The world's most powerful intelligence-sharing alliance has issued an explicit warning: AI models capable of executing large-scale cyberattacks that could overwhelm national defenses are months away, not years. The Five Eyes group - the United States, United Kingdom, Canada, Australia and New Zealand - is urging government leaders and corporate executives to treat the timeline with urgency and harden their systems now.
The rare public alert, delivered in a joint statement on Monday, follows the Trump administration's order barring AI firm Anthropic from giving foreign nationals access to some of its most advanced models. It also reflects deepening anxiety across Western capitals about how fast offensive cyber capabilities are advancing.
A timeline measured in months
Frontier AI models are expected to exceed industry expectations, months, not years from now, the agencies said. "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months," the statement read. The group added that the technology is lowering "barriers for malicious actors and increases the speed and complexity of attacks."
AI and national security experts say the message is direct and urgent. Olivia Shen, director of the Strategic Technologies Program with the United States Studies Centre at the University of Sydney, told CNN: "What it was saying is that in an age of AI, breaches will occur. It's not a matter of if, but when, so it's important to get prepared now."
The Anthropic wake-up call
The intelligence warning came shortly after the U.S. administration directed Anthropic to suspend use of its Mythos 5 and Fable 5 models by foreign nationals. Mythos had raised particular cybersecurity alarms because the company said it was exceptionally skilled at uncovering security flaws. Anthropic later noted that officials had become aware of a method to "jailbreak" the public Fable model, bypassing its built-in safeguards. The company and the administration are in talks to resolve the issue.
Shen said the episode underscores how quickly AI capabilities are developing. "The really key lesson for this is that AI capabilities are evolving incredibly rapidly," she said, noting that even while global attention is focused on Anthropic, another entity could produce the next highly capable model at any time.
Everyday businesses most at risk
Five Eyes leaders laid out concrete steps: invest in cyber defenses, upgrade or retire old systems, patch faulty software, and strictly control access to critical systems. They also emphasized that AI is not just a threat vector - it can be part of the solution. "Organizations that integrate AI tools into their security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour, and respond faster to incidents," the alliance said.
Shen pointed to a "massive gap" in preparedness. Large corporations usually invest heavily in cybersecurity, she said, but "the ones who are more exposed will be those small and medium-sized businesses who maybe have under invested so far, and they'll basically be like sitting ducks."
For cybersecurity analysts working inside government agencies, targeted training on defensive AI techniques is becoming essential. AI Learning Path for Cybersecurity Analysts programs can help teams spot vulnerabilities earlier and respond when AI-powered attacks hit.
Regulation and the tightrope ahead
Independent assessments now show some AI models reaching expert levels of cyber capability, outpacing lawmakers' efforts to build a coherent regulatory framework. The United States currently lacks a transparent, consistent process for governing AI risks. This month, dozens of cybersecurity researchers, AI entrepreneurs and executives signed an open letter calling on the Trump administration to commit to "an open, scientific and transparent process of handling AI risk assessments" and said it was "essential" for security teams to "find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries."
Shen acknowledged the difficulty of balancing innovation against safety but insisted some rules are needed. "We know these technologies can be used for both defensive and offensive purposes, and we need a few more guardrails about how we can maximize the benefits for defensive cyber security, while gate keeping it away from potential cyber adversaries and scammers and cyber criminals," she said.
Why this matters for Government
For government agencies, the Five Eyes warning is not abstract. It means critical infrastructure, citizen data, and national security systems could be tested by AI-accelerated attacks within a single budget cycle. The immediate steps - patching systems, limiting access, investing in AI-driven detection - are within reach, but they require deliberate funding and workforce upskilling. Agencies that build internal expertise now, including through AI for Government training initiatives, will be better positioned to defend their networks and support the small and medium businesses that governments increasingly rely on for services. The timeline leaves no room for lengthy deliberation.
Your membership also unlocks:
