Five Eyes warns AI may defeat defenses within months

The Five Eyes intelligence alliance says frontier AI could make current cyber-risk assumptions obsolete in months, not years—urging governments and businesses to update defenses fast. The warning comes as Anthropic suspended access to its Mythos models and res

The alarm in this warning isn’t about a future that might arrive. It’s about how quickly the clock is running out.

In a joint statement dated Monday. the Five Eyes spy agency alliance—Britain. the United States. Australia. Canada and New Zealand—warned that the most advanced AI models are improving fast enough to outsmart prevailing cybersecurity know-how within months rather than years. The message was direct: risk assumptions can be outdated before organizations finish adjusting.

The advisory framed the threat in practical terms. AI “lowers barriers for malicious actors and increases the speed and complexity of attacks,” it said. “Breaches will occur.” The point, the statement added, is not panic—it’s readiness. “Preparedness helps you contain them quickly and prevent escalation into major operational and financial crises.”.

To close that gap. the agencies urged organizations to take steps that look less like buying a single tool and more like rebuilding how defenses operate day to day. They said businesses and governments should integrate AI tools into security operations. update old systems. and limit access to critical systems.

The warning lands after growing public attention to AI models being able to find security weaknesses. It followed startup Anthropic’s April announcement that its cutting-edge Mythos models had “unprecedented abilities to find software vulnerabilities.”

That background matters because Anthropic’s own actions show the pressure governments are putting on frontier AI. This month, Anthropic suspended access to Mythos 5 and a restricted version called Fable 5 to comply with a U.S. national security order. Then. just days after publicly launching Fable 5. the company said it received a government directive banning all foreign nationals from accessing the two models.

The timing is hard to miss. A White House that has pushed to loosen AI oversight—while also moving to block states from writing their own rules—has still intervened heavily when it comes to who can use specific frontier models.

For Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, the Five Eyes message sounded like a familiar message with a sharper deadline. “It’s pretty alarming,” Krebs told CBS News. “The past several months have been a bit of a whirlwind in terms of advanced AI,” he said.

He also argued that the warning. even if it isn’t a single new event. carries weight because it forces businesses to update their own assumptions. “This note from the Five Eyes intelligence agencies. while not really a single development. it’s a signal that businesses need to take the risk posed by AI falling into the wrong hands very seriously. ” Krebs said.

Krebs said the statement lays out steps organizations can take that are “discrete and achievable”—moves designed to make targets harder and faster to recover. He described it as a preparation for a coming “vulnerability tsunami,” calling for organizations to become “more agile, more resilient.”

Taken together, the message from Five Eyes and Anthropic’s restrictions paint the same picture from two directions: AI capabilities are moving ahead quickly, and the cyber world is being asked to catch up just as governments tighten access to the most powerful systems.

For organizations, that means the hardest part won’t be understanding the risk. It will be updating defenses and operational habits fast enough that “months” still feels like enough time.

Five Eyes cybersecurity AI risk frontier AI Anthropic Mythos 5 Fable 5 software vulnerabilities cyber defense national security order Chris Krebs