The U.K. National Cyber Security Centre (NCSC) warned Wednesday that around 100 nations have procured commercial cyber intrusion software capable of targeting British infrastructure, citizens, and companies, up from 80 countries in 2023. The agency said nation-state actors now account for the majority of serious U.K. cyberattacks, as nationally significant incidents doubled in a single year.
NCSC chief executive Richard Horne, speaking at the CYBERUK 2026 conference in Glasgow, told delegates that companies failing to treat cybersecurity as a priority are “no longer just naïve” but are “failing to grasp the reality of today’s world.” The agency handles around four nationally significant cyber incidents per week.
Anthropic separately confirmed on Wednesday it is investigating a report of unauthorized access to its Claude Mythos Preview model through a third-party vendor.
LATEST: Anthropic confirms breach of Claude Mythos model and has launched an investigation into the unauthorized access, per bloomberg.
Attackers used contractor login credentials of a compromised third party vendor and guessed internal URLs to access multiple unreleased…
— Summit Horizon (@SummitHorizon_) April 22, 2026
Mythos is an unreleased AI that Anthropic says can find and exploit vulnerabilities beyond the capability of nearly all human security experts, a system the company has refused to release publicly.
Britain’s National Protective Security Authority (NPSA), part of MI5, has contacted nuclear, water, and telecoms operators over the Mythos threat.
A similar pattern emerged in March 2026, when DarkSword, an iOS exploit chain built on multiple zero-day vulnerabilities identified by Google’s Threat Intelligence Group, appeared on GitHub and put unpatched iPhones and iPads at risk.
Horne identified China, Russia, and Iran as the primary state actors, describing Chinese intelligence and military agencies as demonstrating “an eye-watering level of sophistication” and warning that Russia has moved tactics from Ukraine “beyond the battlefield.” Iran, he said, is “almost certainly using cyber activity to support the repression of British individuals on our streets.”
🚨News from CYBERUK 2026 conference in Glasgow-UK 🚨
Richard Horne, CEO of the NCSC, just delivered a wake-up call that every business leader and security professional needs to hear. The UK isn’t just facing a “higher” volume of threats; we are navigating a fundamental shift… pic.twitter.com/mJa6lw7wsk
— Shahzad Khalid (@ShahzadKhld) April 22, 2026
Security Minister Dan Jarvis called for AI companies to work with the government to build systems capable of “autonomously identifying and addressing vulnerabilities at a speed and scale no human can match.”
