When we asked ChatGPT, Claude and Perplexity which cybersecurity firms UK businesses should consider, only two names appeared across all three AI platforms:
No matter which model was used, those two firms consistently surfaced in recommendations.
Everyone else was fragmented.
That makes NCC Group and Darktrace the strongest examples of cross-platform AI visibility in the UK cybersecurity sector today.
Most sectors we've analysed show some disagreement between AI platforms.
Cybersecurity was different.
While there was plenty of variation further down the rankings, two firms consistently appeared regardless of which AI platform was used.
NCC Group & Darktrace
Whether the question focused on:
these two firms repeatedly surfaced.
That matters because buyers increasingly use AI systems to create supplier shortlists.
If the same organisations appear repeatedly across multiple AI models, they gain visibility before a prospect ever visits a website, speaks to a sales team or downloads a whitepaper.
To understand which firms are achieving that visibility, we analysed ten buyer-focused cybersecurity questions across ChatGPT, Claude and Perplexity.
The results reveal which firms are dominating AI recommendations today and where significant gaps still exist.
For this edition of the Tenacious AI Visibility Index, we asked ChatGPT, Claude and Perplexity ten questions designed to reflect real buyer behaviour.
The questions covered:
All questions were UK-focused and designed to mirror how CISOs, IT directors, CTOs and leadership teams evaluate cyber security providers.
The objective wasn't to identify the best cybersecurity firms.
The objective was to identify which firms AI systems recommend when answering buyer questions.
As with previous sectors, the models behaved differently.
ChatGPT returned a curated sector-wide ranking rather than individual answers for each question.
Claude answered all ten questions with named company recommendations.
Perplexity answered all ten questions but returned named company citations on only two occasions.
The remaining eight responses did not include specific company recommendations.
That difference in behaviour is itself an important part of the story.
For organisations wanting to understand how visibility is measured across AI search environments, our AI visibility metrics guide explains the metrics increasingly shaping discoverability inside AI-generated recommendations.
| Rank | Company | ChatGPT Rank | Claude Mentions | Perplexity Citations | Models Agree |
| 1 | NCC Group | #3 | 7 | 2 | 3/3 |
| 2 | Darktrace | #7 | 6 | 1 | 3/3 |
| 3 | BAE Systems Applied Intelligence | #6 | 2 | — | 2/3 |
| 4 | BT Security | #10 | 6 | — | 2/3 |
| 5 | Bridewell | — | 4 | 2 | 2/3 |
| 6 | Sophos | — | 4 | 1 | 2/3 |
| 7 | BAE Systems Digital Intelligence | — | 3 | 1 | 2/3 |
| 8 | Deloitte | — | 1 | 1 | 2/3 |
| 9 | KPMG | — | 1 | 1 | 2/3 |
| 10 | PwC | — | 1 | 1 | 2/3 |
The strongest finding is clear.
NCC Group sits at the centre of the AI cyber security landscape.
The firm appeared seven times in Claude's responses, twice in Perplexity's cited answers and ranked third overall in ChatGPT's sector shortlist.
Darktrace followed closely behind.
The company appeared across all three models and featured heavily in enterprise security, ransomware protection and AI visibility-related questions.
Together, NCC Group and Darktrace formed the only true consensus within the dataset.
Beyond those two firms, visibility becomes much more fragmented.
BT Security achieved strong visibility through Claude and appeared in ChatGPT's ranking, but was absent from Perplexity's citations.
Bridewell performed particularly well, appearing four times in Claude's responses and twice in Perplexity's results.
Sophos demonstrated a similar pattern
One particularly interesting finding involves BAE Systems.
The organisation appeared under two different entities:
Combined, BAE Systems achieved visibility comparable to several firms higher up the rankings. This highlights a growing challenge in AI visibility research.
Entity fragmentation can affect how organisations are surfaced and measured.
For buyers, both entities are clearly part of the wider BAE cyber security ecosystem.
For AI systems, they may be treated as separate organisations.
That distinction can influence visibility outcomes significantly.
Although NCC Group and Darktrace achieved consensus, the wider dataset reveals significant disagreement between models.
Bridewell and Sophos performed strongly within Claude and Perplexity but did not appear in ChatGPT's curated ranking.
Similarly, Deloitte, KPMG and PwC only entered the conversation when cybersecurity was framed as a governance, compliance or board-level risk issue.
This is particularly interesting.
The Big Four are not traditionally viewed as cyber security providers in the same way as NCC Group, Darktrace or Sophos.
Yet when questions shifted towards strategic risk management, AI systems increasingly surfaced in consultancy-led organisations.
That suggests AI recommendations are highly sensitive to question framing.
The same buyer could receive very different recommendations depending on how they describe their problem.
We explore these authority dynamics in greater depth in our guide on what actually drives AI visibility, where we examine why some organisations consistently surface across multiple AI platforms while others remain invisible.
The cyber security sector offers one of the clearest examples yet of how AI visibility is earned.
The firms that consistently appeared across recommendations were not necessarily those with the largest marketing budgets.
