'Five Eyes' raises alarm over new frontier in cyber warfare

In a rare three-page statement of a kind that Western intelligence circles issue only at moments of imminent peril, the Five Eyes alliance came forward on Monday, 22 June, with a warning that has rattled specialists: advanced artificial intelligence models are on the verge of fundamentally transforming offensive cyber capabilities, and the window before that transformation can no longer be measured in years — only in months.

The opening sentence of the statement, quoted by major agencies and newspapers alike, leaves no room for interpretation: "Advanced AI models are expected to exceed current industry expectations and fundamentally transform both offensive and defensive cyber capabilities." Then comes the line that has become the headline of the warning: "The timeline is not years away. This is a matter of months."

Before examining the substance of the warning, it is worth introducing its source. The Five Eyes is an intelligence alliance comprising five English-speaking nations — the United States, the United Kingdom, Canada, Australia, and New Zealand — bound by the UKUSA Agreement for signals intelligence (SIGINT) cooperation. The alliance's roots trace back to secret meetings between British and American codebreakers at Bletchley Park in early 1941, before Washington entered the Second World War, and was formally established in an agreement signed on 5 March 1946 between London and Washington. Canada joined in 1948, followed by Australia and New Zealand by 1956.

The alliance's founding principle is the automatic sharing of signals intelligence among its members; the five nations agree, in principle, to share with one another everything they collect of this intelligence type, along with the methods and techniques used to gather it. This makes it one of the broadest and most comprehensive espionage alliances in the world.

Because the Five Eyes signing a single joint statement is an event reserved for major turning points, its latest communiqué carries significance that transcends its technical content. The statement was signed by the heads of the leading cybersecurity agencies of all five nations: the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre (NCSC-NZ), the UK National Cyber Security Centre (NCSC-UK), and the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

The danger of the warning lies in its temporal urgency. The five agencies caution that the pace of advanced AI development has made cyber threat scenarios and a transformation in cyber warfare a matter of months, not years. In language that amounts to an explicit acknowledgement of a double-edged sword, the agencies stated: "While AI will help us improve cyber defences over time, it also increases the speed, scale, and sophistication of cyber threats."

What is specifically meant is what are known as "frontier AI" models — the most advanced models available — which enable their users to conduct complex and potentially devastating intrusion operations at record speed. Press reports have cited specific models in this context, among them Anthropic's "Mythos" model and OpenAI's "GPT-5.5-Cyber", as examples of the capabilities that are alarming officials.

The intelligence agencies' concerns go beyond mere "speed" to the very nature of the technical weapon itself. Offensive AI grants hackers the ability to produce "polymorphic malware" — code that rewrites itself automatically every few seconds to evade traditional defence radars. Added to this is the weapon of "hyper-personalised social engineering", whereby models can analyse a target's digital behaviour and craft phishing messages that mimic the language of their friends or managers with a precision that leaves no room for doubt, while managing thousands of simultaneously targeted individual fraud operations at once and with negligible human effort.

The warning did not emerge in isolation from a tense regulatory context. Days before it was issued, Anthropic was compelled to disable a version of its Mythos model called "Fable" after the US government ordered it to suspend foreign nationals' access to its most advanced models, citing national security concerns.

At roughly the same time, CISA — one of the agencies that signed the statement — cut the window granted to government officials to address critical digital vulnerabilities in their networks to just 3 days, attributing the change to AI threats.

The warning carries within it an implicit geopolitical anxiety: that adversarial states such as China, Russia, Iran, and North Korea may rapidly acquire the capabilities that the United States has developed, thereby gaining offensive cyber tools that surpass anything currently available. This is what makes the narrow time window the greatest source of danger.

The geopolitical concern does not stop at adversaries using those technologies; it extends to "shadow wars" waged by the intelligence services of those countries to penetrate the fortresses of Silicon Valley technology firms, with the aim of stealing the "model weights" of sensitive AI systems. The danger lies in these raw parameters falling into the hands of state-sponsored hackers, who could then modify them and strip out all safety guardrails entirely, converting commercial and consumer models into weapons of mass cyber destruction, subject to no oversight or electronic tracking whatsoever.

As for the potential victims, Olivia Shin, an expert in national security and AI at the University of Sydney, paints a varied picture. Large companies that already invest in cybersecurity will be better prepared, while the most exposed remain small and medium-sized enterprises that have underinvested — becoming, in her words, easy prey in the line of fire. Field data points in the same direction: the Asia-Pacific region recorded a sharp surge in ransomware attacks at the start of 2026, reaching roughly 165% in India alone, driven by AI-assisted targeting.

In this context, the deepest existential vulnerability worrying the Five Eyes comes into focus: the sharp gap between "attack time" and "response time". Offensive algorithms operate at microsecond speed and make intrusion and destruction decisions in a fully automated fashion, while defensive systems — even the most advanced — crash against the wall of human bureaucracy and administrative protocols that require approvals and leadership decisions before any full network shutdown. This time gap between the machine's charge and the slowness of human decision-making is the critical space in which the attacker's superiority is decided.

The statement was not purely pessimistic; it took care to highlight the other face of the same technology. The five agencies called on defenders to harness AI to strengthen defences, by detecting vulnerabilities early and responding to incidents more quickly. As the statement noted, organisations that integrate AI tools into their security operations can identify vulnerabilities sooner, improve software quality, monitor unusual behaviour, and respond to incidents more rapidly.

The core practical advice remains faithful to the basics of cyber hygiene: patching flawed software quickly, limiting internet-facing systems to only what is necessary, restricting access to sensitive systems, and strengthening identity controls. Richard Horne, Chief Executive of the GCHQ-affiliated UK National Cyber Security Centre, summarised the warning's philosophy by stating that AI's growing capability demands a "step change" in collective cyber defence.

The statement did not pass without criticism. While experts acknowledged the soundness of its guidance, some regarded it as overdue. Rob Enderle, president of the Enderle Group, described the warning as "shockingly late", noting that AI-driven threats and deepfakes have been striking the enterprise landscape for some time. He added, however, that the guidance — though belated — remains consistent with the scale and gravity of the threat, and provides a necessary baseline for organisations seeking to catch up with current reality.

Others directed criticism at the statement's generality and lack of detail, to which CISA responded by pointing to its dedicated AI guidance website. Gary Barlett, a technical officer at a security company, expressed a deeper concern: that many organisations still believe they can "patch" their way out of the crisis, when attackers have always held the upper hand because they are not bound by the same constraints as defenders — a truth that only grows more pronounced in the age of AI.

The digital world, as the Five Eyes depict it, stands at a decisive threshold — one at which the very technology that promises stronger defence is itself transformed into an offensive weapon that surpasses the limits of traditional deterrence, within just a few months.

This frantic acceleration reveals a terrifying legislative vacuum in the international arena. To date, the world lacks anything resembling a "digital convention" or binding treaty to prohibit the proliferation of supreme cyber weapons. The absence of consensus among the great powers — the United States, China, and Russia — is turning the web into something resembling a lawless jungle.