The head of the British intelligence and cybersecurity agency warned that the U.K. is facing a ‘moment of consequence’ as adversaries escalate hybrid operations and global technological competition accelerates. She said the world has entered a ‘new era of radical uncertainty, contested geopolitics and rapidly changing technology,’ with Russia in particular ‘relentlessly targeting critical infrastructure, democratic processes, supply chains and public trust’ across the U.K. and Europe.
Anne Keast-Butler, director of the GCHQ (Government Communications Headquarters), said in her GCHQ Annual Lecture at Bletchley Park that the speed of advances in AI (artificial intelligence), quantum computing, and space technologies is creating a ‘narrowing window’ for the U.K. and its allies to maintain strategic advantage. She warned that the ‘risk of miscalculation is as high as I’ve ever seen it,’ and called for cybersecurity to become ‘ten times more urgent’ across government, industry, and society.
Keast-Butler also pointed to new national cyber defence plans under development that would embed agentic AI into machine-speed defensive systems to counter increasingly automated threats.
“In the past few months, GCHQ has developed the blueprint for a new national cyber defence capability will hardwire cutting-edge agentic AI into machine speed cyber defence,” Keast-Butler revealed. “And as we draw on decades of expertise in machine learning to reimagine cyber security, we’re also embedding frontier AI deeper into our operations – responsibly and ethically – to enhance algorithms, translate foreign languages, and find needles in haystacks faster than ever before. AI is an unstoppable force with great opportunity. But it’s also a force with risks. “
Highlighting the GCHQ’s vital contribution in cyber, AI, quantum, and telecommunications technologies that power the nation’s security, prosperity, and growth, Keast-Butler identified these technologies as ‘critical to how every one of us lives our lives.’
She added, “But let’s be in no doubt: when it comes to technology and data, there’s a narrowing window for the UK and our allies to stay ahead.”
“Tech companies are releasing AI-driven innovations at a remarkable pace, with untold consequences, as algorithms are weaponised often just below the threshold of traditional warfare,” Keast-Butler said. “And China is now a tech superpower with sophisticated cyber, intelligence and military capabilities. One thing is clear: technology and data are no longer just tools; they are transformational forces. Data should matter to all of us.”
She recognized that the National Cyber Security Centre, part of GCHQ, plays a key role in protecting data highways and junctions that connect lives, ranging from the NHS and National Grid to the emerging data economy powering the AI revolution. “Technological leaps that cracked seemingly impossible challenges. So, in a world where technology is moving as fast as it is, I’m focused on the capabilities we need to navigate through this age of disruption.”
Acknowledging that cybersecurity is a critical priority for all businesses, Keast-Butler said, “Our experts are producing unprecedented levels of advice and guidance, but we need businesses to take immediate action now. Not just to protect livelihoods and customers, but for the front-line defence of our nation our economy and our way of life. And we need to reimagine cyber security in the AI world.”
Keast-Butler noted that “As AI gains increased autonomy, we all have an intergenerational duty to harness and secure it for good; to protect our national security, our economy and our way of life.”
She also admitted that quantum is just around the corner. “At GCHQ, we’re focused on harnessing all facets of this game-changing technology, which uses the building blocks of the universe to drive rapid innovation.”
As a mathematician herself, Keast-Butler said that the timeline for operationalizing quantum has always been a decade away. “But that’s changed. Quantum sensing is here – our new cutting-edge work with academia and industry is identifying the fingerprints of stealth, such as detecting missile launches. And once they are operational, quantum computers will be able to complete, in a matter of seconds, tasks that currently take years.”
She accepted that it includes defeating the codes and encryption that keep secrets safe today. “So we must protect our most critical systems from future quantum attacks.”
Keast-Butler extended her lens to address the space sector. “Since I became Director three years ago, over ten thousand new objects have been launched into space; each new constellation of satellites adding to the volume and speed of data crossing across our planet. This is only going to grow.”
She mentioned that China and Russia are investing heavily in space to support both peace and war ambitions. “And in the last few months, we’ve seen reports of satellite imagery underpinning Iranian attacks in the Gulf. Space-based tech is critical to both our way of life and our national security – and that’s why GCHQ is working with partners to harness, secure and defend against it.”
Analysing how fast-changing technology intersects with the threats being seen ‘in the here and now,’ including activity in the grey zone between peace and war, Keast-Butler said, “Where Russia is scaling up its daily hybrid activity against the UK and Europe, stretching from the seabed to cyberspace — relentlessly targeting critical infrastructure, democratic processes, supply chains and public trust. But let me be clear that in the face of such aggression and chaos, GCHQ is working tirelessly with intelligence and Defence partners to degrade and reduce the Russian threat.”
She added, “One area in sharp focus for us is protecting the data and energy flowing through the critical cables and pipelines in and around British waters – we do this by exposing Russia’s intent, motives and underwater capabilities. We’re also disrupting Russia’s attempts to smuggle Western tech; fending off its cyber attacks and countering reckless sabotage and assassination attempts.”
Keast-Butler outlined steps to strengthen resilience in a volatile threat environment, warning that individuals and organisations alike must take action to avoid being exposed without adequate protection. At the personal level, she pointed to immediate security improvements such as moving from passwords to passkeys, while at a broader societal level, she emphasised embedding security into emerging technologies, safeguarding supply chains, and treating cybersecurity with greater urgency across government and industry.
She also stressed the need for deeper collaboration between the public and private sectors, including stronger partnerships with industry, academia, and start-ups to accelerate development of secure technologies. GCHQ, she said, is working closely with partners across intelligence, defence and allied nations, including long-standing relationships such as UKUSA and the Five Eyes network, to counter state threats, disrupt terrorism and combat serious online crime. These alliances, she added, remain central to national and collective security in a period defined by rapid technological change and increasingly sophisticated adversaries.
“And as I conclude, it’s that which gives me confidence we can meet this moment of consequence, where we must go as fast as we can, but with our eyes wide open,” Keast-Butler said. “From boardrooms to living rooms – we can each play our part in defending against threats and preparing for potential escalation.”
Commenting on the move, Ali El Kaafarani, CEO and founder of PQShield, wrote in an emailed statement that the stance taken by GCHQ “underlines the need for critical national cybersecurity infrastructure to be robust – the era of treating cybersecurity as an operational afterthought, an IT burden, or a mere compliance checkbox, has passed. In an age where economic security is national security, digital defense can no longer be an optional upgrade.”
He added that the concern from leaders at national agencies that the U.K.’s cybersecurity infrastructure needs to be fighting fit, should push organisations to embark on change programs, such as the transition to post-quantum cryptography, and provide themselves the opportunity to reinforce as they upgrade.
“By the end of 2026, every organisation in Europe, as proposed by the EU commission and G7 Cyber Expert Group, must have internal PQC transition roadmaps, complete cryptographic inventories, and begin running pilot projects,” El Kaafarani added. “This will be the key moment for all organisations to inventory and prioritise their most urgent cryptographic assets.”
