The intelligence oversight bodies of the Five Eyes alliance have issued an unusual public warning that the next generation of artificial intelligence could dramatically reshape the cybersecurity landscape within months rather than years, urging governments, businesses and corporate leaders to treat cyber resilience as an immediate priority.
The warning came in a joint statement from the Five Eyes Intelligence Oversight and Review Council (FIORC), a grouping of intelligence and security entities from Australia, Canada, New Zealand, the United Kingdom and the United States.
The statement was released shortly after the administration of US President Donald Trump moved to restrict access by “foreign nationals” to two advanced artificial intelligence systems developed by the technology company Anthropic. The decision, announced earlier this month, followed advice from American security agencies.
Without naming any specific company or model, the Five Eyes statement warned that frontier AI systems were expected to surpass current industry expectations and significantly alter both offensive and defensive cyber capabilities.
“While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats,” the statement said. “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.”
The alliance said cyber resilience had become essential for businesses, market confidence and long-term economic value. It urged leaders to assess risks and accountability, prioritise core cyber security controls, provide cyber security teams with sufficient authority and resources, and remain actively engaged as threats evolve.
“The urgency is clear,” the statement said. “AI is not a future consideration, it is already here.”
According to the Five Eyes statement, AI is shrinking the time between the discovery of a vulnerability and its exploitation by malicious actors. At the same time, officials acknowledged that the technology also provides powerful defensive tools capable of strengthening cybersecurity.
“A whole-of-organisation and whole-of-society response is required,” it said. “Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”
The alliance called on company boards and senior executives to ensure that cyber resilience measures not only exist on paper but are capable of functioning effectively during real-world incidents. Leaders, it said, should reassess long-standing assumptions and deploy AI deliberately to strengthen security rather than merely improve efficiency.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the statement concluded. “We must act before and be prepared to adapt and withstand evolving threats.”
The Five Eyes bodies outlined a series of principles they believe should guide organisations as AI capabilities advance.
Among them was a call for secure-by-design and secure-by-default approaches to become standard practice. The statement also warned against relying on any single technology or security solution, arguing that layered defences remain critical.
