Five Eyes orders "whole of society" response to AI security crisis set to erupt in "months"
Intelligence agencies fear frontier AI risk is about to undergo a rapid takeoff - requiring a profound technological and philosophical shift.
Western intelligence services have warned that AI could trigger a dangerous escalation in the speed and intensity of cyber attacks on critical systems within “months”.
In an unusually urgent warning, the Five Eyes alliance said frontier AI models are advancing so rapidly that existing security practices risk becoming outdated.
The agencies warned that AI is lowering barriers to entry for cyber criminals while dramatically shrinking the gap between vulnerability discovery and exploitation.
The Five Eyes is an intelligence-sharing alliance between the United States, the United Kingdom, Australia, Canada, and New Zealand.
The group is typically measured in its public statements. But its latest written guidance - which the AI detector GPTZero told us was of "mixed" human/ machine origin - is the starkest warning it has issued on the security implications of frontier AI.
In a statement signed by six senior cybersecurity officials — including two representatives from the United States and one each from the other Five Eyes nations — the alliance urged leaders to “act now” and spearhead a “whole-of-organization and whole-of-society response” to the emerging threat.
"The evolving landscape of artificial intelligence (AI) is rapidly transforming cyber risk, and we must act swiftly to remain ahead," it wrote.
"Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."
Mitigating the AI threat
The Five Eyes message is simple: fight AI with AI. It advised defenders to adopt AI-powered security tools to detect vulnerabilities earlier, monitor suspicious activity, and respond to attacks more quickly, warning that organizations that fail to adapt risk falling behind attackers using the technology.
The intelligence agencies also urged leaders to assess cyber risk, strengthen basic security controls, empower security teams, and remain actively engaged as AI-driven threats evolve.
Organizations should reduce their attack surface, patch vulnerabilities more quickly, replace legacy systems, tighten access controls, and prepare for inevitable breaches by conducting regular testing and incident response exercises.
The Five Eyes warning comes after the Trump administration ordered an export ban on Anthropic's latest Claude Fable 5 and Mythos 5 models, prompting the AI firm to abruptly shut down public access to both powerful systems.
The White House imposed the restrictions because it "believes it has become aware" of a jailbreak in Fable 5, which allows it to identify vulnerabilities, Anthropic announced. Washington's order means no foreign national can access the latest versions of both Fable and Mythos due to national security concerns about their cyberwarfare capabilities.
Pushing back, Anthropic said the jailbreak only found a "small number" of minor, previously known bugs that other publicly available models can also discover without needing to bypass safety guardrails.
Critical infrastructure under threat
The ban is intended to prevent rival nations and criminal actors from using the very latest AI systems to target organizations and critical infrastructure.
But Gary Barlet, Public Sector CTO at Illumio, on Five Eyes’ warning on frontier AI, described the belief that restrictions on Anthropic's model would keep the threat at bay as "wishful thinking", warning that conventional protections may be insufficient to deal with the escalating threat.
He said: "What worries me is that too many organizations still think they can patch their way out of this problem. We couldn't keep up before AI, and we certainly won't keep up after it. Attackers have always had the upper hand because they don't operate under the same constraints as defenders, and that's even more true in the age of AI."
The Five Eyes announcement comes after the chief executive of Britain's National Cyber Security Centre (NCSC) said that both criminal and nation-state attackers will be exploiting vulnerabilities in legacy tech across critical national infrastructure "at scale" by 2028, posing a threat not just to businesses, but civilizations and civilization itself.
NCSC boss Dr Richard Horne also revealed that the UK has experienced 200 attacks on critical infrastructure since January, three-quarters of attacks coming from state-backed actors.
READ MORE: Chinese IoT ‘kill switches’ could disable Britain’s critical systems and infrastructure, MPs warn
Dr. Ric Derbyshire, Principal Security Researcher at Orange Cyberdefense, said that targeting infrastructure could cause a physical and psychological shock to society, demoralizing the population and reducing their trust in the state by degrading the services that enable the comforts of modern life in the West.
“Undermining societal trust is often a primary objective for state adversaries, and cyber-attacks against critical national infrastructure and public services are an effective way to achieve that, he said.
"When critical services are disrupted, people who rely on them every day begin to lose confidence in the institutions around them. In many cases, the technical impact of a cyber incident is less important than the uncertainty and doubt it creates, making the intrusion itself simply the delivery mechanism for a wider cognitive effect.
"The rapid advancement of AI will add another dimension to this challenge. The concern is not only how frontier models may be used by sophisticated state actors, but how the threat landscape may change as increasingly capable open-weight models become widely available.
"As these models mature, they will democratise access to capabilities that were previously limited to well-resourced actors, allowing a much broader range of adversaries to increase the scale, speed and sophistication of their operations."
The philosophy of AI acceleration
It's hard to see how Trump's blocks on frontier models will materially impact the threat. At best, it might slow down the progress of offensive AI globally - but not forever and perhaps not even for very long.
This means that answering the question of whether to ban or step aside and let innovation run unmoored is a classic lesser-of-two-evils dilemma. But there may be a third way between the twin horns of a classic conundrum.
In a new paper published in Law, Ethics and Technology, philosopher James Brusseau of Pace University in New York City and the University of Trento in Italy, set out a new framework for "acceleration AI ethics" which optimistically states that the safety risks generated by innovation will be overcome by the same innovative forces that created them.
READ MORE: The Silicon Age Collapse: Systemic risks that could derail digital civilization
“The Mythos episode is the kind of dilemma this paper addresses,” Brusseau said. “The standard debate asks us to choose between innovation and safety.
"Acceleration ethics tries to dissolve their opposition. It asks how the underlying ethical forces driving innovation can subsequently produce safety.”
The framework suggests risk will be answered by AI advances, calling for decentralized governance with rules generated by users and "actual use" rather than "pre-emptive external control".
Brusseau's Acceleration ethics essay is published in Law, Ethics and Technology.
