European Commission takes action on cybersecurity and AI
In this Brussels Brief, Jonathan Spencer Jones highlights the European Commission's new action plan to address the risks of AI models for cybersecurity.

Marking the next step in the drive to provide an overarching approach to the use of AI in Europe – previous steps including in the energy sector the action plan for AI and more generally the AI Act – the new action plan marks a welcome approach in what is an increasingly complex area.
Just as the use of AI is growing rapidly across sectors, so too is its ‘misuse’ to automate and increase the scale and speed of cyber attacks.
According to the cyber company DeepStrike, in 2025 globally phishing attacks increased by 1,265%, attributed to growth of generative AI tools, and the number of reported AI-enabled cyber attacks rose 47%.
Breach volume also reached record levels with analysis of over 22,000 incidents revealing almost 12,200 confirmed breaches.
DeepStrike also indicated that critical infrastructure organisations, including the energy sector, continue to draw persistent attention from adversaries and that their exposure rises when operational technology connects to cloud AI services without strict segmentation and monitoring.
Also of interest
EU Energy Projects Podcast: Chronicle, Reflex and EFORT: Strengthening buildings, flexibility and cybersecurity in Europe’s energy system
The energy sector digitalisation and AI roadmap addresses cybersecurity, noting the need for resilient supply chains and in particular for strengthening the safety of AI and cybersecurity of critical devices, such as solar inverters.
The new cybersecurity and AI action plan, with its higher level vision, is aimed to provide “an initial and targeted response” to support member states and organisations in the EU to address the underlying issues and opportunities brought by AI in cybersecurity.
The action plan covers three broad areas – promoting the safe and responsible use of advanced AI with evaluation before release, reinforcing the EU's cybersecurity and resilience through support to critical sectors and SMEs in preparing for AI-powered cyber threats, and scaling up Europe's AI capabilities for cybersecurity with a local ecosystem around them.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy in DG Connect, said of the plan that AI is transforming the meaning of cybersecurity and we must keep pace.
“The EU has strong foundations in place to adapt its response in the face of vulnerabilities that emerging tech brings with it. We must harness and focus existing capabilities, networks and the legal framework to fortify the cybersecurity protecting our digital landscape.”
Some of the key actions to look out for in the months ahead, most involving ENISA as the EU’s cybersecurity agency, include the establishment of an evaluation capacity for AI models, development of a testing platform for AI with advanced cyber capabilities for cybersecurity use cases and a grand challenge to help scale European AI-powered cybersecurity solutions.
There also is an intent to aim to make available access to the AI factories’ compute capacity to test, train and deploy available advanced and frontier AI models for cyber resilience and to develop training modules for cybersecurity professionals on the use of AI for cybersecurity.
With the action plan going into implementation, cybersecurity continues to evolve with the next major step the transition to post quantum cryptography to address the threats posed by quantum computing.
Watch this space for further insight as the first steps are now getting under way.
Related tags
Latest content
Kadri Simson: “We surprised the world with how strong Europe is”
The energy crisis triggered by Russia's invasion of Ukraine forced Europe to take decisions in months that would normally have taken years. At the centre of that response was Kadri Simson, European Commissioner for Energy from 2019 to 2024.
- Areti Ntaradimou
- 16/06/2026









