The intelligence agencies of the United States, United Kingdom, Canada, Australia, and New Zealand have issued a joint warning that artificial intelligence is rapidly transforming cyber risk and accelerating the sophistication of cyber threats.

Known as the Five Eyes alliance, the intelligence agencies jointly warned that frontier artificial intelligence models are set to fundamentally transform offensive hacking capabilities, and that the timeline for organisations to prepare is measured in months, not years.

The Five Eyes alliance published a three-page statement on Monday, describing AI as already lowering the barriers for malicious actors and accelerating the speed, scale, and complexity of cyberattacks while also shrinking the window between the discovery of a vulnerability and its exploitation.

What they are saying

The agencies said frontier AI models are expected to exceed current industry expectations in ways that will reshape both offensive and defensive cyber capabilities, and called on business leaders and boards to treat cyber resilience as a core strategic responsibility rather than a technical issue.

Other News

  • “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the statement said.
  • “AI is not a future consideration — it is already here. It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly,” the agencies warned.
  • “Cyber resilience is not an IT issue — it is central to operational continuity and market trust. Leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners, and investors. Those who delay will face growing and avoidable risk,” the statement added.

The agencies called on leaders across industry and government to understand and assess risk readiness, prioritise foundational cybersecurity practices, empower cyber leaders with authority and resources, and stay actively engaged as threats evolve.

  • “Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage,” the statement said.

More insights

The statement outlined five practical actions the agencies said are not new but have become urgent given the pace of AI development.

  • The first is reducing attack surfaces by limiting unnecessary system access and external connectivity, and isolating systems that do not need to be exposed. The second is accelerating patching, given that AI is shortening the time between vulnerability discovery and exploitation, a delay that poses heightened risk particularly for operational systems with long update cycles.
  • Thirdly, the agencies also flagged legacy systems as a specific concern, describing unsupported systems as not merely technical debt but “strategic liabilities” that are easy targets for AI-powered attackers.
  • Strengthening identity and access controls, enforcing strong authentication, and regularly reviewing permissions form the fourth area of action, while the fifth is incident preparedness, testing response plans, training teams, and operating on the assumption that breaches will occur so that the focus shifts to fast containment and recovery.

On the use of AI in defence, the agencies said organisations that integrate AI into their security operations can detect vulnerabilities earlier, monitor unusual behaviour, and respond faster to incidents, reducing both the cost and impact of breaches.

  • “Adversaries are already using AI to move faster and more effectively. Defenders must do the same,” the statement said.
  • “Success will not come from having the most tools. It will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies added.

What you should know

In recent times, tech leaders around the world have been warning that AI could pose significant risks if its development outpaces safety measures and regulation.

Earlie this month, Nairametrics reported that Anthropic urged developers of advanced AI systems to create a coordinated and transparent mechanism for slowing down or temporarily halting AI development if future models begin improving themselves at a pace that outstrips society’s ability to manage the associated risks.

In a detailed post published on its website, the company warned that AI systems capable of developing more powerful successors could eventually undermine human oversight, making it critical for the industry to agree in advance on clear conditions and procedures for pausing development when necessary.