A new UK pilot has demonstrated how AI can support cyber teams in discovering critical weaknesses.
The UK Government Cyber Coordination Center (GC3), in collaboration with the National Cyber Security Center (NCSC) and the Institute for AI Security, has completed a pilot program exploring how Frontier AI models can strengthen cyber defenses across government systems.
The initiative is part of the UK Government’s Cyber Action Plan, which aims to improve public sector cyber resilience through the use of emerging technologies.
The team participated in a series of hackathons that used advanced AI systems to analyze potential security weaknesses in public government code repositories.
A variety of approaches were tested, including multi-agent workflows, AI-assisted vulnerability research, and specialized AI skills designed to automate parts of the security audit process. Rather than relying on a single methodology, participants tested different architectures and workflows to determine which approaches produced the most effective results.
The exercise identified 407 security findings, including vulnerabilities that allow authentication bypass, data leaks, and remote code execution. The AI model has demonstrated the ability to identify relationships between technical weaknesses across multiple services and reveal attack paths that are difficult to detect with traditional scanners.
The department verified the findings through existing security processes and remediated all critical vulnerabilities.
UK officials have concluded that successful implementation will depend less on the choice of AI model and more on how AI is integrated into structured security workflows. Human experts remained responsible for validating findings, prioritizing risks, and managing remediation efforts.
Based on these results, GC3 will begin a second phase that includes adding government departments, adding AI systems, and evaluating closed-source environments.
Why is it important?
This pilot provides a practical example of how frontier AI systems can be used not only for research and experimentation, but also for operational cybersecurity. As governments and organizations face increasingly complex cyber threats, AI tools can help security teams identify vulnerabilities faster and discover attack vectors that traditional automated tools may miss.
The findings also support the importance of human oversight in AI-enabled security operations. While AI can aid in vulnerability discovery and analysis at scale, expert validation and risk management remain essential. This project highlights the growing trend of combining AI capabilities and human expertise to improve cyber resilience across critical systems and public sector infrastructure.
Want to learn more about AI, technology and digital diplomacy?? If so, please contact Diplo chatbot.
