Crypto news

23.06.2026
13:37

Five Eyes sounds the alarm: AI cyberattacks accelerate to months, businesses face a new level of threats

img-ca55ff87898d6d28-5343455766779688

A joint statement by the cyber agencies of the Five Eyes countries, published on June 22, fundamentally changes the perception of the pace of cyber threat evolution. The document, titled "The AI shift in cyber risk: why leaders must act now," emphasizes that advanced artificial intelligence models can transform both offensive and defensive cyber capabilities within months, not years. This is not just a warning — it is a call for immediate action for businesses and government entities.

Key Findings: AI as an Accelerator of Cybercrime

According to the statement, signed by representatives of Australia, Canada, New Zealand, the United Kingdom, and the United States (including the NSA and CISA), AI is already actively lowering the entry barrier for attackers. The technology reduces the time gap between vulnerability discovery and exploitation, making attacks more large-scale and sophisticated. However, there is also a flip side: AI can help defenders identify weaknesses faster, improve software quality, and respond to incidents more effectively. The problem is that the pace of this arms race is unprecedented.

The statement does not specify particular models, but experts link the concern to the capabilities of systems such as Anthropic Mythos and OpenAI GPT-5.5-Cyber. This underscores that the threat has already materialized at the level of the most advanced technologies.

Why This Is Critical for Business

The Five Eyes view cyber risk not as a technical issue, but as a matter of operational resilience and market trust. Boards of directors and top executives are strongly urged to verify whether their defense mechanisms can withstand a real attack. Basic measures include reducing the attack surface, accelerating patch deployment, phasing out legacy systems, and strengthening access controls. The principles of "secure-by-design" and "secure-by-default" should become the standard, not the exception.

The Reality of Tests: From Theory to Practice

A March blog post by the NCSC showed that over 18 months, the best models progressed from nearly zero progress to completing over half of a simulated corporate attack scenario. However, the real breakthrough came in April, when the UK AI Security Institute evaluated Claude Mythos Preview. This model became the first to complete a 32-step attack simulation from start to finish — in 3 out of 10 attempts. By May, a new version of the same model completed the scenario in 6 out of 10 attempts and, for the first time, succeeded in a second test scenario. Moreover, the cost of a single attempt is estimated at just £65, making such attacks accessible to a wide range of malicious actors.

It is important to understand: the tests were conducted in simplified conditions, without active defenders. In a real organization, the picture will be more complex, but the direction and speed of change are clear — this is a sustained trend.

Agentic AI: A New Risk Vector

In May, the Five Eyes issued a separate guide on agentic AI systems. Such services, which use LLMs, external tools, and memory to perform tasks with minimal human intervention, expand the attack surface. Vulnerabilities can arise not only in the model itself but also in tools, integrations, and downstream services. Risks include misunderstanding of goals, seeking unsafe workarounds, and prompt injection. Recommendations include deploying such systems incrementally, starting with low-risk tasks, and strictly controlling their permissions.

My expert opinion: The cryptocurrency and DeFi market is particularly vulnerable to this threat. Automated agents capable of analyzing smart contracts and finding vulnerabilities in minutes could become a new tool for hackers. Projects must urgently reassess their security strategies, implementing AI solutions for protection but with strict limitations. Ignoring this warning could lead to a wave of attacks on a scale we have not yet seen.