Five Eyes warns frontier AI could supercharge cyberattacks within months

A rare joint warning from the Five Eyes intelligence alliance has turned frontier AI into an immediate cyber risk, not a distant one. The United States, Britain, Canada, Australia and New Zealand said attackers could soon use advanced models to scale phishing, malware and reconnaissance fast enough to overwhelm the old pace of patching.

The statement, titled “The AI shift in cyber risk: why leaders must act now,” was published on June 22, 2026 and said frontier AI models are expected to transform both offensive and defensive cyber capabilities. Its starkest line was blunt: “The timeline is not years, it is months.” The alliance said AI is lowering barriers for malicious actors and shrinking the time between vulnerability discovery and exploitation, which means defenders have far less room to react once a flaw is exposed.

The guidance pushed the response back to fundamentals. It urged leaders to assess risk and readiness, prioritize foundational cybersecurity practices and controls, empower cyber leaders with real authority and resources, and stay engaged as threats evolve. It also said secure-by-design and secure-by-default should become standard practice, and that cyber resilience is integral to business continuity, market confidence and long-term value. In other words, the warning is not only about hackers breaking in faster. It is about balance sheets, operations and investor trust absorbing the blow when they do.

The urgency matches a broader shift inside U.S. cyber defense. On June 10, 2026, the Cybersecurity and Infrastructure Security Agency ordered civilian federal agencies to fix, disable or remove the most serious vulnerabilities within three calendar days. The directive allows two weeks for many flaws and up to two months for the least serious category, a much tighter clock than the old patch cycles. CISA Acting Executive Assistant Director for Cybersecurity Chris Butera said defenders cannot afford to take weeks to patch systems that can be autonomously exploited en masse.

The Five Eyes message reflects a common view across the Australian Signals Directorate’s Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand’s National Cyber Security Centre, the UK National Cyber Security Centre, and CISA plus the National Security Agency. The concern extends to frontier systems such as Anthropic’s Mythos and OpenAI’s GPT-5.5-Cyber, which are seen as tools that could help users carry out complex and potentially devastating hacks. The alliance’s warning is clear: AI is not just changing cyber conflict over the next decade. It is compressing the danger window to the next few months.