To counter a threat that learns and adapts at machine speed, defence cannot rely solely on reacting to alerts after they trigger. It must be rooted in foresight, understanding which missions matter most, how they can be disrupted and how adversaries are likely to exploit them.
The recent surge in AI-driven reconnaissance against UK SMEs and infrastructure is a ‘wake up’ call. Attackers can now use AI to automate discovery, decision-making and exploitation at an unprecedented scale.
AI has dramatically lowered the cost and complexity of cyberattacks. This has shifted the threshold for what constitutes effective security and has exposed the UK’s Critical National Infrastructure and Defence sectors to fast, automated threats. In this environment, traditional, compliance‑focused risk assessments and models are no longer adequate. Protecting national interests now requires mission‑assured resilience, where essential functions, such as energy distribution and military readiness, remain robust even under sustained machine speed pressure.
To meet these challenges, Leonardo applies its SHIELD methodology, not as a reactive cyber tool, but as a structured way to understand, prioritise and reduce real operational risk. It enables organisations to proactively mitigate AI-enabled threats and strengthen long-term sovereign resilience.
SHIELD is a threat-informed, mission-centric approach to cyber resilience designed to anticipate and mitigate attacks before they escalate into national crises. It ensures that essential services can withstand, absorb and continue to function despite AI-augmented attack efforts.
The following outline details how each stage of the SHIELD methodology (Situation, Hostiles, Investigate, Exploit, Losses, Durability) specifically counters the challenges posed by AI-enabled adversaries.
1. Situation: Defining the Mission-Critical Path
- The Focus: We map the dependencies between digital assets and the delivery of national services – be that a carrier strike group’s data link or the automated logic of a regional water treatment plant.
- Strategic Outcome: Identification of “Crown Jewels” that, if lost, would threaten national safety or security.
- Countering the AI Threat: AI allows attackers to exploit complex, interdependent fabrics of technology. By mapping the mission path, we identify which cascading failures an AI agent might target to achieve maximum disruption.
2. Hostiles: Adversary-Centric Intelligence
- The Focus: SHIELD uses modular threat frameworks (like MITRE ATT&CK) to model specific state-level Advanced Persistent Threats (APTs) and their tactics, techniques and procedures (TTPs).
- Strategic Outcome: A shift from defending against everything to defeating the most likely and dangerous adversaries.
- Countering the AI Threat: We specifically model the use of Agentic AI. While traditional profiles look for human-speed coordination, SHIELD accounts for autonomous execution and strategies that adapt at machine speed.
3. Investigate: The Converged Surface
- The Focus: SHIELD investigates the socio-technical vulnerabilities where IT, OT and physical infrastructure meet. Vulnerabilities that an adversary could exploit at scale using AI.
- Strategic Outcome: Comprehensive visibility across the entirety of a department’s or CNI provider’s estate, including legacy black-box systems.
- Countering the AI Threat: Generative AI can now autonomously interrogate and share feedback on vast amounts of reconnaissance data to identify exploitation methods without requiring specialist human expertise. The modular and target-agnostic approach of SHIELD enables the identification of these hidden vulnerabilities, disrupting adversaries from using AI to turn a digital breach into a physical kinetic effect.
4. Exploit: Realistic War-Gaming
- The Focus: We model how threats chain minor weaknesses together to navigate a network.
- Strategic Outcome: Prioritisation of remediation based on what an attacker wants to achieve, rather than just the severity of a vulnerability.
- Countering the AI Threat: We simulate how Generative AI can create tailored exploit code in near-real time.
5. Losses: Quantifying Sovereign Impact
- The Focus: We quantify impact through the lens of mission degradations, public safety and national reputation, rather than purely financial cost.
- Strategic Outcome: Enabling key decision-makers to make informed, risk-based investment decisions backed by data.
- Countering the AI Threat: AI reduces the cost of high-impact attacks. SHIELD quantifies these sovereign losses to justify investments in AI-based detection and response capabilities.
6. Durability: Building the Digital Shield
- The Focus: We recommend a spectrum of targeted people, process, and technology interventions to strengthen resilience – ranging from workforce upskilling and governance improvements to advanced technical measures such as post-quantum cryptographic readiness to hardened cross-domain solutions.
- Strategic Outcome: A roadmap for long-term resilience that ensures the UK’s essential services remain durable under the most extreme cyber stresses.
- Countering the AI Threat: This stage moves the organisation from a reactive posture to active durability, providing the Digital Shield to fight through an attack, including those that are AI-enabled, and maintain service continuity.
Conclusion: A United Front
The AI-augmented threat landscape is complex, but it is not insurmountable. By moving from a reactive mindset to the mission assurance provided by SHIELD, UK Defence and CNI leaders can secure the nation’s most critical assets. Leonardo remains at the forefront of this effort, ensuring that the same rigour we apply to our own cyber defence is available to protect the UK’s sovereign interests.
Learn more by contacting ukcyberservices@leonardo.com