The Five Eyes alliance has cautioned that cyber threats from advanced frontier AI are just "months" away.

      The Five Eyes intelligence alliance has released a joint alert warning that the upcoming generation of artificial intelligence could greatly enhance offensive hacking, and that the opportunity to prepare for it is diminishing rapidly.

      In a coordinated announcement, the intelligence agencies from the United States, the United Kingdom, Canada, Australia, and New Zealand emphasized the need for immediate action, providing a remarkably short timeline regarding the threat.

      “Cutting-edge AI models are expected to surpass current industry predictions, significantly altering both offensive and defensive cyber capabilities,” the statement indicated. “The timeframe is not years; it is mere months.”

      The agencies cautioned that AI models capable of inflicting substantial cyber damage could be available to the public in only "months," condensing the typical government risk assessment timeframe into something much more immediate.

      Much of the alliance's concerns revolve around the less glamorous technical aspects of how organizations are breached.

      The statement specifically pointed out vulnerabilities in legacy systems, slow patching cycles, unnecessary internet connectivity, poor identity and access controls, and a lack of pre-incident planning as areas that more advanced AI will quickly identify and exploit.

      These issues are not new; the implication is that AI will automate their exploitation, reducing the time between the detection of a vulnerability and an attack from weeks to a significantly shorter span.

      A weakness that once required a skilled human team several days to weaponize, the agencies suggest, could soon be transformed into a functional exploit by an AI model in a fraction of that time.

      The reminder of these fundamental issues was, in part, the point of the statement. It reiterated essential cybersecurity practices: patch promptly, avoid online system exposure unless necessary, and restrict access to sensitive information—guidance that defenders have received for years.

      The agencies also encouraged defenders to leverage AI against these challenges, recommending that organizations utilize AI “to enhance defense,” such as by identifying vulnerabilities more rapidly or responding to incidents more efficiently.

      This perspective reflects a year in which the distinction between offensive and defensive tools has blurred: Google researchers employed an AI system to detect a live zero-day exploit, and Anthropic documented models capable of revealing serious software vulnerabilities that could pose risks to financial institutions.

      The warning comes at a time of heightened urgency to bolster defenses before the capability gap broadens. Governments and vendors have been establishing cross-border cyber collaborations, and there are indications of the criminal use of AI, with researchers tracking AI-assisted cryptocurrency thefts linked to North Korean operatives.

      The Five Eyes statement effectively informs the broader cybersecurity community that such tools will soon be widely accessible.

      The alliance issued this alert with an unusually loud emphasis while redirecting organizations toward fundamental security practices, acknowledging that much of the harm still occurs through unlocked doors.

      What the statement did not provide was a specific deadline or regulatory framework, leaving the responsibility for response to individual organizations and national agencies. It also refrained from naming specific AI laboratories or models, opting for a general warning rather than targeting any particular developer.

      For defenders, the practical takeaway remains unsettlingly straightforward: although the advice hasn't changed, the time frame for action, according to the alliance, is now a matter of months instead of years.