Five Eyes security alliance issues warning on AI risks

The Five Eyes intelligence sharing alliance, comprised of Australia, New Zealand, the US, UK and Canada, has issued a stark warning about the threat AI poses to the cybersecurity landscape.

The warning noted that while AI can boost defensive cybersecurity, threat actors can also weaponise it to increase the scale, speed, and sophistication of their malicious activities.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the joint statement said.

It also noted AI threats aren’t just a technical issue anymore, but a core business risk and leadership responsibility. Controls, the alliance said, aren’t enough, and leaders must be confident those controls will perform during a real incident. AI can’t just be used to increase efficiency; instead, it must be used as a defensive measure.

The core principles for defending against AI threats, according to Five Eyes, includes both secure-by-design and secure-by-default becoming standard practice, along with an understanding resilience can’t depend on a single technology or solution, with defence in depth remaining "essential".

Leaders must also be aware that as AI systems evolve, new and previously unknown vulnerabilities will emerge, including zero-day vulnerabilities.

Practical actions organisations can take now, the alliance stated, range from reducing the attack surface and accelerating the patching process to addressing legacy systems, which Five Eyes called "strategic liabilities".

Organisations are also advised to review and strengthen identity and access controls and prepare for incidents before they happen; this means testing response plans, training and preparing teams, and assuming breaches will occur.

“Focus on fast containment and recovery,” Five Eyes said.

It also emphasised the importance of using AI as a defensive measure. Organisations that integrate AI tools into their security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour, and respond to incidents faster, the alliance said.

“Cyber resilience is not an IT issue - it is central to operational continuity and market trust," the statement read.

“Leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners and investors. Those who delay will face growing and avoidable risk.”