The intelligence alliance known as the “Five Eyes” has warned that advances in artificial intelligence are rapidly reshaping the global cyber threat landscape, with disruptive AI-enabled cyber capabilities expected to emerge within months rather than years.
The warning was contained in a joint statement issued by cybersecurity and intelligence agencies from the United States, United Kingdom, Canada, Australia and New Zealand, which urged business leaders and organisations worldwide to strengthen cyber resilience as AI accelerates the speed, scale and sophistication of cyber threats.
According to the agencies, the rapid evolution of frontier AI models is expected to surpass current industry expectations, fundamentally altering the nature of cyber warfare, cybercrime and digital security.
“The evolving landscape of artificial intelligence is rapidly transforming cyber risk, and we must act swiftly to remain ahead,” the agencies stated.
While AI is expected to enhance cyber defence capabilities over time, they warned that the technology is simultaneously increasing the speed, scale and sophistication of cyber attacks, creating new challenges for governments, businesses and critical infrastructure operators.
“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the statement noted.
The agencies stressed that cyber resilience should no longer be viewed solely as a technical function but as a critical component of business continuity, market confidence and long-term corporate value creation.
They urged boards, chief executives and senior business leaders to take direct responsibility for cyber preparedness by assessing organisational risks, strengthening accountability frameworks and ensuring cybersecurity leaders are adequately empowered and resourced.
The statement further highlighted that AI is already reducing the barriers for malicious actors to launch sophisticated attacks, while significantly shortening the time between the discovery of vulnerabilities and their exploitation.
“AI is not a future consideration; it is already here,” the agencies said, adding that organisations can no longer afford to treat cyber risk as an issue confined to information technology departments.
According to the Five Eyes alliance, leaders must ensure that cybersecurity controls are capable of performing effectively under real-world attack conditions, rather than merely existing on paper.
The agencies emphasised several core cybersecurity principles, including the adoption of secure-by-design and secure-by-default technologies, the implementation of layered security approaches, and the recognition that new vulnerabilities, including previously unknown zero-day exploits, will continue to emerge as AI systems evolve.
They also warned organisations to assume that cyber breaches will occur and focus on preparedness measures that enable rapid containment and recovery before incidents escalate into major operational, financial or reputational crises.
Among the practical steps recommended were reducing unnecessary digital exposure, limiting external system connectivity, accelerating software patching cycles, replacing unsupported legacy systems and strengthening identity and access management controls.
The agencies noted that delayed patching has become increasingly risky as AI accelerates the speed with which cybercriminals can identify and exploit software vulnerabilities.
Unsupported legacy systems, they said, should no longer be viewed merely as technical debt but as strategic liabilities that expose organisations to heightened cyber risk.
The Five Eyes members also encouraged organisations to deploy AI-powered security tools to strengthen their defensive capabilities.
According to the statement, AI can help security teams identify vulnerabilities earlier, improve software quality, detect unusual network behaviour and respond more effectively to cyber incidents, thereby reducing both the financial and operational impact of attacks.
However, the agencies stressed that cybersecurity success would not be determined by the number of technologies deployed, but by organisations’ ability to implement strong foundational security practices and integrate cybersecurity into overall business strategy.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats,” the statement said.
The alliance concluded that cyber resilience has become central to operational continuity and market trust, warning that organisations that fail to adapt quickly to the AI-driven threat environment could face growing and avoidable risks, while those that act now will be better positioned to protect customers, partners, investors and critical business operations.
