AI models capable of launching major cyberattacks that could overwhelm the defences of governments and businesses are months – not years – away, an international alliance of intelligence agencies warned in a joint statement.
The Five Eyes grouping, comprising the United States, United Kingdom, Canada, Australia and New Zealand, urged governments and corporate leaders to “act now” to improve their defences against sophisticated cyber threats.
The rare call to action comes after the Trump administration ordered AI giant Anthropic to suspend use of its most advanced models by foreign nationals, and highlights the growing unease among western nations about the emerging capabilities of the technology.
“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the group of spy agencies said in the statement on Monday.
“The evolving landscape of artificial intelligence (AI) is rapidly transforming cyber risk, and we must act swiftly to remain ahead.”
AI researchers and executives have expressed various safety concerns over the advancing technology, which the Five Eyes leaders described as being able to lower “barriers for malicious actors and increases the speed and complexity of attacks.”
AI experts said the message is “really stark” and could have worrying implications, not just for governments and corporations, but for small and medium businesses around the world.
“What it was saying is that in an age of AI, breaches will occur. It’s not a matter of if, but when, so it’s important to get prepared now,” Olivia Shen, director of the Strategic Technologies Program with the United States Studies Centre at the University of Sydney, told CNN.
The U.S. administration’s broad directive against Anthropic’s Mythos 5 and Fable 5 models was one of the furthest-reaching actions a government has taken in response to the advanced capabilities of an AI model.
Mythos had raised widespread cybersecurity concerns because the company said it was extremely adept at finding security flaws. But Anthropic said it believed the U.S. government had “become aware” of a method of “jailbreaking” its public Fable model, or getting around its internal safety guardrails. Anthropic and the administration have been meeting to try and resolve the issue.
“The really key lesson for this is that AI capabilities are evolving incredibly rapidly,” Shen said, adding that even though the world’s attention is currently on Anthropic, someone else could produce the next highly capable one.
Everyday businesses most at risk
To counter the threat, businesses and leaders should invest in cyber defences, upgrade old systems or patch faulty software, and limit who has access to critical systems, the Five Eyes leaders said.
And though AI is being used by adversaries to “move faster and more effectively,” it is also part of the solution, they added.
“Organizations that integrate AI tools into their security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour, and respond faster to incidents,” the security alliance said.
Shen, the AI and national security expert, said there was a “massive gap” in the defences of many governments and businesses.
“Sophisticated businesses, usually your large corporations, they already invest in cybersecurity, and they’ll be better prepared,” she said. “The ones who are more exposed will be those small and medium-sized businesses who maybe have under invested so far, and they’ll basically be like sitting ducks.”
AI models are advancing at warp speed, and independent assessments have shown some models are now reaching expert levels of cyber capability. That pace has seemingly left lawmakers attempting to put in guardrails fighting a losing battle.
Currently there is no transparent, consistent framework for regulating AI in the United States. While some experts say the government should be involved in conversations about AI safety, others argue the result could stifle the industry.
Dozens of cybersecurity researchers, AI entrepreneurs, and corporate executives this month signed an open letter urging the Trump administration to commit to “an open, scientific and transparent process of handling AI risk assessments” and said it was “essential” for security teams to “find and fix flaws in their own newly-written as well as decades of legacy code faster than our adversaries.”
Shen acknowledged there is a “tightrope” to walk but said there needs to be some “ground rules.”
“We know these technologies can be used for both defensive and offensive purposes, and we need a few more guardrails about how we can maximize the benefits for defensive cyber security, while gate keeping it away from potential cyber adversaries and scammers and cyber criminals,” she said.
By Helen Regan, CNN
