The Five Eyes alliance sounds the alarm: AI-powered cyberattacks accelerate to months, not years

Cybersecurity agencies from the Five Eyes countries (Australia, Canada, New Zealand, the UK, and the US) have issued a joint statement warning that advanced artificial intelligence models will fundamentally reshape the cyber threat landscape within the coming months. The document, published on June 22, was signed by the NSA, CISA, and other key regulators.
AI as a Threat Accelerator
According to the alliance's analysts, AI is already scaling and complicating cyberattacks while simultaneously lowering the entry barrier for malicious actors. The technology shortens the time gap between vulnerability discovery and exploitation. However, it also provides defenders with powerful tools, from rapid vulnerability identification to automated incident response.
The document's key conclusion: the timeline for deploying new attack methods is measured not in years, but in months. This demands an immediate reassessment of cybersecurity approaches by both businesses and governments.
Practical Recommendations for Businesses
The Five Eyes emphasize that cyber risks are not just a technical issue but also a matter of operational resilience and market trust. Boards of directors are advised to verify whether their defense mechanisms can withstand a real incident. Basic measures include reducing the attack surface, accelerating patch deployment, phasing out legacy systems, and implementing secure-by-design principles.
The Reality of Autonomous Attacks
The warning is backed by concrete data. As early as March, the UK's NCSC noted that over 18 months, top AI models progressed from zero progress in a simulated attack to completing over half of the scenario. By April, the Claude Mythos Preview model became the first to fully complete a 32-step simulation of an attack on a corporate network—in 3 out of 10 attempts. By May, the same model completed the test in 6 out of 10 attempts.
Meanwhile, OpenAI released the full version of GPT-5.5-Cyber, which demonstrated 85.6% effectiveness on the CyberGym platform. The company also launched the Patch the Planet initiative for automated vulnerability remediation in open-source projects.
Special Risk: Agentic AI
Separately, in May, the alliance released guidelines on agentic AI systems. Such services, which use LLMs, external tools, and memory, expand the attack surface. Risks include misinterpretation of goals, prompt injection, and excessive access rights. It is recommended to deploy them incrementally, starting with low-risk tasks.
My analyst's comment: These tests are simulations without active defenders. In reality, attacks will be more complex, and defenders will not be passive. But the speed of AI agent progress is alarming: if today a model can breach an isolated network in 20 hours of "human" labor, tomorrow it will do so in minutes. The crypto industry, where smart contract vulnerabilities cost millions, should prepare for a new era of automated attacks.