Five Eyes Agencies: AI-Powered Cyberattacks Are Months, Not Years, Away

Summary: On June 22, cybersecurity chiefs from the five allied nations jointly warned that frontier AI models will enable attackers to conduct devastating campaigns at speeds and scales previously impossible without nation-state resources — and the timeline is months, not years.

Key Facts

• Who issued it: CISA (US), NCSC (UK), CCCS (Canada), ASD (Australia), NCSC (NZ) — the full Five Eyes cybersecurity apparatus acting in concert
• Primary threats: Industrial-scale hyper-personalized phishing generated from social media scraping; AI-assisted vulnerability scanning hundreds of times faster than human researchers
• Timeline: "Months, not years" — agencies believe frontier AI will exceed current public capability estimates faster than the industry appreciates
• Early evidence: India saw a 165% ransomware spike in early 2026, attributed to AI-assisted targeting; the advisory implies this is the leading edge of a global trend
• Recommended defenses: Integrate AI into security operations centers, patch legacy systems, restrict privileged access, and treat any compromise as a potential crisis-level event

Why It Matters

A joint warning from all five intelligence partners is rare — it signals shared classified assessments, not just public analysis. The timing follows Anthropic's disclosure that Claude Mythos found 10,000 high-severity vulnerabilities in critical infrastructure in weeks under Project Glasswing. What AI can do for defenders, adversaries will attempt to replicate. The window for organizations to prepare is narrower than most security teams have planned for.

Read More

• 'Act now': Five Eyes advisory — TechRadar
• CBS News report — CBS News
• The Register analysis — The Register