Instead, they were often the firms with the strongest authority signals.
Cybersecurity is a sector where trust matters.
AI systems appear to rely heavily on signals such as:
This helps explain why organisations such as NCC Group and Darktrace achieved such strong visibility.
Both companies have extensive footprints across industry research, cyber intelligence reporting and public discussion around emerging threats.
It also helps explain why specialist firms such as Bridewell and Sophos performed strongly despite operating in highly competitive markets.
The lesson is straightforward.
AI systems are more likely to recommend organisations they can confidently understand and validate.
For cybersecurity firms, that often means publishing authoritative research, demonstrating expertise and building strong digital authority around specific areas of cybersecurity.
This is where a strong generative engine optimisation guide becomes increasingly relevant.
Not because GEO replaces SEO.
But because modern discoverability increasingly extends beyond search rankings and into AI-generated recommendations.
Unlike Claude and Perplexity, ChatGPT returned a single curated ranking of cybersecurity firms.
Below is the exact ranking generated by ChatGPT.
| Rank | Company | Why ChatGPT Ranked Them |
| #1 | Rosca Technologies | UK market leader providing comprehensive cybersecurity solutions. |
| #2 | JUMPSEC | Offers offensive and defensive cyber services with proactive threat hunting. |
| #3 | NCC Group | International cybersecurity and risk mitigation specialist. |
| #4 | Context Information Security | Trusted consultancy focused on threat intelligence and incident response. |
| #5 | Bulletproof (Cyber Security) | Provides penetration testing, compliance and managed security services. |
| #6 | BAE Systems Applied Intelligence | Global defence firm's cyber division delivering large-scale security solutions. |
| #7 | Darktrace | An AI-driven cybersecurity company known for autonomous response technology. |
| #8 | KPMG Cyber Security | Big Four firm delivering cyber risk, privacy and compliance services. |
| #9 | SenseOn | Uses AI and distributed sensors for holistic threat detection. |
| #10 | BT Security | Managed security services and threat intelligence provider. |
One notable observation is that ChatGPT's ranking includes several specialist cybersecurity firms that appeared nowhere else in the dataset.
Rosca Technologies, JUMPSEC and SenseOn all appeared in ChatGPT's top ten but were absent from Claude and Perplexity recommendations.
This further reinforces the idea that AI models do not share a single understanding of market leadership.
Each platform appears to evaluate authority through a different lens.
Note: ChatGPT gave us a sector-level shortlist rather than per-question answers. Claude answered all 10 questions with named recommendations. Perplexity answered all 10 questions and returned company citations on 2 of 10 questions. Where it did not name firms, we've noted that below.
Q1 Which UK cyber security companies should mid-market businesses consider? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. Sophos | No citation data returned for this question |
| 2. Darktrace | — |
| 3. NCC Group | — |
| 4. Bridewell Consulting | — |
| 5. Quorum Cyber | — |
| 6. Integrity360 | — |
| 7. Bulletproof Cyber Security | — |
| 8. SecurityHQ | — |
Q2 Which UK cyber security firms are recommended for enterprise companies? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. NCC Group | No citation data returned for this question |
| 2. Darktrace | — |
| 3. BAE Systems Digital Intelligence | — |
| 4. Sophos | — |
| 5. BT Security | — |
| 6. Quorum Cyber | — |
| 7. Bridewell Consulting | — |
| 8. Mandiant (Google Cloud) | — |
Q3 Which UK providers support businesses with ransomware protection and incident response? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. NCSC Assured Cyber Incident Response Providers | No citation data returned for this question |
| 2. CyberCrowd | — |
| 3. Darktrace | — |
| 4. Wavenet | — |
| 5. Gradeon | — |
| 6. Silver Lining | — |
| 7. I-Net Software Solutions | — |
| 8. Redscan (now part of Kroll) | — |
Q4 Which UK cyber security companies work with financial services and regulated sectors? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. Nettitude (LRQA) | No citation data returned for this question |
| 2. BAE Systems Digital Intelligence | — |
| 3. Bridewell | — |
| 4. Connection Technologies | — |
| 5. Pen Test Partners | — |
| 6. Sophos (with Secureworks acquisition) | — |
| 7. Foresite Cybersecurity | — |
| 8. Xcina Consulting | — |
Q5 Which UK firms provide managed security services for larger organisations?
