AI cyber threat 'months, not years' away, intelligence agencies warn

Five Eyes warn of cyber threat ‘within months’ after US locks down Anthropic's AI models

Powerful artificial intelligence models that could upend global cybersecurity, wreaking havoc on governments and businesses, are mere months away, according to a report by top intelligence agencies.

The Five Eyes, an intelligence alliance that includes Australia, the US, the UK, New Zealand and Canada, warned that critical new sophisticated AI models could make it easier for bad actors to carry out cyber attacks.

The report comes after United States President Donald Trump in June blocked foreign nationals from using Anthropic’s latest AI model Fable 5 and Mythos 5. The AI company shut down the models in response.

The Five Eyes statement said while AI “would help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats”.

“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the warning by Five Eyes agencies said.

It urged a call to action and advised leaders to understand and assess the risks, prioritise foundational cyber security practices and controls, empower cyber leaders with authority and resources, and stay engaged as threats and guidance evolve.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the report added.

“Those that do not will face growing operational and strategic disadvantage.”

While the report did not mention any AI company or model specifically, generative AI models can look for gaps in cybersecurity systems and exploit them.

The report confirms what cybersecurity experts have previously told Euronews Next, in that many AI models already available today can exploit cybersecurity weaknesses.

The intelligence agencies also warned that unnecessary internet connectivity, weak identity and access controls, a lack of planning by organisations, legacy systems and sluggish patching loops are the weaknesses that AI will exploit.

As AI models accelerate in capability and become available publicly through open-source software, the cybersecurity risk increases too.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote.

“We must act before and be prepared to adapt and withstand evolving threats.”