cyber-attacks happen, as well as their potential speed and complexity.
Leonardo SHIELD – Our Premier Threat and Risk Tool
SHIELD is Leonardo’s approach to risk and threat assessments, which can enable you to identify measure and mitigate risk against your cyber estate in a pragmatic and realistic way, helping to properly understand how AI capabilities, both friendly and offensive, need to be acted on. We use SHIELD internally for our own needs and it has seen extensive use in our support to UK Defence.
Leonardo SCORE – Our Premier Cyber Audit Tool
SCORE is Leonardo’s approach to cyber audits. It allows for a one-to-many approach to data collection, so that one audit can report against multiple frameworks, minimising collection time and organisational disruption. We have used it extensively in UK Defence and UK CNI with great results.
Throughout 2026, Leonardo will share further details of how these and our other security and resilience products can help organisations increase resilience to cyber stresses in a cost-effective way, whilst also aligning with regulatory requirements against the latest cyber and AI threat landscape.
Learn more by contacting ukcyberservices@leonardo.com