Five Eyes says the clock on cyberattacks has shifted from years to months as new AI systems lower barriers for attackers and accelerate the pace of complex strikes. The warning lands after moves by the U.S. government that block access to Anthropic’s Mythos 5
By June 22. the warning was already stark: “The timeline is not years. it is months.” For Five Eyes—an intelligence alliance dating back to World War II that brings together Australia. Canada. New Zealand. the United Kingdom and the United States—that wasn’t rhetoric. It was a time constraint, tied directly to a change in the way cyberattacks can be carried out.
The newest AI technology, the group warned, “lowers barriers for malicious actors and increases the speed and complexity of attacks.” In other words: the gates are widening, and the chase is speeding up.
The concern has not stayed abstract. Two new models have been shown capable of something that makes most security teams think in alarms, not abstractions. Anthropic’s Mythos 5 and OpenAI’s GPT-5.5 have each proven capable of independently planning and carrying out a full takeover of a simulated corporate network. The implication is immediate for anyone who has watched real-world intrusions unfold: a single hacker could do what once required a large team. according to AI security expert Michael Alexander Riegler of Simula Research Laboratory in Oslo. Norway.
These models, Riegler says, can do more than just coordinate. They can find and exploit security holes in operating systems, browsers and other software at an expert level—something that could leave defenders “scrambling to patch vulnerabilities.”
Riegler describes the new rhythm in cybercrime like this: “It will be again this cat-and-mouse game of who finds the hole first, who closes it first, or who exploits it first. Just at a much higher speed than we see now.”
The Five Eyes warning also comes in the wake of actions by the U.S. government that have added urgency on the policy side. The U.S. has barred Anthropic from allowing foreign nationals access to Mythos 5 and another new model, Fable 5, citing national security concerns.
Mythos 5. according to the account here. had been made available only for cyber defenders to help identify and fix vulnerabilities before the technology could land in the hands of bad actors. Fable 5—described as a version of the same model loaded with extra safeguards geared toward preventing its misuse in cybercrime—was available to the general public for only a few days.
That sequence—restricted access on national security grounds. short public availability for a guarded variant. and rapid demonstrations of capability—has helped fuel two competing ways of reading the moment. Is this the start of something unavoidable and close?. Or is it something companies and governments are amplifying for attention and leverage?.
When Science News asked Riegler about the risks and the reality, he pushed back against the idea that the latest models are the only danger.
“In the last months, we heard a lot about Mythos and how dangerous it is. And I agree that AI has a lot of security risks,” he said. The key shift. in his view. is that when model capability rises. the time from discovering an issue to exploiting it can become very short—because the pipeline can be automated. But Riegler also stressed that the threat is not restricted to the newest releases: “It’s not just the latest models [that] are a security threat. but also other models that are already available. If you know how to use them, you can … do quite bad stuff.”.
He pointed to tools such as Claude Code as an example of how automation can make harmful work more efficient. “Tools like Claude Code make it much, much more efficient to code,” he said. The practical effect, in his telling, is that attackers could use multiple AI agents in parallel to probe for vulnerabilities. Before. he said. organized cybercrime teams might require “a group of two to three hundred hackers.” Now. he suggested. the model-driven approach could mean “you maybe just have to buy 300 GPUs [specialized computer chips used to run AI] and you can do similar things.”.
That brings the focus back to Mythos itself—and why people are watching that specific name so closely.
Riegler’s answer is blunt: he thinks some of the concern is shaped by marketing incentives. If an organization says it is sitting on something too dangerous to release. he argued. “a lot of people will get really interested” in the access. “It’s a bit of a show,” he said, and he believes the U.S. government and Anthropic are “focusing on the wrong problem.”.
So what is the right problem? Riegler argued that cybersecurity risk is not only about the model. It’s about the system around it: what tools are provided, whether the model has access to the internet, and whether it can test its own code.
In his testing. he described building a system that could hack a website and find security holes there. then also hack a network and try to find security holes. He also described using AI to “break another AI and get it to do things it shouldn’t do.” In his assessment. the system is “quite flexible.”.
There is a grim symmetry in that flexibility—especially for defenders. Asked whether it matters that security teams can access the same kinds of tools as attackers. Riegler said testing becomes more efficient. “I think. in the end. it will balance itself out. ” he said. returning to the cat-and-mouse framing: defenders and attackers both race to find. close. and exploit vulnerabilities—only now at “a much higher speed than we see now.”.
For individuals, the recommended steps are not cinematic, but they are concrete. Riegler said people should be “even more careful about using different passwords for different services.” He also urged keeping software “up to date all the time” and using two-factor authentication.
For companies and public agencies, his message was more urgent. When he speaks with security experts, he said, many are still behind; “Some of them are very scared, others are not at all.” But, he added, they have to take AI security risks seriously and not treat them as something far away.
The human takeaway from Five Eyes’ warning isn’t just that AI can be misused. It’s that the cycle of attack and defense may be compressing faster than many organizations are used to. And once the time from discovery to exploitation shrinks. the margin for error—technical. procedural. and political—doesn’t just get smaller. It disappears.
AI cybersecurity Five Eyes Mythos 5 GPT-5.5 Fable 5 cyberattacks vulnerability exploitation two-factor authentication Simula Research Laboratory Michael Alexander Riegler