Five Eyes agencies warn AI is rapidly changing cyber risk
Cybersecurity leaders from the Five Eyes alliance have issued a joint warning that artificial intelligence is reshaping the threat landscape faster than many organisations are prepared for.In a new ca...
Cybersecurity leaders from the Five Eyes alliance have issued a joint warning that artificial intelligence is reshaping the threat landscape faster than many organisations are prepared for.
In a new call to action, the heads of the cyber agencies in Australia, Canada, New Zealand, the United Kingdom and the United States said AI is already increasing the speed, scale and sophistication of attacks. They noted that frontier AI systems are expected to push those changes further in the coming months, not years.
While the agencies said AI can improve defence, they stressed that it is also making it easier for malicious actors to discover weaknesses, automate attacks and shorten the time between vulnerability discovery and exploitation. That means traditional assumptions about risk may become outdated very quickly.
Leadership, not just IT
The warning frames cyber resilience as a business and leadership issue rather than a narrow technical concern. Boards and executives, the agencies said, need to understand their exposure, assign accountability and ensure that cyber controls continue to work under real pressure.
They argued that organisations should not rely on a single product or platform for protection, and that secure-by-design and secure-by-default practices should be treated as standard requirements.
Priority actions for organisations
- Reduce attack surfaces by removing unnecessary access and limiting external exposure.
- Speed up patching, especially where attackers may move quickly after a flaw is disclosed.
- Review legacy and unsupported systems, which can create strategic risk as well as technical debt.
- Strengthen identity and access management with strong authentication and regular permission reviews.
- Test incident response plans so teams are ready to contain and recover from breaches.
The agencies also encouraged organisations to use AI defensively, such as to improve detection, monitor unusual activity and support faster response. But they cautioned that success will depend less on collecting more tools and more on getting fundamentals right.
The message from the Five Eyes is clear: AI is no longer a distant issue for future planning. Organisations that adapt now, the agencies said, will be better placed to protect operations, maintain trust and reduce avoidable risk.
