Five Eyes warn of devastating AI hacks
Intelligence agencies making up the Five Eyes have given a rare public warning in a joint statement that Artificial Intelligence (AI) models capable of devastating attacks on governments and businesses are only months away.
They have warned that business leaders should be prepared. “Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility,” the statement said.
The intelligence agencies, such as GCHQ in the UK, along with Australia, the US, New Zealand and Canada, have warned that it should be assumed that malicious actors will soon have access to engineered and supercharged hacking tools designed by already-existing AI models and businesses must prepare for ‘an onslaught’ of sophisticated attacks.
The warning came a week after the US government ordered Anthropic to block access by foreign nationals to its most sophisticated AI models, labelling their export a security risk but also putting allies on the back foot.
The statement added that while AI would help improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats.
The Five Eyes is an intelligence alliance set up between the five countries after the Second World War.
The full statement can be found at https://www.ncsc.gov.uk/news/the-ai-shift-in-cyber-risk-why-leaders-must-act-now
Further AI troubles
Two other recent news stories may give businesses pause for thought in their plans for an AI rollout.
21,000 lose jobs
Buried in its annual report, software giant Oracle has admitted that it has made 13% of its global workforce redundant, or 21,000 jobs, last year through the implementation of AI systems.
Oracle told investors that the, “… deployment of AI technologies across our operations has resulted, and may continue to result, in reductions to our workforce”.
The company is one of the few to explicitly link headcount cuts to automation rather than corporate euphemisms such as ‘streamlining’.
The database group, which was founded by Larry Ellison, has set aside additional cash to cover ‘restructuring’ costs. The firm said the cuts have led to about £1.36 billion in severance payments and other restructuring costs in the past year, up from the £284 million restructuring bill in the previous financial year.
Meta can’t control AI
Two months into a trial that tracks its employees’ computer keystrokes and mouse movements using AI, Meta has had to switch the system off. Its Model Capability Initiative (MCI) was discovered to be leaking sensitive company and personnel data to anyone on the system.
According to Meta, the system was designed to gather data on how people use computers and train AI models.
The company had ignored staff concerns about privacy issues and a petition signed by over 2,000 Meta employees but has now suspended its use after realising data collected had been left potentially accessible to anyone inside the company.
Warning to UK companies using Fortinet products
Fortinet firewalls and VPN gateways have been targeted as part of a global campaign, with some indications that UK companies were affected, the National Cyber Security Centre (NCSC) have warned.
A database of credentials has been leaked by a threat actor following brute-force, dictionary and credential stuffing attempts against internet-facing FortiGate and VPN portals. Credential stuffing is a method where attackers use passwords stolen from one web service to try to access accounts on other services, taking advantage of any reuse of username and password combinations.
What actions should be taken?
UK organisations using Fortinet edge devices with SSL VPN enabled should investigate potentially malicious activity on the device and monitor their network for unusual activity.
Fortinet has published a blog post providing guidance and an analysis. https://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devices
The NCSC has also published nine steps to check your systems, and they can be found here: https://www.ncsc.gov.uk/news/advice-following-global-targeting-of-fortinet-firewalls-and-vpn-gateways
How an employer can use non-disclosure agreements
Employers may worry about the use of Non-Disclosure Agreements (NDA) following a series of press stories that have highlighted the abuse of the system.
The agreement does have a place for businesses, according to the Advisory, Conciliation and Arbitration Service (ACAS). Companies can ask employees to sign an NDA as a condition of employment to protect legitimate business interests.
The agreement becomes legally void if the company attempts to cover up workplace harassment, discrimination or certain criminal activities.
When NDAs are used
NDAs are generally used when someone starts a new job, to protect a company’s confidential information or when their job is coming to an end, perhaps after a dispute, to keep the details confidential.
A non-disclosure agreement is legally binding and enforceable. Should one party not keep to the agreement’s terms, the other party can take them to court for breach of contract.
Compensation could be awarded.
Settlement agreements usually fall under the definition of an NDA and may be applied after resolving a dispute at work, even if the employee remains in their job. In these cases, the agreed financial settlements, the terms or the circumstances leading to the settlement remain confidential.
When NDAs fail
Many NDAs are neither legally binding nor enforceable. For example, a whistleblower, someone who reports wrongdoing at work that affects others, including the public, is exempt. It is known as ‘making a disclosure in the public interest’.
Similarly, reporting a crime to the police or sharing information of a crime along with discussing their pay with anyone at work for reasons relating to equal pay, will not fall under an NDA agreement.
The ACAS guidelines can be found at www.acas.org.uk/non-disclosure-agreements
Business leaders want government to prioritise EU relationships
As the tenth anniversary of the Brexit vote passes, the Institute of Directors (IoD) has published research revealing a shift in business sentiment towards the European Union.
The IoD report found that 52% of business leaders believe the government should make the EU its top trading priority, considerably higher than the 35% reported in April 2025.
Although the UK-EU Summit slated to redraw post-Brexit relations was scheduled for 22 July, António Costa, the European Council president, said it would be shelved to allow the EU to work with the UK prime minister’s ‘successor’.
The IoD views the change in support as an underlying and growing recognition of the EU’s importance to UK business.
This sharply contrasted with opinions on other trading partners, primarily the US, with support for prioritising the US falling to 2% of business leaders identifying it as the top priority, compared to 10% last year.
Sixty-three per cent of respondents backed the government’s approach to pursuing closer regulatory alignment, with 48% expressing strong support for alignment. A quarter of respondents were strongly opposed to close alignment.
Although 64% of business leaders believed that a closer alignment to EU legislation would have a positive effect on the UK economy, three-quarters also agreed that it was important that the UK retained its sovereignty to shape its own regulations.
Look twice to spot bad tax advice
HMRC’s ‘Don’t get caught out’ campaign encourages contractors working through umbrella companies to take a closer look at their circumstances and watch out for tax avoidance.
Contractors can use HMRC’s online guidance and tools to learn about tax avoidance, to understand how they are paid and how to check if the right amount of tax is being paid to avoid an unexpected tax bill later.
There are real-life stories of people caught out by tax avoidance in a short explainer YouTube video on how umbrella companies work.
Contractors can also review HMRC’s list of published named tax avoidance schemes and their promoters here at the Rossmartin tax site. This is not an exhaustive list, as some operators are yet to be identified by HMRC.
HMRC never approve such schemes, even if promoters say otherwise or promote them by saying they have been found compliant by barristers.
If you have concerns that you may have been caught out, please give us a call. We would be happy to help you.
Inexpensive TV advertising available for SMEs
Comcast’s Universal Ads has launched in the UK in partnership with Channel 4, ITV and Sky. It is a self-service platform that opens TV advertising up to Small to Medium-Sized (SMEs) businesses at a more affordable cost.
Based on social media advertising, an SME can plan, buy and measure a single campaign across the three broadcasters from one interface. It strips out the need for advertising agencies and the complexities of TV advertising, which has long been dominated by multinationals.
Comcast’s pitch is simple: select a budget, choose your audience, upload the creative and go live in minutes rather than weeks.
Rak Patel, Chief Commercial Officer at Channel 4, said, “Lowering the barriers to premium media can be a game changer for smaller brands… Greater collaboration across broadcasters can simplify TV buys for advertisers, attract new categories and brands into TV, and help ensure premium TV remains innovative and competitive alongside global social and digital platforms.”
The system has been available to US advertisers for more than a year and is aimed at companies that have found TV advertising out of reach.
For more information on the system, visit https://www.universalads.com/uk
Upcoming deadlines for SME reporting to HMRC
PAYE Settlement Agreement
The deadline for applying for a PAYE Settlement Agreement (PSA) or making any amendments to an existing PSA is 5 July following the first tax year to which it applies. PSAs are an agreement between an employer and HMRC.
For example, for the tax year 2025-26, you will have until 5 July to apply for your PSA.
Expenses and benefits
P11D and P11D(b) filing and payment deadlines for those employers who do not payroll expenses and benefits is close. The deadline for reporting P11D(b) Class 1A National Insurance Contributions (NICs), P11D expenses and Benefits In Kind (BIK) provided in the 2025-26 tax year, is 6 July 2026.
Payment must reach HMRC by 19 July 2026 if paying by cheque, or 22 July 2026 if paying electronically.
Reminder: file monthly CIS returns or face late-filing penalties
From April 2026, CIS contractors are legally obliged to file a CIS return every month, including nil returns in months where they have not used a subcontractor.
Voluntary NICs abroad
In the 2025 Budget, the government announced changes to voluntary NICs abroad. From 6 April 2026, for tax years 2026-27 onwards, the option to pay voluntary Class 2 NICs for periods abroad has been removed.
New applications to pay voluntary Class 3 NICs for periods abroad will only be accepted where the individual has either 10 years’ continuous UK residency or has paid at least 10 years of NICs.
If you need any help with tax or payroll issues, please give us a call. We would be happy to help you.
Disclaimer Notice
The information contained in this article is for general information purposes only and does not constitute advice, Whilst we endeavour to keep the information up-to-date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability for a particular purpose. We recommend that professional advise should be taken from a suitably qualified expert before undertaking any action
