Governments in UK and Australia Turn to Agentic AI to Defend Against Machine Speed Cyber Attacks

The UK and Australia have both moved this month to formalise how agentic AI reshapes national cyber defence, from a proposed Cyber Shield initiative to new guidance on AI model harnesses.

Omar Al-Hakeem
Senior Cyber Threat Analyst | MENA Region4 min read
National cyber security operations centre monitoring network threats using AI powered defence systems

National cyber security operations centre monitoring network threats using AI powered defence systems

Two government cyber security agencies have moved within days of each other to address how agentic artificial intelligence is reshaping national cyber defence, offering a rare side by side view of how Western governments are approaching the same problem from different angles.

In the United Kingdom, the National Cyber Security Centre has unveiled plans for what it calls Cyber Shield, an initiative that aims to use agentic AI to transform the nation's cyber defences and counter increasingly sophisticated threats. The proposal forms part of a broader effort, alongside the Department for Science, Innovation and Technology, to build a national scale AI powered cyber defence capability able to detect, analyse and eventually respond to attacks at machine speed. The initiative will initially focus on using AI to identify vulnerabilities and detect threats, before progressing toward automated mitigation, coordinated threat intelligence sharing and national level response capabilities.

Security specialists have broadly welcomed the direction while urging caution on implementation. The central argument is that adversaries will increasingly use AI agents to automate reconnaissance, vulnerability discovery, exploit development, credential attacks and lateral movement, meaning defenders operating at human speed will struggle to keep pace. At the same time, experts caution that automation without sufficient context or governance introduces its own risk, and that AI cannot compensate for weak asset visibility, unpatched systems or unclear ownership of cyber risk. A further concern raised is that AI agents themselves function as privileged non human identities, requiring the same access controls, least privilege provisioning and activity visibility as any privileged human administrator.

Australia publishes parallel guidance on AI harnesses

Separately, Australia's Signals Directorate has published an update examining the role of AI model harnesses, the orchestration layer built around one or more AI models that coordinates planning, tool use, output verification and multi agent coordination for complex tasks such as vulnerability discovery and exploit development.

The agency's assessment carries a significant implication for organisations of all sizes: a well engineered AI harness orchestrating mid tier models can achieve results comparable to top tier frontier models, meaning organisations do not need access to the most advanced AI systems to defend themselves effectively. Recent releases referenced in the guidance include a multi model scanning harness from Microsoft that coordinates more than one hundred specialised agents across an ensemble of models, an open source reference harness from Anthropic for autonomous vulnerability discovery and remediation, an orchestration framework from Cisco built on internal security research, and a security focused harness from OpenAI integrated into its coding assistant workflow.

The agency was careful to note that these capabilities cut both ways. A harness capable of finding and patching vulnerabilities is equally capable of finding and exploiting them, and the lowering of cost and skill barriers benefits opportunistic attackers as much as defenders. The practical takeaway for security teams is that any defensive advantage depends on adopting these tools at least as quickly as malicious actors, paired with the verification and remediation capacity to act on what the tools surface, a principle that applies just as directly to enterprises building their own agentic AI deployments as it does to national cyber agencies.

Why this matters for enterprise security teams

Taken together, the two releases point to the same underlying shift. Cyber defence is moving from a model built around human analysts reviewing alerts toward one where AI agents handle detection, triage and increasingly remediation, with humans retaining oversight rather than performing every step manually. For security leaders evaluating their own AI adoption roadmap, the emerging consensus is that governance, identity controls around AI agents themselves, and basic security hygiene remain the deciding factors in whether agentic AI defence actually works in practice.

Omar Al-Hakeem

Senior Cyber Threat Analyst | MENA Region

Omar Al-Hakeem is a cybersecurity researcher specializing in threat intelligence, ransomware trends, and nation-state activity across the Middle East and North Africa. With over 12 years of experience in SOC operations and incident response, he provides deep technical breakdowns of emerging attacks and regional cyber risks. At MENA Cyber Wire, Omar focuses on real-world threat analysis and actionable defense strategies for enterprises and startups.