The intelligence oversight bodies of the Five Eyes alliance—comprising Australia, Canada, New Zealand, the United Kingdom, and the United States—have issued an extraordinary joint public warning. The alliance states that the next generation of “frontier” artificial intelligence models will fundamentally alter the cybersecurity landscape within months, rather than years, and urges immediate corporate and governmental action.
The warning, coordinated by the Five Eyes Intelligence Oversight and Review Council (FIORC), follows an aggressive national security move by the U.S. government earlier this month to completely block foreign nationals from accessing Anthropic’s newly released “Mythos-class” AI models (Claude Fable 5 and Claude Mythos 5) over critical cyber-weaponization and jailbreaking concerns.
The Warning: Unprecedented Speed and Scale
While the Five Eyes statement does not explicitly name a single developer, it emphasizes that frontier AI capabilities are advancing far faster than commercial or public risk assumptions can handle.
“While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats. Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.“
Intelligence officials noted that advanced AI is drastically shrinking the “vulnerability-to-exploitation window”—the time it takes for a malicious actor to discover a software flaw and successfully weaponize it into a cyberattack.
Five Eyes Directives for Organizations
The alliance stressed that cybersecurity can no longer be sidelined as a minor technical issue. It is now a core business liability and leadership responsibility that directly impacts market confidence and economic stability.
To withstand the impending wave of AI-driven threats, the Five Eyes outlines five critical defensive mandates:
-
Accelerate Patching Processes: Because AI automates the exploitation of software bugs, organizations must dramatically speed up how quickly they patch and update operational systems.
-
Address Legacy Systems: Outdated, unsupported software is an easy target for automated AI attacks. Legacies are no longer just “technical debt”—they are active strategic liabilities.
-
Enforce Rigorous Identity and Access Controls: Companies must strictly limit access to critical environments, mandate robust multi-factor authentication, and continuously audit system permissions.
-
Adopt Secure-by-Design Practices: Security controls must be embedded into corporate infrastructure by default from day one, rather than patched on later.
-
Deploy Layered Defenses: Organizations must avoid relying on any single security solution, opting instead for “defense-in-depth” protocols that assume breaches will inevitably occur.
Shift in Paradigm: Combatting AI with AI
Despite the grim offensive forecast, the intelligence community acknowledged that these same advanced models provide defenders with unprecedented tools. Organizations are urged to actively deploy machine learning to monitor anomalous network behavior, isolate system breaches rapidly, and patch vulnerabilities before bad actors can find them.
The council concluded with a sharp warning to corporate boards and senior executives: long-standing cybersecurity assumptions are becoming obsolete in a matter of months. Leaders must act immediately to ensure their business resilience plans work in the real world, rather than just existing as compliance paperwork.

