In a letter to to heads of government ministries, NCSC CEO, Ciaran Martin said that organizations “need to be vigilant to the risk that an [antivirus] product under the control of a hostile actor could extract sensitive data from that network, or indeed cause damage to the network itself.” He went on to specifically call out Russia, noting that the country is a “highly capable cyber threat actor which uses cyber as a tool of statecraft,” and that in instances where government agencies have information that would pose a threat to national security should it be accessed by Russian agents, antivirus products from Russian companies should not be used.