The Five Eyes sounds the alarm: AI cyberattacks accelerating to "months, not years"

The cyber agencies of the Five Eyes countries — Australia, Canada, New Zealand, the United Kingdom, and the United States — have issued a joint statement that should compel a reassessment of cybersecurity approaches at all levels. The document, published on June 22, warns that advanced AI models could fundamentally alter the balance of power in cyberspace within months.
The key thesis of the statement is that AI is already actively accelerating, scaling, and complicating cyber threats. According to experts, advanced models could surpass current industry expectations, significantly expanding both offensive and defensive capabilities. "The timeline is measured not in years, but in months," the document emphasizes.
New Reality: Lowering the Entry Barrier and Accelerating Vulnerability Exploitation
The authors note that AI lowers the entry barrier for attackers while simultaneously shrinking the window between vulnerability discovery and exploitation. However, the technology also works on the defensive side: it helps find weaknesses faster, improve software quality, monitor anomalies, and respond to incidents.
The Five Eyes describe cyber risk not merely as a technical problem but as a matter of operational resilience and market trust. Boards of directors and top executives are advised to ensure that protective mechanisms not only exist but can withstand a real incident. Basic measures include reducing the attack surface, accelerating patch deployment, phasing out legacy systems, and strengthening access controls.
From Theory to Practice: AISI Tests and New Models
The Five Eyes warning is backed by specific data. In March, the UK's National Cyber Security Centre (NCSC) reported that over 18 months, the best models progressed from near-zero progress in a simulated attack to completing over half of the scenario. In April, the UK AI Security Institute (AISI) published an evaluation of Claude Mythos Preview — the model became the first to complete a 32-step simulation of an attack on a corporate network from start to finish in 3 out of 10 attempts. By May, a newer version of the same model completed the test in 6 out of 10 attempts.
Meanwhile, on June 22, OpenAI released the full version of GPT-5.5-Cyber, which set a new efficiency standard on the CyberGym platform with a score of 85.6%. The company also announced the Patch the Planet initiative to support open-source projects.
Agentic AI: A Separate Headache
In May, the Five Eyes issued a separate guide on agentic AI systems. Such services, which use LLMs, external tools, and memory to autonomously perform tasks, expand the attack surface. Vulnerabilities can arise not only in the model but also in tools, integrations, and downstream services. It is recommended to deploy agentic AI in stages, starting with low-risk tasks, and to carefully control access rights.
My Expert Commentary: The cryptocurrency market, where speed and automation play a critical role, is particularly vulnerable to such threats. Investors and projects should immediately reassess their security strategies, paying special attention to protection against AI-driven attacks and implementing secure-by-design principles. Ignoring this warning could result in catastrophic losses.