The Five Eyes intelligence alliance — comprising the United States, United Kingdom, Canada, Australia and New Zealand — has issued a rare joint warning that cutting-edge artificial intelligence technology is poised to dramatically enhance offensive hacking capabilities within months, not years. In a three-page statement dated Monday, the alliance said that 'frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.'
The warning comes as the Trump administration has already taken unprecedented steps to restrict access to advanced AI models over national security concerns. Earlier this month, the U.S. government ordered AI company Anthropic to suspend access to its two most powerful models — Mythos 5 and Fable 5 — by foreign nationals. The company had previously touted Mythos's unprecedented ability to find software vulnerabilities, raising widespread cybersecurity concerns.
Urgent Call to Action for Governments and Businesses
The Five Eyes agencies urged governments and corporate leaders to 'act now' to improve their defenses against sophisticated AI-driven cyber threats. The statement emphasized that AI 'lowers barriers for malicious actors and increases the speed and complexity of attacks.' The alliance warned that 'breaches will occur' and that preparedness is essential to contain them quickly and prevent escalation into major operational and financial crises.
To counter the threat, the alliance recommended that organizations integrate AI tools into their security operations to detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents. They also urged swift patching of faulty software, updating old systems, limiting access to critical systems, and avoiding putting systems online unless necessary.
The Anthropic Precedent and Growing Unease
The Five Eyes statement follows the Trump administration's broad directive against Anthropic's Mythos 5 and Fable 5 models — one of the furthest-reaching actions a government has taken in response to the advanced capabilities of an AI model. Anthropic had said it believed the U.S. government had 'become aware' of a method of 'jailbreaking' its public Fable model, or getting around its internal safety guardrails.
While the Five Eyes statement does not mention specific AI models or companies by name, many observers have focused on Anthropic's advanced tools. The company's Fable 5 was described as a supposedly more community-friendly version of Mythos — a powerful AI model capable of detecting vulnerabilities in cyber systems that was only available to vetted organizations because of concerns it could be exploited for malicious purposes.
Broader Implications and Expert Concerns
AI experts have described the message as 'really stark,' warning that it has worrying implications not just for governments and large corporations, but for small and medium businesses around the world. Olivia Shen, director of the Strategic Technologies Program with the United States Studies Centre at the University of Sydney, told CNN: 'What it was saying is that in an age of AI, breaches will occur. It's not a matter of if, but when, so it's important to get prepared now.'
Shen also cautioned that while much of the world's attention is currently on Anthropic, other highly capable AI models could emerge from other actors. 'I think we have to anticipate that the next Mythos or the next Fable is just around the corner,' Shen said. 'We can only see what's been released, but there could be other models being developed by the likes of China, or other states and other actors and companies, that are just as advanced.'
The warning is another indication of officials' increasing concerns over models such as Anthropic's Mythos or OpenAI's GPT-5.5-Cyber, which are said to allow users to quickly execute complex — and potentially devastating — hacks. Around the same time as the Five Eyes statement, the U.S. cyber defense agency CISA — which was among those cosigning the statement — reduced the deadlines imposed on government officials to deal with serious digital vulnerabilities in their networks to three days, citing AI threats.
The Five Eyes alliance called for a 'whole-of-organisation and whole-of-society response,' stating that 'cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.' As the technology continues to evolve at a rapid pace, the window for preparation is closing fast.
