The AI Cyber Threat Has Moved From Theoretical to Operational
A considered read for CIOs, CTOs and CISOs thinking about what AI really means for cyber.
If you have not watched the latest report from Sky News technology correspondent Rowland Manthorpe, Why the AI cyber threat is rising, then we would highly suggest you stop reading this and have a watch. Then come back here when you are ready.
We think it matters. The story he tells, backed by data from the UK AI Security Institute, the US Center for AI Standards and Innovation (CAISI), and the threat intelligence team at Anthropic, describes what may turn out to be one of the most significant shifts in cyber risk since ransomware went mainstream.
The short version, as we read it. AI models are now capable enough to run live cyber attacks at scale, with surprisingly little human involvement, and at speeds that traditional defensive teams will find very difficult to match in real time.
The longer version is what this piece is about, and why, in our view, your patching strategy and your internal AI policy probably deserve a fresh look this summer rather than waiting until later in the year.
What the report actually shows us
For two years or so, the AI and cyber conversation has been dominated by the hypothetical. The Sky News segment, and the evidence underneath it, helps move that conversation onto firmer ground.
A few things stood out to us.
- Anthropic has disclosed what they describe as the first documented case of cyber espionage orchestrated by AI. A threat actor aligned with a nation state, assessed with high confidence to be Chinese, manipulated the Claude Code tool from Anthropic into attempting infiltration of roughly 30 global targets, including technology firms, financial institutions, chemical manufacturers and government agencies. The AI is reported to have carried out 80 to 90 percent of the operational work autonomously, at request rates a human team simply could not match.
- This is not an issue confined to a single model. Benchmark data from AISI and CAISI suggests cyber offensive capability is rising sharply across the frontier. The Mythos model from Anthropic and GPT 5.5 Cyber from OpenAI appear to be the leading edge of an industry wide step change, not outliers.
- Open source models look like the multiplier. Increasingly capable open source models, many of them coming out of China, are closing the gap with frontier systems. When those capabilities become freely available, attacker economics shift considerably. Threats that used to require a well funded group become accessible to a much wider pool.
- And the patching gap appears to be widening. AI is reportedly finding vulnerabilities in hours. Most organisations still patch in days, weeks or, in our experience, sometimes longer. That difference is, in effect, the new attack surface.
Why we think this is a board level conversation
For CIOs, CTOs and CISOs, this feels like a moment to revisit the risk register with fresh eyes rather than carry on with the assumptions of last year.
Three points we would offer for consideration.
1. Most SOCs are built around human attacker tempo. Detection rules, MTTR targets, escalation runbooks. Almost every operational metric assumes a person on the other end. An AI agent making thousands of decisions per second strains that assumption. We think defensive automation is moving from being the next maturity step to being the new baseline rather quickly.
2. Internal AI use is now part of the attack surface. The same agentic capabilities being misused externally are already inside Copilot, Claude, Gemini and a number of browser extensions colleagues may have installed quietly. Without a clear AI usage policy, data classification, and a sensible tool whitelist, organisations can find themselves leaking the very context an attacker would benefit from later.
3. A 30 day patch SLA is starting to feel optimistic. When AI can weaponise a CVE in hours, the maths around patching cadence shifts. We think vulnerability management is moving from project cadence towards something closer to operational tempo, and that is worth planning for now rather than reacting to later.
A frank thought
Here is something we do not think enough of the industry is saying out loud. Many of us in cyber had quietly hoped AI would help defenders more than attackers. The Sky News data suggests, at least for the moment, the opposite is happening first. Attackers do not have governance committees, change boards or regulatory sign off. They iterate weekly. Most enterprises iterate annually. That asymmetry is uncomfortable, and we think it is worth naming.
If you are a CIO, CTO or CISO and your 2026 plan does not yet treat AI threat modelling, agentic attack tabletop exercises, autonomous patching, and an internal AI acceptable use policy as named workstreams with owners and deadlines, it may be worth a second pass over the plan. Not as a panic measure, simply as good practice given where the evidence now sits.
What we would suggest doing this summer
None of this needs to wait for a regulator to weigh in. A few practical steps we would suggest, broadly in order of impact.
- Have a look at your patch SLAs against the AI attacker tempo. Anything beyond 14 days for critical or high CVEs on internet facing assets is probably worth rebaselining.
- Publish an internal AI acceptable use policy. Which tools, which data classes, which workflows. Sooner rather than later.
- Run an AI attacker tabletop exercise. Assume an agent does 90 percent of the work against you and see where your detections start to creak.
- Blend Highly Certified Humans with the latest automation tools and a strong SOC partnership for true 24x7x365 cover. This is the model Managed247 has built, delivered in partnership with Huntress. We are clear on one point. Pure automation cannot read context the way an experienced analyst can, and pure human monitoring cannot match the tempo of agentic attack chains. The balance is what matters, and we are confident the human element will remain central to good cyber defence for years to come.
- Ask for AI assisted attack simulation in your next penetration test. If your current provider does not offer it, that itself is useful information.
How Managed247 sees it
Service providers and internal teams both need a plan, for patching systems and for governing AI tools inside the business. Half a plan, in our view, is not really a plan.
We are an award winning UK MSP, recognised by IT Europa, CRN, the Sunday Times Tech Track 100, Deloitte Fast 50 and the Financial Times 1000, and we have built our business on being proactive rather than reactive. Penetration testing, EDR, 24x7x365 SOC and NOC services delivered in partnership with Huntress, and compliance services are not features on a slide. They are the operational tempo we believe modern cyber defence increasingly requires, and they are powered by Highly Certified Humans working alongside the latest automation tools.
The Sky News report is, in our view, a useful prompt to pause and look again at assumptions. For some organisations, the window between interesting research and this happened to us has already closed. We would genuinely encourage you to act now rather than wait.
Do please talk to us. A 30 minute conversation with the Managed247 team is, we think, the quickest way to find out whether your patching cadence, your internal AI policy and your detection coverage are in good shape for what is already happening, rather than what might happen later in the year.
Sources and further reading. Sky News, Why the AI cyber threat is rising · Anthropic, Disrupting the first reported case of cyber espionage orchestrated by AI · UK AI Security Institute (AISI) · US Center for AI Standards and Innovation (CAISI).
