Five Eyes agencies warn AI could enable cyberattacks within months

Five Eyes sounds alarm on AI-enabled cyber threats

Intelligence agencies from the United States, United Kingdom, Canada, Australia, and New Zealand issued a joint warning Monday that artificial intelligence is fundamentally reshaping cybersecurity risks on a timeline measured in months, not years.

The Five Eyes alliance stated that AI is "rapidly transforming" both offensive and defensive capabilities in cybersecurity, calling on global leaders to "act swiftly" to counter malicious actors who are already leveraging the technology.

"AI is not a future consideration — it is already here," the agencies wrote in their joint statement. "While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats."

Why it matters

The warning arrives as governments worldwide grapple with how to regulate advanced AI models that can identify software vulnerabilities at unprecedented speed. The intelligence community's assessment that threats are materializing in months rather than years compresses the timeline for organizations to implement stronger defenses — a challenge particularly acute for small and medium businesses with limited security resources.

Cybersecurity models raise dual-use concerns

The agencies' concerns intensified following the development of specialized AI cybersecurity models. Anthropic's Mythos model, introduced earlier this year, demonstrated the technology's dual-use nature by identifying decades-old vulnerabilities that could help defenders patch systems — or enable attackers to exploit them.

Anthroptic restricted the full release of Mythos, determining it posed too great a risk for public availability. The company maintained the model could benefit governments and infrastructure operators, but acknowledged the same capabilities could empower bad actors.

According to the Five Eyes statement, AI "lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly."

Recommendations for organizations

The intelligence alliance directed its warning at small and medium businesses, large organizations, critical infrastructure operators, and government entities. They urged leaders to:

• Accelerate software patching processes
• Address unsupported legacy systems that cannot receive security updates
• Prepare incident response plans before attacks occur
• Implement "secure-by-design" and "secure-by-default" practices, embedding security into software and systems from creation

U.S. policy response remains contested

The warning comes amid ongoing debate in Washington over AI safety regulation. The Trump administration has emphasized voluntary approaches while attempting to balance security concerns against its commitment to light-touch regulation.

Earlier this month, President Trump signed an order establishing a voluntary testing process allowing AI labs to submit models to the government up to 30 days before release. While the administration stressed testing was optional, critics questioned whether voluntary measures would prove sufficient.

Weeks later, the administration issued a directive that prompted Anthropic to withdraw its newest Fable and Mythos models, triggering significant pushback from the AI policy community over the government's approach to model releases.

The details were first reported by The Hill.