The Five Eyes intelligence group, comprising the United States, United Kingdom, Canada, Australia, and New Zealand, is warning governments and corporations that AI models capable of launching devastating cyber attacks that could overwhelm their defenses are months, not years away.
They are urging nations and companies to “act now” to improve cyber defenses.
This is a highly unusual warning from the normally circumspect intelligence group. The Five Eyes alliance typically operates with deep, classified sharing. They do not issue public joint statements lightly. When they align to release a unified message directly to the public and business leaders, it signals that the threat landscape has shifted in a way that regular, incremental IT adjustments cannot handle.
In short, Five Eyes doesn’t do “hype.” When it releases a joint warning, it’s to alert governments and corporations to a real, imminent threat.
Usually, the group’s intelligence warnings paint a picture of cybersecurity risks across a multi-year window. This warning explicitly breaks from that convention, shifting the perspective from years to just “months.”
“While AI will help us improve cyber defense over time, it also accelerates the speed, scale, and sophistication of cyber threats,” the group notes. “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years; it is months.”
The writing has been on the wall for the last few months regarding an increase in urgency in the potency and capabilities of newer AI models. For instance, earlier this month, the U.S. government took the unusual step of ordering the AI startup Anthropic to suspend access to its powerful Mythos and Fable 5 models for foreign nationals. Policymakers expressed severe national security concerns that these specific models possess unprecedented capabilities to independently identify code vulnerabilities, potentially resulting in a “vulnerability tsunami” if misused by hostile actors.
From the Five Eyes Statement:
Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility. Boards and executives should ensure cyber resilience is in place and works under pressure. It is not enough to have controls. Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defense – not just improve efficiency.
Core principles:
- Secure-by-design and secure-by-default must become standard practice – not an aspiration.
- Resilience cannot depend on a single solution or technology. Defense in depth remains essential.
- As AI systems evolve, new and previously unknown vulnerabilities will emerge, including zero‑day vulnerabilities.
- Breaches will occur. Preparedness helps you contain them quickly and prevent escalation into major operational and financial crises.
Rather than targeting IT administrators with technical alerts, it directly holds boards and corporate executives accountable, framing AI-driven cyber risk as a fundamental threat to business continuity and trust. It demands that leaders move past treating cybersecurity as an IT standalone department and actively use AI defensively to outpace adversaries.
“What it was saying is that in an age of AI, breaches will occur. It’s not a matter of if, but when, so it’s important to get prepared now,” Olivia Shen, director of the Strategic Technologies Program at the University of Sydney, told CNN.
“Sophisticated businesses, usually your large corporations, they already invest in cybersecurity, and they’ll be better prepared,” Shen said. “The ones who are more exposed will be those small and medium-sized businesses who maybe have under invested so far, and they’ll basically be like sitting ducks.”
The speed with which these cyber threats are materializing is putting a damper on some efforts to place significant guardrails on AI. This month, several dozen cybersecurity researchers, AI entrepreneurs, and corporate executives signed an open letter urging the Trump administration to commit to “an open, scientific and transparent process of handling AI risk assessments” and said it was “essential” for security teams to “find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries.”
“We know these technologies can be used for both defensive and offensive purposes, and we need a few more guardrails about how we can maximize the benefits for defensive cyber security, while gate keeping it away from potential cyber adversaries and scammers and cyber criminals,” Shen said.
When the first major breaches happen, perhaps then we’ll get more serious about the speed with which AI development is outpacing our ability to adequately control it.
Editor’s Note: Every single day, here at PJ Media, we will stand up and FIGHT, FIGHT, FIGHT against the radical Left and deliver the conservative reporting our readers deserve.
Help us continue to tell the truth about the Trump administration and its successes. Join PJ Media VIP and use promo code FIGHT to receive 60% off your membership.
Editor’s Note: Every single day, here at PJ Media, we will stand up and FIGHT, FIGHT, FIGHT against the radical Left and deliver the conservative reporting our readers deserve.
Help us continue to tell the truth about the Trump administration and its successes. Join PJ Media VIP and use promo code FIGHT to receive 60% off your membership.
