Five Eyes Warns AI Cyber Threats Could Arrive Within Months, Not Years

The intelligence oversight bodies of the Five Eyes alliance have issued a joint public warning that next-generation artificial intelligence could fundamentally reshape the cybersecurity landscape in a matter of months, not years, urging governments and businesses to treat cyber resilience as an immediate priority.

The warning came from the Five Eyes Intelligence Oversight and Review Council (FIORC), which represents oversight entities from Australia, Canada, New Zealand, the United Kingdom, and the United States. The statement was released shortly after the administration of US President Donald Trump restricted access by foreign nationals to two advanced AI systems developed by Anthropic, following advice from American security agencies.

Without naming specific companies or models, the Five Eyes statement said frontier AI systems are expected to surpass current industry expectations and significantly alter both offensive and defensive cyber capabilities. "While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats," the statement said. "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."

The alliance said cyber resilience has become essential for businesses, market confidence, and long-term economic value. It urged leaders to assess risks and accountability, prioritise core cyber security controls, provide cyber security teams with sufficient authority and resources, and remain actively engaged as threats evolve. "The urgency is clear," the statement said. "AI is not a future consideration, it is already here."

According to the Five Eyes statement, AI is shrinking the time between the discovery of a vulnerability and its exploitation by malicious actors. At the same time, officials acknowledged that the technology also provides powerful defensive tools capable of strengthening cybersecurity. "A whole-of-organisation and whole-of-society response is required," it said. "Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility."

The alliance called on company boards and senior executives to ensure that cyber resilience measures not only exist on paper but are capable of functioning effectively during real-world incidents. Leaders, it said, should reassess long-standing assumptions and deploy AI deliberately to strengthen security rather than merely improve efficiency. "The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years," the statement concluded. "We must act before and be prepared to adapt and withstand evolving threats."

The Five Eyes bodies outlined a series of principles they believe should guide organisations as AI capabilities advance. Among them was a call for secure-by-design and secure-by-default approaches to become standard practice. The statement also warned against relying on any single technology or security solution, arguing that layered defences remain critical.