The US, UK, Canada, Australia, and New Zealand issued a rare joint advisory saying capable AI will reshape cyber offense and defense on a months long horizon, and put the responsibility squarely on business and government leaders.
The five Western signals-intelligence agencies that make up the Five Eyes, namely Australia, Canada, New Zealand, the United Kingdom, and the United States, have done something unusual. They have gone public, together, with a warning that the most capable AI systems are on the verge of reshaping cyber offense and defense on a timeline measured in months, not years. The joint advisory, issued late Monday Sydney time and reported by The Guardian, frames "frontier AI" (the most capable current and near-future AI models) as an imminent force multiplier for both attackers and defenders, and presses business and government leaders to "act now" rather than treat the threat as a future planning problem.
The statement's core claim is blunt. "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months." It goes on to argue, per the same Guardian report, that AI "would help us improve cyber defence over time" while also "accelerat[ing] the speed, scale, and sophistication of cyber threats," and that AI advances "lower barriers for bad actors" while increasing the speed and complexity of attacks.
This is a posture shift, not a primer. Five Eyes joint advisories on cyber threats are not new, but a public, on-record joint statement that names frontier AI as a months-horizon risk to governments and businesses is rare. The agencies are explicit that the work is not technical alone. "Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility." The next breach or ransom incident tied to AI tooling is now a board-level accountability problem, not just a CISO problem.
The temporal compression is part of the news. The Guardian also reported this month that the Trump administration moved to block foreign nationals from using an Anthropic AI model called Fable — a step that one industry analyst, Olivia Shen, framed as a signal that "the next Mythos or the next Fable is just around the corner." The Five Eyes warning, by contrast, is not about a single product. It is about the capability class. Read together, the two moves mark the first time that AI risk classification is being led publicly by intelligence agencies, not by labs, safety institutes, or regulators acting alone.
What to watch next: any peer advisory from other major cyber agencies, including the European Union Agency for Cybersecurity (ENISA), Japan's JPCERT/CC, and Singapore's Cybersecurity Agency, that echoes the months-not-years timeline; the scope and durability of any foreign-national block on AI models; and whether the Five Eyes follow this public statement with operational guidance for critical-infrastructure operators.