Imagine sitting down for your lunch break in London and opening your BBC news feed to the following announcement:

Breaking: Queues are forming outside cash machines across the UK this afternoon as banking apps slow and fail amid mounting reports that major financial institutions are on the brink of collapse. Several banks have restricted transfers, and the Treasury is engaged in emergency talks as markets crash. It is unclear what sparked the panic, but BBC investigators warn that false information and deepfake reporting are surging online.

Sure enough, you cannot access your bank records. Customer service lines are down. Your family WhatsApp is blowing up, and it is unclear what information can be trusted. Stocks tank and, by the end of the day, the national financial system is spiraling toward collapse.

This scenario is not real. But neither is it harmless fiction.

It is one of several hypothetical crisis futures developed by experts in workshops convened by Demos and the Center for Emerging Technology and Security (CETaS). The aim was to interrogate growing vulnerabilities in the systems we rely on to communicate and stay informed. The resulting report, “Epistemic Security for Crisis Resilience,” frames this challenge as one of epistemic security — the protection of information ecosystems, supply chains, and infrastructure — and argues it is fast becoming a core determinant of crisis resilience.

Epistemic systems are not abstract philosophical constructs. They are the everyday processes through which information is produced, mediated, and consumed — from journalism and scientific research to digital platforms and messaging apps. When these systems are robust, they support collective decision-making under pressure. When they fail, crises do not merely become harder to manage; they accelerate and spiral.

During emergencies, information functions as critical infrastructure. Citizens depend on timely, credible, decision-relevant information to decide whether to withdraw cash, evacuate, trust official guidance, or stay put. When information supply chains falter, trust erodes and panic fills the gaps.

The UK has already seen what this looks like, as have other nations. In the lead-up to the 2024 Southport riots, for instance, delayed official reporting of an isolated act of violence left a news vacuum. Speculation and falsehoods filled the void. Fabricated stories about the perpetrator’s identity spread rapidly on social media, fueling xenophobia and incitements to violence against Muslim and migrant communities, culminating in a summer of unrest.

Hypothetical crises with real-world grounding

In September 2025, Demos and CETaS convened 30 experts from industry, academia, and government to develop and analyze four hypothetical crisis scenarios. Using systems-mapping methodologies commonly employed in national security settings, participants explored how epistemic failures could trigger or escalate crises, and where intervention might be most effective. Similar approaches by the authors have previously been predictive, anticipated communication failures during COVID-19 and dynamics resembling the Southport riots.

Alongside the financial crash scenario, participants developed three further crises. One examined how a far-right chemical attack could be followed by deepfakes and coordinated disinformation falsely blaming a minority community, triggering retaliatory violence and undermining trust in authorities. Another imagined an AI-driven breakdown of the legal system, where corrupted digital records and unverifiable evidence erode accountability. A third explored how a foreign tech superpower might weaponise control over digital infrastructure, turning technological dependence into geopolitical leverage that cripples essential services.

These crisis scenarios are not speculative fantasies. Each is constructed from real-world trends identified in the report: advances in generative AI, platform dependence, institutional fragility, declining trust, and intensifying geopolitical competition.

What makes the scenarios unsettling is their plausibility.

Consider the financial crash scenario. In our hypothetical crisis, hostile state actors degrade public confidence in UK financial institutions through exaggerated but plausibly grounded reporting, troll‑driven narratives, and targeted disinformation rolled out over time. Small‑scale but real thefts from bank accounts are then uncovered and reframed as evidence of a cover‑up, collapsing trust in official reassurances. Panic spreads quickly through social media, messaging apps, and deepfaked interventions by trusted financial figures. Digital banking infrastructure buckles under the surge in withdrawals and transfers. A single bank’s need for emergency Treasury support becomes confirmation of collapse.

