The security agencies of the US, UK, Canada, Australia, and New Zealand have issued a rare joint advisory warning that frontier AI models are on track to overwhelm existing cybersecurity defenses faster than governments and businesses are prepared for. The statement, published on June 22, marks one of the most significant collective intelligence warnings on AI risk to date.
The advisory does not treat AI-enabled cyberattacks as a distant prospect. The five agencies are explicit: the window of vulnerability is measured in months, not years. That timeline stands in stark contrast to how most organizations have been planning. Governments, critical infrastructure operators, and enterprise security teams have been urged to act immediately.
The warning carries unusual weight, not just because of its content, but because of who issued it. Agreement among all five agencies is itself a significant signal, and it comes at a moment when the capabilities of the AI models underpinning these risks are no longer theoretical.
What the Advisory Actually Says
The three-page joint statement singles out so-called frontier AI models as presenting a step change in offensive cyber capability. These models, the agencies warn, lower the barrier for malicious actors to identify vulnerabilities, craft exploits, and execute sophisticated attacks at a speed and scale that existing defenses were not designed to handle.
The timeline pressure is already reflected in concrete policy changes. The US Cybersecurity and Infrastructure Security Agency (CISA) moved earlier this month to cut the deadline for government officials to remediate serious digital vulnerabilities to just three days, citing the accelerating threat landscape driven by AI.
The advisory also highlights the asymmetric nature of the problem. AI does not need to be uniquely powerful to cause serious harm. It only needs to be faster and more accessible than the defenses it is targeting.
Brad LaPorte, Chief Marketing Officer at Morphisec and a former military intelligence operator with experience running FVEY systems, framed the stakes plainly: “Five intel agencies just agreed on something. That alone should worry you. The Five Eyes put a clock on AI in cyber. Months, not years,” he said.
“When the people doing signals intelligence for five governments tell you the timeline is months, you don’t file it.”
The Anthropic Precedent
The advisory’s urgency is not without precedent. Anthropic’s Mythos-class AI models have demonstrated in real-world testing that successive iterations of AI are getting measurably better at breaking down cyber defenses. Each new generation has pushed further than the last in its ability to identify software flaws, analyze complex codebases, and, in some cases, weaponize what it finds.
That trajectory caught the attention of the US government in concrete terms. Earlier this month, the Commerce Department issued an emergency export control directive ordering Anthropic to suspend access to its two most advanced models, Fable 5 and Mythos 5, for all foreign nationals regardless of where they are located. The restriction applies to foreign nationals inside the US, including Anthropic’s own employees who are not American citizens.
The trigger was a potential jailbreak identified by Amazon researchers, who were able to circumvent some of the anti-hacking guardrails built into Fable 5. The technique involved prompting the model to read a specific codebase and identify software flaws.
Anthropic pushed back on the directive, arguing that this capability is not unique to its models and that removing these tools from defenders without clear justification does more harm than good. A group of nearly 80 cybersecurity professionals, including CEOs, CISOs, and security researchers, co-signed a letter to Commerce Secretary Howard Lutnick making the same case. The government has so far held its position.
The Recommendations and the Question They Leave Unanswered
In closing, the Five Eyes advisory repeated the baseline principles for organizations looking to reduce their exposure. The core guidance: patch faulty software without delay and reduce attack surface by keeping systems offline unless operationally necessary. The agencies also recommended deploying AI defensively and using the same class of tools adversaries are weaponizing to find weaknesses before attackers do.
CISA’s new three-day remediation window for critical vulnerabilities underscores how seriously the agencies view the pace of the threat. Organizations still operating on monthly or quarterly patching cycles are already behind the curve.
The harder question is how long any of these measures will remain sufficient. The advisory is candid on this point: frontier models are advancing at a pace that makes current risk assumptions obsolete quickly. The defenses that are adequate today may not hold in six months, not because they will fail in some singular, dramatic event, but because the tools available to attackers will have quietly improved beyond them.
That is the central tension the Five Eyes are asking organizations to confront. The recommendations are sound and implementable today. But they are calibrated against today’s models, and the advisory itself acknowledges that the next generation is already in development.
