AI may soon be capable of completely dismantling our cybersecurity defenses.
In a joint statement, the Five Eyes cybersecurity alliance, which includes intelligence agencies from the US, UK, New Zealand, Australia and Canada, called for leaders to "act now" on AI's cyber threats. The statement warned that AI models capable of taking down businesses and governments are mere months away.
The agencies said that frontier models are anticipated to "exceed current industry expectations," fundamentally transforming both cyber offense and defense. While the tech provides cyber defenders with a new arsenal of tools to better protect systems, it also enables malicious actors to make their attacks faster and more complex and shrinks the window between discovering a vulnerability and acting on it. "The timeline is not years, it is months," the agencies said.
Five Eyes urged business and government leaders to preempt these threats in several ways:
- First, understand and assess the current risk, as well as the current state of preparedness, and be flexible to adapt to the quickly evolving threat landscape
- Prioritize foundational cybersecurity best practices, including reducing attack surfaces, implementing strong identity controls, addressing vulnerabilities in legacy systems and accelerating the patching process
- Give cyber leaders the authority and resources to defend properly
"It is not enough to have controls," the statement said. "Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defense — not just improve efficiency."
Now, the race is on for organizations to solidify their security fundamentals and prepare for "machine-speed" attacks, Erik Avakian, technical counselor at Info-Tech Research Group, told The Deep View. This means that areas such as backups, asset inventory, zero trust, vulnerability management, and incident response need to be at a mature level.
"Now is the time to start exploring automation where it makes sense," said Avakian. "AI speed and agility are too fast now and will only get faster. It’s going to end up forcing defenders to embrace more automation."
The warning comes amid heightened fears about AI's cybersecurity capabilities, especially following the release (and subsequent US government muzzling) of Anthropic's Fable 5 and Mythos 5, the most powerful models in its lineup thus far. Anthropic itself said the Mythos Preview could quickly find software exploits, creating opportunities for attackers and other bad actors.
Rival OpenAI, meanwhile, is putting out its own offerings targeting cyberdefenders, including a slew of new tools as part of Project Daybreak debuted on Monday. OpenAI's line-up includes an update to the Codex Security plugin, an expanded release of GPT‑5.5‑Cyber, a partner program to give organizations more access, and an initiative called "patch the planet," which helps find and fix vulnerabilities in popular open source projects.
But solving this problem may extend beyond just any one model provider, organization or enterprise, said Avakian.
"I believe strongly that this is a shared responsibility," he said. "Governments and AI providers both certainly have responsibilities around guardrails, standards, and safety. But business organizations can't just outsource accountability for their own cyber risk."
Our Deeper View #
One of the biggest cybersecurity vulnerabilities an organization can suffer from is hubris. A business, enterprise or agency may think that their legacy systems will hold up against new forms of attack, that they can't afford to invest in cybersecurity for fear of falling behind on innovation or that they simply aren't a likely target for attackers. Those organizations, however, are at higher risk of being walloped. As Five Eyes warns, exceedingly powerful AI raises the bar for everyone: Amateur hackers now have the capability to complexify their simple attacks, while sophisticated malicious actors now have the ability to scale their campaigns to immeasurable heights. With that kind of ammo, everyone is a target.