The United Kingdom has introduced a service intended to alert organisations when their internet-facing systems contain identifiable security weaknesses. The service known as the Proactive Notification Service is operated by the National Cyber Security Centre in cooperation with Netcraft. It uses publicly available information and external scanning to identify outdated software, misconfigurations or other vulnerabilities that can be observed without accessing internal networks. When a weakness is detected, the service issues an email notification to contacts registered for the affected domain or IP address.
The notifications advise organisations about the nature of the issue and include recommended actions such as applying updates or adjusting configurations. Officials stated that messages are sent from a verified Netcraft address, contain no attachments and do not request passwords, payment or personal data. The aim is to provide clear and low-risk communication while avoiding characteristics associated with phishing attempts. The service is voluntary and does not replace an organisation’s responsibility to maintain its own security.
The current phase of the initiative is a pilot focused on domains and IP ranges linked to Autonomous System Numbers based in the UK. Authorities intend to measure whether external notifications can reduce the number of exposed vulnerabilities across a broad group of organisations. They said that the service may help businesses that lack dedicated security teams by providing early warnings about issues that might otherwise go unnoticed.
Security analysts have noted that the service has limitations because it only identifies weaknesses visible from the internet. Vulnerabilities confined to internal networks or to systems behind access controls cannot be detected by this method. As a result, organisations are advised to continue running internal reviews and maintain regular patching schedules. Investigators also recommend complementing the notifications with existing services such as the National Cyber Security Centre Early Warning system, which alerts organisations to signs of scanning or compromise.
The launch of the service reflects growing concern about the impact of unpatched software and misconfigured devices on national cyber resilience. Officials said that many successful attacks begin with the exploitation of publicly known vulnerabilities and that providing timely alerts may reduce exposure. They emphasised that the service is intended to support rather than replace established security practices and that organisations should maintain active monitoring and incident response procedures to address threats that cannot be identified through external scanning.