The House of Lords provided the setting for a focused, high-level roundtable breakfast on Thursday, 20th November 2025. Co-hosted by GovNet and Cisco, the briefing, titled "How Local Authorities are Mastering Agentic AI for Citizen Engagement," addressed the critical dual mandate facing local government's Digital and IT functions: how to accelerate AI-driven efficiency while securing digital infrastructure against sophisticated, AI-generated cyber threats. Attendees, comprising senior leaders from local government digital and IT teams, were guided through this complex landscape by Joseph Pratten, Account Executive, and Mustafa Mustafa, Head of Cybersecurity Solutions Engineering, both from Cisco UK & Ireland. Both speakers stressed that generative AI is now an existential concern for public service delivery, demanding a strategic response that moves well beyond mere pilot projects.
The session quickly established a clear sense of urgency regarding the pace of digital transformation. Joseph Pratten set the scene by referencing the Cisco AI Readiness Index, which revealed that 98% of organisations globally now feel an increased necessity to implement AI strategies compared to the previous year. Crucially, 85% of organisations estimate they have less than 18 months to deploy an effective AI strategy before seeing negative operational effects. For local government, this necessity is directly driving budgetary allocation, with half of all organisations dedicating between 10% and 30% of their spending to AI initiatives focused on solving chronic workload and resourcing pressures through automation.
Joseph detailed how Agentic AI; the term for secure, autonomous digital assistants, is already reshaping citizen engagement. He contrasted the legacy model, where customers are often funneled to human agents for most queries, with a strategic "Northstar" vision. This modern approach is built on proactive citizen journeys, intelligent AI agents, and AI assistants supporting human staff. Pratten cited a powerful example from the Australian care sector, noting that following the deployment of a Webex AI Agent, 60% of routine inquiries were resolved during the first interaction. This immediate resolution rate demonstrates a clear pathway to delivering 24/7 citizen support and, critically for budget holders, a significant reduction in routine workload, freeing up valuable staff time for complex case management.
Yet, Joseph was careful to stress that efficiency cannot overlook accessibility. In the subsequent discussion, he referenced Cisco's extensive user experience (UX) research into neurodiversity and engagement with AI agents. He explained that interactions that proceed too quickly, for instance, an AI agent immediately requesting an account number can be "quite triggering and annoying" for some users. To address this, his team is researching ways for the AI agent to detect potential user distress or to proactively ask, "Do you want me to do this slower?" This focus on human-centric design, even within fully automated systems, is vital for maintaining trust and ensuring inclusive service delivery within local government.
The focus then shifted sharply to the paramount concern of cybersecurity, with Mustafa Mustafa taking the floor. He characterised AI applications as a new risk vector for the public sector, warning that their non-deterministic and complex nature introduces critical vulnerabilities across the technology stack. These risks range from business and reputational harm to data security breaches and supply chain compromises. Mustafa emphasised that the threat landscape is evolving rapidly because generative AI is a dual-use technology. He stated: "Generative AI, the reality is, is going to be used by the attacker, and the good news is it's also going to be used by the defender." The ease with which attackers can now mass-produce sophisticated spear-phishing campaigns, ransomware, and highly targeted malware necessitates a fundamental move beyond reliance on traditional perimeter security. He detailed new attack types that specifically target the AI model, including Prompt Injection, where users manipulate a model’s instructions to reveal sensitive data, and Data Poisoning, which corrupts the underlying training data, thereby introducing malicious behaviour into the AI systems used for public service delivery.
To counter these advanced threats, Mustafa put forward a comprehensive strategy anchored in the Zero Trust Mandate, insisting that security must be embedded into the AI stack right from the foundational layers. He presented Cisco’s AI Defence framework, built on three key pillars: Firstly, AI Model and App Validation, which involves algorithmic AI red teaming to automatically assess vulnerabilities and integrate guardrail enforcement into development workflows. Secondly, Platform Advantage, where security controls are utilised at the network layer to achieve full visibility of AI traffic and enforce consistent policies across cloud and data centre environments. And thirdly, Proprietary Threat Intelligence, leveraging advanced models trained on Cisco Talos data to pre-emptively identify attack patterns specific to AI environments.
Mustafa concluded by reiterating the critical point: due to AI's inherent complexity, local government organisations cannot afford to treat security as a separate add-on. The roll-out of AI for citizen engagement and automation must be inextricably linked to a rigorous governance framework and a Zero Trust methodology. This approach is non-negotiable for securing multi-cloud environments, guaranteeing citizen data privacy, and ensuring the regulatory compliance that is essential for maintaining public trust.
The final takeaway for the local government IT leaders in the room was unambiguous: the era of leisurely AI pilots is over. The technology is maturing rapidly, and the risks are accelerating just as fast. As Joseph demonstrated, the returns in terms of measurable efficiency, reduced staff workload, and vastly improved 24/7 service provision are too significant to ignore. However, as Mustafa’s warnings underlined, this new efficiency must never compromise security. Local Authorities must now adopt a cohesive, holistic strategy where the deployment of every new AI agent is paired with a robust security framework specifically designed to counter AI-enabled cyber threats. Ultimately, the path to hyper-efficiency for local government is paved with governance and resilience.