Each step in this sequence is grounded in real‑world conditions and precedents. Hostile information operations targeting the UK are already persistent. Financial disinformation has also triggered bank runs before: in 2019, false but plausibly framed rumours about Metro Bank’s stability circulated on WhatsApp, prompting withdrawals despite the bank remaining solvent. As in the scenario, the rumors drew credibility from a grain of truth (a falling share price) illustrating how partial accuracy can be enough to spark panic.

The broader context further lowers the threshold for crisis. Cost-of-living pressures are widespread, and only 43% of Britons believe the government is trustworthy. This creates fertile ground for narratives alleging corruption, regulatory capture, or concealed instability. AI-enabled manipulation compounds these pressures. Deepfakes have already been used in financial scams, including fabricated videos impersonating trusted figures, such as Martin Lewis, prompting one person to invest £76,000 into a nonexsistent investment fund. In the hypothetical scenario, similar techniques are repurposed at scale to amplify fear and nudge behavior.

The technological failure points are equally familiar. UK banks face persistent cyber threats, rely on legacy IT systems, and depend on complex digital infrastructure prone to disruption. Small breaches and outages are technically plausible and difficult to detect, and past IT failures have already eroded public confidence. Meanwhile, AI is becoming increasingly useful in cyber attacks, with AI agents outperforming highly skilled hackers.

If this scenario has not yet materialized, it is not because it is unrealistic, but because the right combination of factors has not yet aligned. Its plausibility underscores the urgency of strengthening the epistemic systems on which crisis resilience depends.

A hydra’s nest of threats and vulnerabilities

So what do we do about the mounting vulnerability to crises? First, we diagnose the challenge.

The crisis scenarios served as scaffolding for analysis. Each was mapped in detail, capturing the interactions between citizens, malicious actors, governments, platforms, and service providers, alongside the technological, social, and political factors shaping their behavior.

This systems analysis exposed a hydra’s nest of interconnected risks: mass digitization, platform dependence, foreign information operations, cyber insecurity, AI-enabled manipulation, and the erosion of local news ecosystems. Taken together, these pressures create a fragile information ecosystem in which crises are triggered more easily and escalate more quickly, and in which crisis response is increasingly difficult to coordinate, thwarted by intensifying division and distrust.

When experts layered interventions onto the systems maps, one conclusion was immediate: there are no silver bullets.

Bolstering epistemic security is an urgent security matter for all nations. But focusing on narrow or symbolic fixes like pulling government communications off X (however satisfying that may feel) must not distract from the harder work of tackling the more complex and systemic vulnerabilities. In an environment suffering death by a thousand cuts, resilience requires sustained, coordinated action across multiple fronts.

Seven priority intervention areas

Despite the complexity, epistemic insecurity is not intractable. A commons set of seven cross-cutting intervention areas emerged in all four scenarios that should be the focus of government attention:

1. Revitalizing local and regional news ecosystems, which anchor trust and shared understanding during crises.
2. Media and information literacy, equipping citizens to navigate contested information environments.
3. Content and data provenance, including digital signatures and watermarking to verify authenticity.
4. Cybersecurity and digital infrastructure, protecting systems that store, transmit, and mediate information.
5. AI risk management, addressing how advanced systems can distort knowledge production at scale.
6. Crisis protocols for online platforms, clarifying responsibilities when information threats escalate.
7. Government and regulatory preparedness, updating civil contingency planning to account for epistemic risks, not just physical ones.

These seven intervention areas are important leverage points for strengthening crisis resilience. They offer policymakers a roadmap for allocating limited resources, and they shift the focus from reactive firefighting to structural preparedness. The “Epistemic Security for Crisis Resilience” report provides more granular recommendations for action across each.

We in no way mean to say that tackling any one of these areas is simple. Each is a massive undertaking demanding sustained effort, cross-sector coordination, and often new policy and regulation. But together, these seven areas do make our epistemic crisis tractable; they tell us where to start.

The opening bank-run story is not real (yet). But the vulnerabilities it exposes are already with us. If we want to prevent tomorrow’s crises from spiraling out of control, we must recognize epistemic systems as critical infrastructure and act now to strengthen them.