In an unprecedented joint statement, the Five Eyes intelligence alliance—comprising the United States, the United Kingdom, Australia, Canada, and New Zealand—has issued a stark warning: the cybersecurity threats posed by advanced artificial intelligence (AI) models are no longer a future concern but an imminent reality. The alliance declared that the timeline for action is not years but months, as AI capabilities rapidly lower barriers for malicious actors and drastically shrink the window between vulnerability discovery and exploitation.

The statement was signed by the heads of cybersecurity agencies from all five nations, including David Imbordino of the US National Security Agency and Nick Andersen, acting director of the Cybersecurity and Infrastructure Security Agency (CISA). They emphasized that cyber risk can no longer be treated as a purely technical issue; it is a core business risk and leadership responsibility. "Breaches will occur," the statement read. "Preparedness helps you contain them quickly and prevent escalation into major operational and financial crises."

Key Recommendations and Urgent Actions

The Five Eyes leaders outlined several urgent measures for organizations: limit unnecessary system access and external connectivity, accelerate vulnerability patching by prioritizing security updates, test incident response plans regularly, strengthen identity authentication, and restrict user access to critical systems. Additionally, they urged organizations to integrate AI tools into their own security operations to detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents—reducing both cost and impact.

The warning comes at a time when AI models themselves are becoming potent weapons. Earlier this year, Anthropic released a model called Mythos, described as "scary good" at cracking software vulnerabilities. Access was initially limited to select organizations and governments. Shortly after Anthropic's deployment, OpenAI unveiled a similar model. Reports from early access holders indicated that Mythos could bypass Apple's notoriously secure operating system and take over a corporate system in six out of ten attempts. This capability has sent shockwaves through the cybersecurity community.

Political and Regulatory Landscape

The accelerating threat has also become a major topic in global politics. At the recent G7 Summit, leaders of AI companies—including Anthropic's Dario Amodei, OpenAI's Sam Altman, and Google DeepMind's Demis Hassabis—sat alongside heads of government to discuss cyber risks. The discussions highlighted the tension between innovation and security, with governments grappling with how to regulate powerful AI without stifling progress.

In the United States, the situation is further complicated by internal turmoil at CISA. Since President Trump took office in January 2025, the agency lost a third of its workforce to layoffs. Trump, who created CISA during his first term, turned against it after officials refused to back his voter fraud claims in the 2020 election. In his second term, he has proposed more than $250 million in budget cuts. Last month, CISA suffered an embarrassing security incident when investigative journalist Brian Krebs discovered that plaintext usernames and passwords for internal systems had been exposed on GitHub for possibly six months.

Historical Context and Growing Threats

The Five Eyes warning is not an isolated event. For years, cybersecurity experts have cautioned that AI would eventually be used to automate attacks, find zero-day vulnerabilities, and craft highly convincing phishing campaigns. What was once theoretical is now becoming practical. The alliance's statement underscores that the speed, scale, and sophistication of cyber threats are accelerating at an alarming rate. Attackers—including nation-states, criminal gangs, and lone hackers—now have access to AI tools that can probe defenses, mimic human behavior, and adapt in real-time.

The development of models like Mythos represents a paradigm shift. Traditional cybersecurity relies on the assumption that discovering a vulnerability takes time and effort. AI changes that equation by scanning codebases at machine speed and identifying weaknesses in hours or minutes. This compresses the attack timeline from weeks to days, and the Five Eyes warn that the gap is narrowing further.

Global Implications and Response

Other nations are also feeling the pressure. The United Kingdom's National Cyber Security Centre has issued similar alerts, and Australia's Cyber Security Centre has urged critical infrastructure operators to review their defenses. The European Union is advancing its AI Act, which includes provisions for high-risk AI systems. However, the pace of regulation often lags behind technological change.

The Trump administration's foreign national ban on Anthropic's models—affecting even the company's own employees—has drawn criticism as capricious and legally shaky. Many experts argue that such bans may hinder collaboration and slow down defensive innovations. Meanwhile, reports indicate that CISA only gained full access to the Mythos model two weeks ago, raising questions about preparedness.

As AI models continue to evolve, the line between offense and defense blurs. Organizations that embrace AI security tools may gain an edge, but those that delay could face catastrophic breaches. The Five Eyes message is clear: the future is already here, and it is a matter of months, not years, before the first major AI-driven cyber catastrophe strikes. The time to act is now.

Source: Gizmodo News