Reader

From the Editor

Welcome to the fourth issue of Signals & Soapboxes. Every week covers a signal shaping our future, a candid opinion, a risk on the horizon and a question you should be asking. Short, sharp and straight to the point.

Kerry Knight Chart.PR

📡 The Signal

On 15 April 2026 (updated 22 April), two Cabinet ministers published an open letter to UK business leaders following fundamental changes to the cyber threat landscape. Signed by the Secretary of State for Science, Innovation and Technology and the Security Minister, the letter is a direct warning: AI models can now find software vulnerabilities, write exploit code and do so "at a speed and scale that would have been impossible even a year ago".

The trigger was Anthropic's Mythos model (covered in Issue 002); assessed by DSIT's AI Security Institute (AISI) as substantially more capable at cyber offence than any model previously evaluated. AISI now estimates the frontier model capabilities are doubling every four months. against every eight months previously. That's harrowing.

The letter is clear-cut:

Criminals will not just target government systems and critical infrastructure. They will target ordinary companies, of every size, in every sector. Attackers go where defences are weakest.

That framing sits uncomfortably alongside separate research from Economist Impact, published the same week, which found across global organisations, nearly half have digital resilience responsibility sitting within a single function. Only 12% have any direct insight into their suppliers' resilience. Fewer than one in four say their response to disruption goes to plan.

Digital resilience is no longer about preventing disruption. It is about keeping the business running when disruption occurs.

The UK government is telling its business leaders what the threat looks like; the research suggests, globally, most organisations aren't structurally ready to respond to it.

Sources:

PR Newswire: Organisations in the US, UK and Germany unprepared for large-scale digital disruption, new study finds
Telstra International: Resilience by design: Building connected ecosystems for the age of disruption.
UK Government, Department for Science, Innovation and Technology: AI cyber threats: open letter to business leaders

🎙️ The Soapbox

Cyber risk has been on board agendas for years. The warnings have been there; guidance has too. None of this is new information.

What's notable is two Cabinet ministers jointly penning an open letter to every UK business leader, eight days after Claude Mythos Preview was announced. Eight days. That's a signal if there ever was one.

In Issue 003, I wrote about risks that arrive gradually. The ones organisations see coming and still fail to prepare for. This one is different. The speed and scale of AI capability means risks will materialise faster than organisations are used to moving. AI capabilities in cyber threats are estimated as doubling every four months. If a board only meets four times a year, that timeframe feels deeply uncomfortable.

AI-powered cyber risks won't wait for the next board meeting.

This open letter isn't one to be ignored. It's a call to arms. It also signals that the road for kicking things down is running out, and fast. Boards need to take stock now, build accountability structures now, and test their resilience now. Not next quarter. Not next month. Now.

Do you have a soapbox you stand on? Or an opinion worth airing? The soapbox is open to contributors. Get in touch: soapbox@kerrybknight.co.uk

🎭 The Deepfake Brief

In March 2026, the National Republican Senatorial Committee published an AI-generated video of Democratic Senate candidate James Talarico appearing to read from his own old tweets for over a minute. CNN called it the first political deepfake where a candidate is realistically recreated for an entire clip, and quoted Hany Farid, University of California, Berkeley professor specialising in digital forensics:

This is hyper-realistic and I don't think that most people would immediately know it is fake.

An AI generated disclosure appeared in near-illegible text for approximately three seconds.

The same month, synthetic videos purportedly showing Iranian missiles striking Tel Aviv went viral on X. Millions shared them as real. When users asked Grok, X's own AI chatbot to verify the footage, it confirmed them as authentic. Later, it gave conflicting answers: telling some users it was real, others that it was AI-generated. The video continued to circulate regardless.

Turns out, neither people nor AI can reliably detect deepfakes. From August 2026, EU AI Act Article 50 requires labelling of AI-generated content. At federal level in the US, no legislation exists prohibiting deepfakes in political campaigns. The label applies to creators. By the time content has circulated, it's already done its work.

This risk extends well beyond politics. Any brand, senior leader or institution can be impersonated. Most have no protocol for it. If a deepfake of your CEO circulated today, what would you do?

Sources:

CNN: Republicans release AI deepfake of James Talarico as phony videos proliferate in midterm races
CBS News: Fact check: Grok tells users fake Tel Aviv video is real
EU Artificial Intelligence Act: Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems
RoboRhythms: AI Deepfakes Are Official Campaign Strategy. The 2026 Midterms Proved It.

🤔 The Question

When it matters, can your board move at speed?

Signals & Soapbox Editor

Kerry is a Chartered PR Practitioner specialising in crisis preparedness, reputation management and AI governance.

As a strategic communications advisor, her day-to-day work focuses on translating complex or contested subject matter into clear, credible positioning that strengthens decision-making. She has advised on public scrutiny, misinformation, employee disputes and complex reputation challenges, providing the insight leaders need to maintain clear, defensible positions under pressure.