'Timeline not years, its months': Five Eyes warns AI could transform cyber warfare

Cutting-edge artificial intelligence technology is set to significantly enhance offensive cyber capabilities, prompting urgent calls for action from officials in the United States, Britain, Canada, Australia and New Zealand.In a joint three-page statement released on Monday, the intelligence alliance known as the Five Eyes warned that "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."The cybersecurity agencies said rapid advances in AI models are expected to lower the barriers to entry for malicious actors while increasing the speed, scale and sophistication of cyberattacks.“A whole-of-organisation and whole-of-society response is required. Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility," the statement read.The warning highlights growing concern among officials over advanced AI models such as Anthropic's "Mythos" and OpenAI's "GPT-5.5-Cyber," which are believed to enable users to rapidly carry out sophisticated, and potentially highly damaging, cyberattacks.

The statement offered few new details and largely reiterated established cybersecurity best practices, including promptly patching software vulnerabilities and limiting internet exposure for systems unless necessary. Officials also encouraged organizations to use AI "to strengthen defence," such as by identifying vulnerabilities earlier and accelerating responses to cyber incidents.Earlier this month, Anthropic suspended access to a version of Mythos after the US government directed the company to restrict the model's availability to foreign nationals, citing national security concerns. Around the same time, the US Cybersecurity and Infrastructure Security Agency (CISA), one of the signatories to Monday's statement, shortened the deadline for federal agencies to address critical network vulnerabilities to three days, pointing to the growing threat posed by AI-enabled cyberattacks.