UK NCSC warns on AI scanners

The U.K.'s National Cyber Security Centre said on May 15 that organizations should be cautious about relying on artificial intelligence tools for vulnerability discovery and scanning, while continuing to push its free Early Warning alerting service for U.K.-based networks. The warning lands as the agency has been publishing a broader set of assessments saying AI is making cyber intrusion faster and more accessible to attackers. The NCSC has also been arguing that the same technology can help defenders, but only if it is deployed with basic security controls and realistic expectations. A May 14 social-media post from the agency promoted Early Warning as a way for organizations to receive notifications of malicious activity affecting their networks. ### What is the NCSC warning about when it talks about AI scanners? The NCSC has been telling organizations that AI can speed up vulnerability discovery, but that faster discovery also compresses the time available to fix exposed systems. In its April 2026 threat assessment, the agency said AI will “almost certainly” make parts of cyber intrusion more effective and efficient, and said the time between disclosure and exploitation of known vulnerabilities could shrink further from a window that has already narrowed to days. (ncsc.gov.uk) An April 15 NCSC blog post framed the issue more directly for defenders, saying AI is accelerating vulnerability discovery and that organizations need to raise their security baselines. A separate April post on supporting AI adoption for U.K. cyber defense said the agency sees clear potential for AI in areas including threat detection, while also warning that, in the near term, AI is likely to expose weaknesses in organizations that have not secured their systems. (ncsc.gov.uk) ### Does the agency oppose using AI for defense? The NCSC has not told organizations to avoid AI tools. Its recent material says defenders should expect at least some attackers already to have access to capable AI systems, and says cyber defenders need to be ready to use comparable capabilities on the defensive side. The agency's published guidance also says AI systems bring novel security vulnerabilities alongside standard cyber risks. (ncsc.gov.uk) In separate guidance for executives, the NCSC said AI should be developed and used in a safe and responsible way, particularly when risks are still uncertain. ### What is Early Warning, and who can use it? Early Warning is a free NCSC service for U.K. organizations that sends email alerts about potential cyber attacks affecting their networks. (ncsc.gov.uk) The service is available through MyNCSC and is aimed at organizations based in the United Kingdom. The sign-up process takes about five minutes, according to the service page. (ncsc.gov.uk) Organizations need a MyNCSC account, their organization name, public IP addresses and domain names, plus contact details for the people who should receive alerts. ### How much activity does the service actually report? The NCSC says Early Warning delivers an average of 2,000 alerts each month to users. (ncsc.gov.uk) The service says it can notify organizations about malware and vulnerabilities affecting their networks, drawing on feeds from the NCSC, trusted public, commercial and closed sources, including some privileged feeds not otherwise available. A case study on the service page says Early Warning helped notify a supplier of a web shell linked to the 2021 Microsoft Exchange vulnerabilities after initial checks and patching had failed to find the problem. The same page says 43% of businesses and 30% of charities reported some form of cyber breach or attack in the previous 12 months, citing the 2025 Cyber Breaches Survey. (ncsc.gov.uk) ### What does the NCSC say organizations should do now? The NCSC says Early Warning should be treated as a basic layer of cyber security, not as the only control protecting a network. Its guidance says the service should complement existing security controls rather than replace them. Paul Chichester, the NCSC's director of operations, said in the agency's April 2026 assessment launch that organizations should implement strong cyber security practices across AI systems and their dependencies and keep defenses up to date. (ncsc.gov.uk) The agency points organizations to broader guidance including the Cyber Assessment Framework and its “10 Steps to Cyber Security.” May 14 posts promoting Early Warning directed organizations to register through MyNCSC, and the service page remains live for U.K. users seeking alerts tied to their public-facing infrastructure. The NCSC's AI and threat-assessment pages also remain available for organizations reviewing how to deploy AI-enabled defensive tools without treating them as a standalone answer. (ncsc.gov.uk 1) (ncsc.gov.uk 2)