The New Cyber-Industrial Complex: AI Defence Against State-Backed Attacks

On 22 April 2026, Richard Horne, chief executive of the United Kingdom’s National Cyber Security Centre, told the audience at CYBERUK in Glasgow that the centre had handled more than two hundred nationally significant incidents in the previous year, more than double the year before. Most, he said, originated directly or indirectly from nation states. Chinese intelligence and military agencies, in his words, now display an “eye-watering level of sophistication” in cyberspace. Russia is moving the techniques honed in its war on Ukraine into operations against the wider Atlantic alliance. Iran is using cyber tools to project repression onto British streets. The same week, Security Minister Dan Jarvis used the same stage to invite Anthropic, OpenAI and Google DeepMind into a structured partnership to build the United Kingdom’s autonomous cyber defences. The signal was unmistakable. Cybersecurity has graduated from enterprise software into national infrastructure, and a new industrial complex is being built around it.

From enterprise category to national infrastructure. For two decades, cybersecurity was treated as a procurement line item. Firewalls, endpoint agents, security information and event management platforms, all bought by chief information security officers, governed by audit committees, regulated lightly. That model is breaking under the weight of state-backed activity. Horne’s framing makes the shift explicit. When the NCSC handles four nationally significant incidents a week and the majority trace to foreign intelligence services, the network is no longer a private asset; it is a national one. Critical infrastructure operators in Britain, the United States, Germany and Japan are converging on the same conclusion. Power grids, payment systems, hospitals, ports and telecommunications networks need defensive capabilities at the speed and scale of the offensive ones now being deployed against them. That capability cannot be procured off the shelf in 2026. It has to be built, with frontier artificial intelligence at its core, and the question of who builds it is now a question of statecraft.

The threat surface, quantified. The UK AI Security Institute now assesses that the cyber-offensive capability of frontier AI systems is doubling roughly every four months. That is faster than any prior generation of attack tooling and faster than the patching cycles of most regulated organisations. Horne was specific about Anthropic’s Claude Mythos: the model is not discovering novel classes of vulnerability, but it is compressing the time required to find and weaponise known ones from weeks to minutes. The Bank of England’s Cross Market Operational Resilience Group has formally raised the model with regulated banks and insurers. The NCSC has issued an open letter to British business leaders calling for “ten times urgency” on cyber defences. Volt Typhoon and Salt Typhoon, the Chinese campaigns against Western telecommunications and utility networks, remain unresolved. Russia’s military intelligence is recycling its battlefield playbook against allied ports and logistics. None of this is hypothetical. The market for defensive AI is being defined by these realities, not by abstract demand. The buyers are nation states; the threat models are written by other nation states.

Silicon Valley as the new defence prime. Two companies have moved from outsider status to the centre of the United States defence stack in the past eighteen months. Palantir secured an enterprise software agreement with the Department of Defense valued at up to ten billion dollars, consolidating dozens of separate contracts under a single ceiling. Anduril took a parallel deal worth up to twenty billion dollars, replacing roughly a hundred and thirty prior orders. The top ten artificial intelligence contracts awarded by the Pentagon in fiscal year 2025 totalled $38.3 billion. The FY 2026 budget request carries a dedicated $13.4 billion line for AI and autonomy. Defence-tech revenue at the new generation of vendors grew at a compound annual rate of 31 percent between 2020 and 2024, against 8 percent at the legacy primes. In cyber specifically, the United States Treasury has issued a $20 billion blanket purchase agreement, named PROTECTS, for enterprise cyber technology and services. Wraithwatch, a startup founded by alumni of Palantir and Anduril, was selected for a $30 million federal contract to deploy an agentic AI cyber defence platform across multiple federal agencies. The defence prime category, dominated for sixty years by Lockheed Martin, Raytheon, Northrop Grumman and BAE Systems, is being rewritten in software.

The frontier labs are being drafted. The UK Security Minister’s invitation to Anthropic, OpenAI and Google DeepMind is not a normal procurement. These companies do not sell finished defensive products. They licence access to the underlying models on which both attack and defence will increasingly depend. Project Glasswing, the bank trial referenced by the NCSC, and the proposed National Cyber Action Plan due in summer 2026 are the early scaffolding for a long-term arrangement. The structural question is whether the relationship becomes a regulated supplier framework, similar to how the United States Department of Defense governs cleared semiconductor manufacturers, or whether it remains a voluntary partnership at the discretion of model providers. Anthropic’s Claude Mythos is the first concrete test. Horne called it both a “warning shot” about the trajectory of AI capability and a potential “net positive” for British cyber defence, depending on how it is governed. The same model that lets attackers compress vulnerability discovery to minutes can let defenders compress patching to minutes, but only if it sits inside the right perimeter. The issue is no longer whether frontier AI belongs in cyber defence. It is whose perimeter the models sit inside.

Sovereign cloud and the geography of trust. The hyperscalers have read the political weather. Microsoft’s Sovereign Cloud, expanded in February 2026, can run large AI models in fully disconnected mode within a customer’s national boundaries. Google has restructured its European offering through S3NS in partnership with Thales. Amazon Web Services has launched a dedicated European Sovereign Cloud. Worldwide spending on sovereign cloud infrastructure as a service is forecast to reach eighty billion dollars in 2026, a 35.6 percent rise on the prior year. Yet European government buyers remain sceptical. No United States-headquartered hyperscaler can credibly promise immunity from the CLOUD Act or from American executive orders, regardless of where data physically resides. That gap creates room for genuine sovereign alternatives: domestic providers, government-owned clouds, and private compute clusters operated by allied non-US firms. The cyber-industrial complex is not a single stack. It is a layered competition between sovereign hardware vendors, between national AI labs, between cleared cloud operators, and between cyber primes. Governments will buy from each layer based on a combination of capability, trust and political control. Vendors excluded from any layer will be excluded from the most lucrative part of the market.

Three structural shifts to watch. First, cybersecurity budgets will be pulled upward, out of the chief information security officer’s domain and into national resilience programmes. The UK National Cyber Action Plan, the European Cyber Resilience Act follow-on, and parallel work in Washington are already aligning on that trajectory. Second, the pool of qualified suppliers will narrow. Building AI-grade cyber defence at speed requires frontier model access, large compute fleets, cleared engineers, and integration with classified threat intelligence. Few firms clear all four bars; those that do will entrench. Third, allied governments will start treating model access the way they have long treated weapons exports. Expect formal supplier vetting, model classification, and bilateral agreements that give NATO governments preferential access to certain capabilities while restricting non-aligned states. None of this carries the visual romance of a fighter aircraft programme, but the strategic stakes are comparable. The networks being defended carry the modern economy’s blood supply.

The contest, restated. The cyber-industrial complex is not coming. It is here, taking shape in real procurement decisions, real contract ceilings, and real ministerial speeches. The contest now is not whether AI will dominate cyber defence; that is settled. The contest is over who governments will trust to host it, train it, and operate it. That decision is being made country by country, layer by layer, in 2026. Companies and capitals that lose those rounds will not get a second one.

Read our full Report Disclaimer.