Five Eyes cybersecurity agencies warn of new AI models impact on cyber risks

Five Eyes cybersecurity agencies warn of new AI models impact on cyber risks

Canadian Centre for Cyber Security head among officials taking part in warning

Cutting-edge artificial intelligence technology is poised to supercharge offensive hacking capabilities, and urgent action is needed to face up to the ‌threat, U.S., British, Canadian, Australian and New Zealand cybersecurity agency officials said on Monday.

The officials from members of the intelligence alliance commonly known as the Five Eyes said in a ​three-page statement: "Frontier AI models ​are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The ​timeline is not years, it is months."

The group of officials whose names accompanied the statement included Rajiv Gupta, the head of the Canadian Centre for Cyber Security, which is part of the Communications Security Establishment Canada (CSE), the country's national cryptologic agency.

The cyber centre recently described frontier AI models as encompassing "the most recent, capable and advanced models" of AI, which are becoming more widely accessible and a greater concern when it comes to potential threats.

A cybersecurity expert said the gulf between powerful frontier AI models and its lesser competitors is significant.

John Bruggeman, a cybersecurity expert in Cincinnati, Ohio, drew an analogy comparing the frontier AI models to the U.S. Library of Congress in terms of size and power, with massive holdings of information, which can be drawn upon, versus a standard city library.

"You're going to find way more information in the Library of Congress," Bruggeman said in an interview.

The ⁠Monday statement from the Five Eyes members was ⁠light on details and ‌mostly restated core cybersecurity advice, such as swiftly patching faulty software and not putting systems online unless necessary.

The officials also urged defenders to ⁠use AI "to strengthen defence," for example by identifying weaknesses sooner or responding more quickly to incidents.

The warning was ‌another indication of officials' increasing concerns over models such as Anthropic's Mythos or OpenAI's GPT-5.5-Cyber, which are said to allow users to quickly execute complex — and ​potentially devastating — hacks.

Earlier this month, Anthropic was forced to disable ⁠a version of Mythos after the U.S. government ordered ⁠it to suspend access to the models for ⁠foreign ⁠nationals over alleged ​national security concerns.

Around the same time, the U.S. cyber ​defence agency CISA — ⁠which was among those cosigning Monday's statement — reduced the deadlines imposed on government officials to deal with serious digital vulnerabilities in their networks to three days, citing AI ⁠threats.