Jessica Entwistle
July 6 2026
Today's stories reflect how established security principles remain relevant even as technology evolves. The National Crime Agency has issued guidance on protecting children's images from AI misuse, the NHS is deploying AI-powered triage tools across its app, UK banks continue to leave multi-factor authentication optional despite rising fraud, and the ransomware landscape is consolidating around major operators like Qilin. Each development highlights the importance of clear governance, proportionate controls and practical risk management in areas where technology, human behaviour and operational reality intersect.
The National Crime Agency has issued a public warning urging parents not to share children's images online, citing a growing threat of those images being manipulated using AI to create child sexual abuse material. The BBC reports that the NCA's warning comes amid increasing evidence that publicly available photographs of children are being harvested and altered using generative AI tools. The agency is advising families to review privacy settings on social media platforms, limit who can view images of children, and consider whether sharing certain photographs is necessary. The warning reflects broader concerns about how accessible AI tools are lowering the technical barrier for creating harmful content, and how widely shared family images can be repurposed without consent or knowledge.
For UK organisations, this development is relevant beyond safeguarding policy. It highlights how generative AI is being used to manipulate legitimate content in ways that create reputational, legal and safeguarding risks. Organisations that handle images of children, whether in education, healthcare, sports clubs, charities or local authorities, should review how those images are stored, shared and published. The operational question is whether image sharing practices, consent processes and privacy controls reflect the changed risk environment. This is also a prompt to consider how AI acceptable use policies address the creation or manipulation of images, and whether staff understand the safeguarding implications of generative AI tools that may be accessible through personal or work devices.
For UK businesses and public sector organisations that work with children or publish images online, this is a prompt to review image handling policies, consent frameworks and privacy controls. It is worth considering whether staff training on safeguarding and acceptable use policies adequately covers the risks associated with generative AI and image manipulation.
Source: BBC Technology
The NHS in England is introducing AI-powered triage functionality within the NHS App to help direct patients to appropriate services, according to The Guardian. The tool will assess patient symptoms and recommend whether they should book a GP appointment, visit a pharmacy, or attend A&E, depending on the severity of their condition. The update is expected to reach around 200,000 patients over the next year as part of a £10 billion programme to modernise NHS systems. The AI triage tool is intended to reduce pressure on GP services by routing lower-acuity cases to alternative pathways, while ensuring patients with urgent needs are directed to emergency care. The rollout represents a significant operational shift in how the NHS manages patient access and demand across primary and urgent care services.
This development matters for UK organisations because it demonstrates how AI is being deployed in high-stakes, public-facing services where clinical safety, data protection and accountability are critical. The NHS App handles sensitive health data for millions of users, and the introduction of AI-driven decision-making raises questions about how algorithmic recommendations are validated, how errors or inappropriate triage decisions are identified and corrected, and how accountability is maintained when an AI tool influences care pathways. For organisations deploying AI in customer-facing or operational contexts, the NHS rollout is a useful reference point for thinking about governance, transparency, testing and the importance of human oversight in automated decision-making systems. It also highlights the need for clear communication with users about how AI tools work and what role they play in service delivery.
For many organisations considering AI deployment in operational or customer-facing roles, the NHS triage rollout is a reminder that governance, transparency and accountability must be designed in from the start. This is a prompt to review how AI tools are tested, how decisions are explained to users, and how errors or unintended outcomes are detected and managed.
Source: The Guardian
UK financial institutions are putting customers at risk by continuing to make multi-factor authentication optional rather than mandatory, according to analysis published by The Register. The report highlights that many banks allow customers to access online banking using only a password, despite widespread recognition that single-factor authentication is insufficient to protect against credential theft, phishing and account takeover attacks. The decision to keep MFA optional is often justified on the grounds of customer convenience and reducing friction during login, but it leaves accounts exposed to straightforward attacks that MFA would prevent. The Register notes that while some banks have introduced MFA for certain high-risk actions, such as setting up new payees, many still do not enforce it for routine account access, creating an inconsistent and inadequate security posture across the sector.
This matters operationally because it reflects a broader tension between security, usability and customer experience that many UK organisations face. The banking sector's reluctance to mandate MFA demonstrates how convenience can be prioritised over security even in high-risk environments where financial fraud is a daily reality. For UK businesses, this is a reminder that optional security controls are often not used, and that relying on users to make the right security decision is not a reliable defence. Organisations should review whether MFA is enforced across all access points to critical systems, whether legacy authentication methods are still in use, and whether customer-facing services are protected by controls that reflect the actual threat environment rather than historical assumptions about user behaviour.
For UK businesses, this is a prompt to review whether multi-factor authentication is enforced rather than optional across all systems that handle sensitive data or financial transactions. Consider whether legacy authentication methods remain in use and whether customer-facing services are protected by controls that reflect current threat levels.
Source: The Register
The ransomware landscape is consolidating around a smaller number of major operators, with the Qilin ransomware-as-a-service group now identified as the leading player, according to research published by Infosecurity Magazine. The analysis shows that following the disruption or decline of several high-profile ransomware groups, the market has reconsolidated around operators like Qilin, which have maintained consistent activity, reliable infrastructure and effective affiliate recruitment. Qilin operates a ransomware-as-a-service model, providing tools, infrastructure and negotiation support to affiliates who carry out attacks in exchange for a share of ransom payments. The group has been linked to attacks across multiple sectors, including healthcare, manufacturing and professional services, and is known for using double extortion tactics that combine encryption with the threat of data publication.
For UK organisations, this consolidation trend is operationally significant because it suggests that ransomware attacks are becoming more professionalised and consistent rather than fragmented and opportunistic. A smaller number of dominant operators means that attack techniques, negotiation tactics and targeting patterns may become more predictable, but it also means that these groups have greater resources, more sophisticated tooling and stronger operational security. The Qilin group's focus on double extortion underscores the importance of treating data exfiltration as a primary risk, not just encryption. Organisations should review whether backup and recovery plans account for data theft, whether incident response procedures include steps to assess what data may have been accessed, and whether cyber insurance policies and legal obligations are understood in the context of data publication threats.
For UK businesses, the consolidation of ransomware activity around major operators like Qilin is a reminder to review whether incident response plans account for data exfiltration and publication threats, not just encryption. Consider whether backup strategies, cyber insurance coverage and legal obligations are aligned to the reality of double extortion attacks.
Source: Infosecurity Magazine
Today's stories reflect how good security practice remains grounded in familiar principles even as technology and threats evolve. Whether it is protecting children's images from AI misuse, deploying AI tools in public services, enforcing MFA in banking, or preparing for ransomware attacks, the common thread is the importance of clear governance, proportionate controls and practical risk management. Mature security comes from understanding how technology, human behaviour and operational reality intersect, and from making sure that policies, training and technical controls are aligned to the risks that actually exist rather than the risks we assume are manageable. The organisations that manage these challenges well are the ones that have already built the habits, ownership and discipline that allow them to respond confidently when the environment changes.