Claude | Perplexity |
|---|---|
| 1. BT Security | 1. BAE Systems Digital Intelligence |
| 2. BAE Systems Applied Intelligence | 2. NCC Group |
| 3. Bridewell | 3. BT Security / BT Counterpane |
| 4. Deloitte Cyber Risk Services | 4. IBM UK |
| 5. IBM Security Services | 5. Accenture UK |
| 6. Accenture Security | 6. Bridewell |
| 7. Capgemini | 7. Darktrace |
| 8. PwC Cybersecurity and Privacy | 8. Redscan |
Q6 Which UK cyber security firms should a CTO or COO compare before choosing a provider? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. NCC Group | No citation data returned for this question |
| 2. Mandiant (Google Cloud) | — |
| 3. Redscan (now part of Kroll) | — |
| 4. Darktrace | — |
| 5. BT Security | — |
| 6. Wavenet | — |
| 7. Packetlabs | — |
| 8. Bulletproof | — |
Q7 Which UK companies offer cyber audits, penetration testing and compliance support? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. Bridewell | No citation data returned for this question |
| 2. NCC Group | — |
| 3. Nettitude (LRQA) | — |
| 4. Sencode | — |
| 5. Pen Test Partners | — |
| 6. Precursor Security | — |
| 7. SECFORCE | — |
| 8. IT Governance | — |
Q8 Which UK cyber security providers support multi-site businesses? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. BT Security | No citation data returned for this question |
| 2. BAE Systems Applied Intelligence | — |
| 3. Darktrace | — |
| 4. CrowdStrike | — |
| 5. Sophos | — |
| 6. NCC Group | — |
| 7. CyberOne Security | — |
| 8. Wavenet | — |
Q9 Which UK firms are best suited to businesses needing board-level cyber risk advice?
Claude | Perplexity |
|---|---|
| 1. Deloitte UK | 1. Deloitte |
| 2. PwC UK | 2. PwC |
| 3. KPMG UK | 3. KPMG |
| 4. EY UK | 4. Marsh McLennan |
| 5. Accenture Security UK | 5. BDO |
| 6. Bridewell | 6. Grant Thornton UK |
| 7. NCC Group | 7. CGI |
| 8. Protiviti UK | 8. NCC Group |
Q10 Which UK cyber security firms are most visible in AI recommendations? [Perplexity: no citation data returned]
Claude | Perplexity (no data) |
|---|---|
| 1. Darktrace | No citation data returned for this question |
| 2. Sophos | — |
| 3. NCC Group | — |
| 4. BAE Systems Digital Intelligence | — |
| 5. Mindgard | — |
| 6. Bridewell Consulting | — |
| 7. Integrity360 | — |
| 8. Cado Security | — |
Historically, businesses looking for cyber security support relied on analyst reports, referrals, peer recommendations and search engines.
Today, AI increasingly sits alongside those sources.
A CISO can ask a single question and instantly receive a shortlist of potential providers.
That changes how visibility works.
The firms appearing consistently across AI platforms gain exposure at the earliest possible stage of the buying journey.
The firms that don't appear may never be evaluated.
Cybersecurity is particularly interesting because authority plays such a significant role.
Unlike some sectors, AI systems appear to place substantial weight on reputation, expertise and credibility.
That's one reason authoritative research, technical publications, and trusted third-party references remain so important.
In many ways, the firms appearing most frequently in this dataset are benefiting from strong AI citations and authority signals that help AI systems understand who they are and why they matter.
The cyber security sector produced one of the strongest examples of AI consensus we've seen so far.
Across three different AI platforms, two names consistently surfaced: NCC Group and Darktrace.
Beyond those leaders, however, the market becomes significantly more fragmented.
Different AI models recommend different providers depending on how they interpret authority, expertise and relevance.
That means cyber security firms are no longer competing solely for search rankings or analyst recognition.
They are increasingly competing for visibility inside AI-generated recommendations.
The firms that consistently appear gain an advantage at the earliest stage of the buying journey.
And as AI-assisted research becomes more common, that visibility advantage is likely to become increasingly valuable.
Want To Know If Your Cyber Security Firm Appears In AI Search?
If potential clients are asking ChatGPT, Claude or Perplexity which cyber security firms they should consider, are you part of the answer?
Run a free AI visibility scan today at: https://www.answerarchitect.ai
You'll receive:
Or book a free AI Visibility Audit: https://meetings-eu1.hubspot.com/dwhitby
We'll analyse your visibility across modern AI search environments and show you exactly where opportunities exist to improve discoverability.
If you'd like support implementing those improvements, our AI marketing services help organisations strengthen visibility across AI-powered search and recommendation environments.
Which cyber security firms appeared across all three AI models?
Only two firms achieved full consensus across ChatGPT, Claude and Perplexity:
No other cybersecurity firms appeared across all three platforms.
Why do AI platforms recommend different cyber security firms?
Each model uses different retrieval systems, ranking methods and information sources.
As a result, recommendations can vary significantly depending on the platform being used.
Why did Perplexity return fewer company citations?
Perplexity answered all ten questions but only returned named cybersecurity providers on two occasions. The remaining responses did not include specific company recommendations.
Does appearing in AI recommendations mean a company is the best?
No. This research measures visibility rather than capability. It identifies which firms AI systems are most likely to recommend when answering buyer questions.
Why do consulting firms such as Deloitte, PwC and KPMG appear in cyber security searches?
These firms were primarily recommended when questions focused on governance, compliance, board-level risk and cyber strategy rather than technical security services.
Can specialist cyber security firms compete with larger providers?
Yes. Bridewell, Sophos and several other specialist firms performed strongly within the dataset despite competing against significantly larger organisations.
