#What did the UK Government Cyber Coordination Centre achieve?
The UK Government Cyber Coordination Centre, often referred to as GC3, recently conducted a series of weekly hackathons. This intensive effort led to the discovery of 407 security vulnerabilities within public code repositories from nine government departments. Importantly, this initiative cost around £13,000, which is approximately $16,000 in AI tokens.
Each critical vulnerability found has been addressed, and there is no indication that any had been previously exploited.
#How did the hackathon function?
The GC3 operates as a partnership between the National Cyber Security Centre and the Department for Science, Innovation and Technology. The hackathons were held weekly in person and included contributions from the AI Safety Institute.
Teams utilized advanced artificial intelligence models such as Anthropic’s Claude Mythos and OpenAI’s GPT-5.5. They complemented these powerful AI tools with traditional scanning methods and human oversight.
Among the vulnerabilities identified were issues that could lead to authentication bypass, unauthorized data exposure, and the potential for remote code execution.
The initiative highlighted an important insight: the architecture of design and multi-stage pipelines significantly impacted outcomes, surpassing the choice of specific AI models. A structured approach that integrated automated scanning and expert human review served as the key differentiator in effectively addressing security risks.
The reported £13,000 expense strictly covers the AI token usage, not including personnel or infrastructural costs.
#Why does this matter beyond Whitehall?
The case study released on GOV.UK in mid-June of 2026 emphasized the significance of securing publicly available government code repositories. An upcoming phase focusing on closed-source code vulnerabilities is already anticipated.
Moreover, the National Cyber Security Centre has provided guidance to tackle new risks introduced by AI in cybersecurity. This aims to balance the promotion of open-source coding practices with the security concerns of making code publicly available.
#What does this mean for cybersecurity and investment?
The findings confirm a crucial thesis regarding the role of AI in cybersecurity. Rather than replacing human expertise, AI should be viewed as a tool that enhances it. The success of the hackathon was not about allowing AI models to operate without supervision but rather about leveraging AI scanning combined with structured human review processes within well-designed pipelines.
For investors monitoring the cybersecurity landscape, one critical metric to watch will be the upcoming closed-source phase. While scanning public repositories is a meaningful task, identifying vulnerabilities in proprietary systems presents a more challenging obstacle, as the code in these systems remains private and available only to limited parties.