The intelligence alliance known as the Five Eyes — comprising the United States, United Kingdom, Canada, Australia, and New Zealand — issued an urgent warning on Monday that cutting-edge artificial intelligence models are on the verge of dramatically amplifying offensive hacking capabilities, calling for immediate action from governments and organisations worldwide.
In a three-page joint statement, the alliance declared that "frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months." The Five Eyes, a longstanding signals-intelligence partnership formed after World War Two, rarely issues such pointed public warnings, making Monday's statement notable for its urgency, even if it was light on specific technical detail.
Much of the practical guidance in the statement reiterated established cybersecurity fundamentals — patching vulnerable software quickly, avoiding unnecessary exposure of systems to the internet — while also urging defenders to harness AI themselves, for instance to detect weaknesses earlier or to accelerate responses to active incidents. The dual-use nature of the technology was a central theme: the same models that could empower attackers can also be wielded by defenders.
The warning reflects growing official concern about a new generation of AI tools. Models such as Anthropic's Mythos and OpenAI's GPT-5.5-Cyber are said to enable users to plan and execute complex, potentially devastating cyberattacks with far less technical expertise than previously required. The alarm has already translated into concrete policy moves: earlier this month, the US government ordered Anthropic to suspend foreign nationals' access to a version of Mythos over national security concerns, forcing the company to disable the product. Separately, the US Cybersecurity and Infrastructure Security Agency (CISA) — one of the signatories to Monday's statement — cut the deadline for government officials to remediate serious digital vulnerabilities in federal networks from the previous standard to just three days, explicitly citing the accelerated threat posed by AI.
The convergence of these developments signals that Western security agencies view AI-enabled cyberattacks not as a distant hypothetical but as an imminent operational reality. For critical infrastructure operators, government agencies, and businesses that rely on networked systems, the Five Eyes' message is clear: the window for preparation is narrowing fast.