Five Eyes warns AI cyber threat is ‘months’, not years, away

TL;DR:

  • The Five Eyes intelligence alliance issued a rare joint warning that frontier AI will supercharge offensive hacking.
  • “The timeline is not years, it is months,” the three-page statement says, urging faster patching and AI-assisted defence.
  • It follows the US order forcing Anthropic to suspend access to its Mythos models for foreign nationals.

The intelligence alliance known as the Five Eyes — the UK, US, Canada, Australia and New Zealand — has issued a rare joint statement warning that cutting-edge artificial intelligence is poised to transform offensive hacking, and that the threat is imminent. “Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the three-page document says.

A warning long on urgency, short on detail

The statement was light on specifics, largely restating established advice: patch faulty software quickly, and keep systems offline unless they need to be exposed. It also urged defenders to use AI “to strengthen defence” — spotting weaknesses sooner and responding to incidents faster. The concern centres on models such as Anthropic’s Mythos and OpenAI’s GPT-5.5-Cyber, said to let users execute complex and potentially devastating attacks at speed.

For the UK, the signal carries weight given GCHQ and its National Cyber Security Centre operate inside this alliance. The warning also connects to a fast-moving policy backdrop: earlier this month the US ordered Anthropic to suspend access to its Mythos models for foreign nationals on national-security grounds — a saga Resultsense has tracked through Washington’s shifting stance on the company. The US cyber agency CISA, a co-signatory, has cut the deadline for government bodies to fix serious vulnerabilities to three days, citing AI threats.

Looking forward

The statement is as much about defenders as attackers, and that framing matters for British organisations. If offensive capability really does jump within months, the gap between firms that have operationalised AI-assisted detection and those still running manual patch cycles will widen sharply. The advice itself is unglamorous — patch faster, reduce exposure, automate response — but the alliance’s point is that the fundamentals now carry far higher stakes. For UK boards, the practical takeaway is to treat AI-enabled threats as a near-term operational risk rather than a horizon-scanning exercise.

Share this article