Five Eyes Urges Action on Frontier AI Threats
▼ Summary
– Five Eyes cybersecurity agencies warn that frontier AI will fundamentally transform cyber capabilities within months, lowering barriers for attackers and accelerating attacks.
– The agencies urge business leaders to prioritize cyber resilience now to avoid operational and strategic disadvantage, stating AI is already present.
– They recommend a “whole-of-organization” response focusing on basics, quick action, and integrating cybersecurity into core business strategy.
– Organizations should reduce attack surfaces, accelerate patching, address legacy systems, strengthen access controls, and prepare for inevitable incidents.
– AI can be used defensively to detect vulnerabilities earlier, improve software quality, monitor behavior, and respond faster to incidents.
The leaders of the Five Eyes cybersecurity agencies have issued a stark warning: frontier AI will “fundamentally” reshape both offensive and defensive cyber capabilities within a matter of months. In a joint statement released on June 22, the cybersecurity authorities of the UK, US, Canada, New Zealand, and Australia urged business leaders to prioritize cyber resilience or face “growing operational and strategic disadvantage.”
“AI is not a future consideration – it is already here,” the statement emphasized. “It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly. At the same time, AI offers powerful tools to strengthen defense.”
The group called for a “whole-of-organization” and “whole-of-society” response, centered on “getting the basics right, acting quickly, and integrating cyber security into core business strategy.” They warned that as AI uncovers more zero-day vulnerabilities, breaches will become inevitable. The focus, therefore, must be on preparedness to contain the fallout, alongside secure-by-design and default practices, as well as defense in depth.
Organizations should also integrate AI into their own security operations to “detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents,” the statement added.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the Five Eyes statement noted. “We must act before and be prepared to adapt and withstand evolving threats.”
To help organizations reduce their operational, financial, and reputational exposure, the agencies recommended five practical steps:
- Reduce the attack surface by limiting unnecessary system access and external connectivity, and isolating systems that don’t need to be connected.Graeme Stewart, head of public sector at Check Point, agreed with the Five Eyes assessment. “We need to see a global coalition on cyber collaboration, establishing a best-practice guide to protect businesses and government infrastructure,” he said. “The threat posed by AI is indeed massive, and tackling it goes well beyond the means of a single country.”Andy Ward, SVP international at Absolute Security, warned that this is “just the beginning” in terms of attacks that move at AI speed. “Without robust AI-powered cyber resilience strategies and real-time visibility in place, the UK risks sleepwalking into deeper vulnerabilities,” he added.
