AI models capable of devastating cyberattacks on governments and businesses could emerge 'within months,' Five Eyes intelligence alliance issues unprecedented joint warning.

The cybersecurity agencies of the 'Five Eyes' intelligence-sharing framework, comprised of the United States, the United Kingdom, Canada, Australia, and New Zealand, have issued a joint statement urging government and business leaders to 'act now' as AI rapidly transforms cyber risks. The statement says that cutting-edge AI models will significantly change both offensive and defensive capabilities 'within months, not years.'
The AI shift in cyber risk: why leaders must act now | National Cyber Security Center

AI models capable of devastating attacks on governments and business months away, rare Five Eyes statement warns | AI (artificial intelligence) | The Guardian
https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security
Rare Five Eyes statement warns AI 'months away' from taking down governments | Metro News
https://metro.co.uk/2026/06/22/ai-models-can-take-governments-business-is-months-away-28879138/
Cyberattacks targeting governments and businesses have been frequent even before the AI boom, causing large-scale damage such as hospital appointment systems shutting down and companies' internal networks being encrypted, making it impossible to access business emails and accounting software. Such cyberattacks required considerable knowledge and time for processes such as 'finding vulnerabilities,' 'creating attack programs,' and 'executing attacks against targeted organizations.' However, generative AI can simplify the tasks required for cyberattacks, making it possible for attackers with relatively low technical skills to carry out cyberattacks. The Five Eyes statement explains that while AI improves cyber defenses, it also increases the speed, scale, and sophistication of threats.
Of particular concern are the cutting-edge AI models known as 'frontier AI models.' While the increasing ability of AI to find vulnerabilities in cyber systems benefits defenders by allowing them to quickly identify and fix issues, attackers could potentially use the same capabilities to quickly find and exploit unpatched weaknesses.

In this situation, what the Five Eyes are calling for is a shift away from leaving the response solely to the security department. Damage caused by cyberattacks, such as factories shutting down, customer information being leaked, and government services becoming unusable, cannot be contained within the technical department alone. Because it directly impacts sales, reputation, business partners, users, and the lives of citizens, the statement says that cyber risks must be treated as 'management risks' and 'leadership responsibilities.'
The starting point for countermeasures is not the introduction of special new technologies, but rather reducing the number of entry points for attacks. By minimizing the number of systems accessible from the outside, disconnecting unnecessary connections, and isolating critical systems, the number of paths an attacker can use to infiltrate can be reduced. Rather than scrambling to respond after sophisticated AI attacks emerge, it is important to proactively reduce the places that could be targeted by attackers.
The next important step is to reduce delays in software updates. As AI shortens the time between vulnerability disclosure and exploitation, the old assumption that fixing vulnerabilities within a few weeks was sufficient is no longer valid. Older systems and business systems that are difficult to update are more likely to be targeted, so the statement points out that legacy systems should be treated not merely as technical debt, but as strategic debt.
Account management is also a crucial measure. By verifying who has access to critical systems, ensuring that former or transferred employees do not retain privileges, and ensuring that multi-factor authentication is in place, the extent of damage after an intrusion can be minimized. As AI speeds up attacks, the risk of a single stolen ID spreading to the entire company system also increases.

Furthermore, the focus is not on completely preventing intrusions, but on preparing to quickly contain them after they occur. This requires not only creating incident response plans, but also conducting actual training and confirming communication networks and recovery procedures for personnel. The statement explains that breaches can happen, and preparation makes it easier to prevent them from escalating into large-scale business disruptions or financial crises.
There is a growing call for the use of AI on the defense side as well. By using AI for early vulnerability detection, software quality improvement, monitoring of suspicious activity, and faster incident response, we can avoid a situation where only attackers benefit from AI.
The Five Eyes intelligence alliance warns that AI could render cyber risk assumptions outdated by months. If governments and businesses delay preparations, avoidable risks could jeopardize business continuity and market confidence. The Five Eyes agencies are calling on leaders, including those in industry and vendors, to work together now to protect people and secure the future.
Related Posts:







