AI Cyber Risk is evolving faster than many organizations can adapt, prompting a joint warning from the Five Eyes cyber security agencies. The agencies have called on business leaders, executives, and boards to act now, warning that advances in artificial intelligence are rapidly transforming the cyber threat landscape and shortening the time available to respond to emerging risks.
In a coordinated statement, the leaders of the Five Eyes cyber security partnership said that while AI has the potential to improve defensive capabilities, it is also accelerating the speed, scale, and sophistication of cyber attacks. They cautioned that developments in Frontier AI are expected to exceed current industry expectations and could fundamentally change both offensive and defensive cyber operations within months rather than years.
AI Cyber Risk Demands Immediate Attention
The agencies stressed that AI is no longer a future consideration. According to the statement, AI is already lowering barriers for malicious actors and increasing the complexity of attacks. At the same time, it is reducing the gap between the discovery of vulnerabilities and their exploitation.
As a result, organizations are being urged to assess their readiness, understand accountability structures, and strengthen foundational Cyber Security practices. The agencies emphasized that cyber resilience should be viewed as a critical component of business continuity, market confidence, and long-term organizational value.
Leaders were encouraged to remain actively engaged as threats continue to evolve and new guidance emerges.
Frontier AI Is Accelerating Cyber Risk
The Five Eyes agencies warned that Frontier AI models are advancing faster than many organizations anticipate and could fundamentally reshape both cyber attacks and cyber defence within months. As these systems evolve, long-standing assumptions about cyber risk, threat detection, and vulnerability management may quickly become outdated.
The agencies cautioned that organizations that fail to adapt could face growing operational and strategic disadvantages. They emphasized that leaders should not view AI-driven cyber risk as a future challenge but as an immediate business concern requiring proactive planning, continuous assessment, and investment in cyber resilience. As AI capabilities expand, the agencies said organizations must remain prepared for rapidly changing threats and emerging vulnerabilities that may challenge traditional security approaches.
Cyber Resilience Is a Leadership Responsibility
The Five Eyes agencies stated that Cyber Resilience can no longer be treated solely as a technical issue. Instead, it should be considered a core Business Risk and a leadership responsibility.
According to the statement, boards and executives must ensure that cyber resilience measures are not only implemented but are capable of functioning effectively during real-world incidents. The agencies noted that having security controls in place is not enough. Organizations must be confident those controls will perform under pressure.
They also called on leaders to reassess long-standing trade-offs and adopt AI deliberately to strengthen defensive capabilities rather than focusing exclusively on operational efficiency.
Key Cyber Security Principles Highlighted
The agencies identified several principles organizations should adopt to address evolving AI Threats.
They stated that Secure-by-Design and secure-by-default approaches should become standard practice rather than long-term goals. They also warned against relying on a single security solution, emphasizing that layered security remains essential.
The statement further noted that as AI systems continue to evolve, organizations should expect new and previously unknown vulnerabilities to emerge, including Zero-Day Vulnerabilities.
The agencies acknowledged that breaches are likely to occur and emphasized that preparedness is essential for containing incidents quickly and preventing them from escalating into larger operational and financial crises.
Practical Actions for Organizations
To reduce technical, operational, financial, and reputational exposure, the Five Eyes agencies outlined several practical actions.
Organizations were advised to reduce their attack surface by limiting unnecessary system access and external connectivity. They were also encouraged to accelerate patching processes, warning that AI is shortening the time available between vulnerability disclosure and exploitation.
The agencies highlighted unsupported legacy systems as strategic liabilities that can become easy targets for attackers.
They also urged organizations to review and strengthen Identity and Access Controls, limit access to critical systems, enforce strong authentication, and regularly assess permissions.
In addition, they recommended testing Incident Response plans, training teams, and preparing for breaches before they occur, with a focus on rapid containment and recovery.
Using AI to Strengthen Defense
The agencies noted that threat actors are already using AI to improve their capabilities and increase operational speed.
As a result, defenders must also embrace AI-driven security tools. According to the statement, organizations that integrate AI into security operations can improve vulnerability detection, enhance software quality, identify unusual activity, and accelerate response efforts.
The agencies emphasized that success will not depend on having the largest number of security tools. Instead, it will come from strong fundamentals, rapid action, and integrating cyber security into core business strategy.
Five Eyes Call for Collective Action
The Five Eyes leaders concluded that assumptions about cyber threats can become outdated within months due to the rapid pace of AI development. They urged organizations, including technology vendors, to act now, strengthen resilience, and remain prepared to adapt to changing threats.
The agencies said leaders who move quickly can reduce exposure, strengthen resilience, and build trust among customers, partners, and investors. Those who delay, they warned, face growing and avoidable risk.
