Ofcom Asks UK Telecoms Providers to Assess Security Risks of Frontier AI

The UK broadband, mobile and internet content regulator, Ofcom, has published a new open letter that they sent to UK Communications Providers last week, which called on them to “assess [the] security risks arising from frontier AI [Artificial Intelligence] models and take appropriate mitigating action“.

The Open Letter, which was revealed as part of the regulator’s weekly publications on Friday, is intended to focus on Anthropic’s recently announced Claude Mythos Preview, a new frontier AI model that is claimed by the regulator to have “significantly advanced cyber capabilities“.

On the one hand this could help telecoms and network operators, as well as software developers, to find vulnerabilities in their systems and patch them before hackers are able to exploit such weaknesses. But as AI improves then this also suggests that the reverse could occur, with hackers and malware harnessing AI to more rapidly break into systems – likely faster than many can adapt to the threat.

The focus of Ofcom’s letter is on Anthropic’s model, but the reality is that such capabilities will no doubt emerge in other models too in the future and not all developers will be as cautious about releasing such things into the wild.

Copy of Ofcom’s Letter to Telecoms Providers

Cyber Security implications of Frontier AI

I am writing to highlight the urgent challenge posed by the rapid increase in AI capability. You will be aware that Anthropic announced Claude Mythos Preview, a new frontier model with significantly advanced cyber capabilities.

DSIT’s AI Security Institute published its evaluation of Mythos and noted that this model is incrementally more capable in terms of exploitation of vulnerabilities than any it has previously assessed. This marks a clear escalation in capability and forms part of a broader and rapidly accelerating trend. Frontier models will continue to advance quickly, increasing both the scale and speed of cyber threats. Continued and proactive investment in cyber defence is critical.

Last week, the Secretary of State for Science, Innovation and Technology Liz Kendall MP, and Security Minister Dan Jarvis MP set out their concerns and expectations in their open letter to business leaders. They make clear that the growing challenge for cyber defence is not isolated to a single company and we should be prepared for frontier AI capability to rapidly increase over the next year.

Against this backdrop, you should assess security risks arising from frontier AI models and take appropriate mitigating action, in line with your security duties and existing regulatory guidance. As a Communications Provider we expect you to implement appropriate measures, in line with those in DSIT’s Telecommunications Code of Practice. In addition, we expect you to follow any relevant advice from NCSC on this issue, including their recent published note on the cybersecurity challenges of frontier AI. This provides helpful information to guide companies’ response to this developing risk.

Ofcom is closely monitoring these technical developments, and we will take a proactive approach to working with you to address the challenges and opportunities. We will be in touch to take stock of progress so far and where additional action may be required.

Please do not hesitate to get in touch if you would like to discuss this issue.

Yours sincerely,

Natalie Black