The Five Eyes raise the alarm: AI cyberattacks accelerate to months, not years

Cybersecurity agencies from the Five Eyes countries — Australia, Canada, New Zealand, the United Kingdom, and the United States — have issued a joint warning that changes the game for the entire industry. According to the report The AI shift in cyber risk: why leaders must act now, published on June 22, advanced AI models are capable of fundamentally transforming both offensive and defensive cyber capabilities within months.
AI Erases Timeframes
The statement emphasizes: "Timeframes are measured not in years, but in months." This is not mere rhetoric. Artificial intelligence is already lowering the barrier to entry for attackers, accelerating the detection and exploitation of vulnerabilities. At the same time, the technology provides defenders with tools for faster identification of weaknesses, improved software quality, and incident response. However, the balance of power is shifting in favor of attackers.
Although the document itself does not name specific models, it is clear that it refers to the latest developments from Anthropic and OpenAI. My sources confirm that it is precisely the Claude Mythos and GPT-5.5-Cyber class models that have catalyzed this warning.
What Business and Government Must Do
The Five Eyes insist: cyber risk is not a technical problem but a matter of operational resilience and market trust. Boards of directors and top management are urged to immediately reassess protective mechanisms. Basic measures include reducing the attack surface, accelerating patch deployment, phasing out legacy systems, and strengthening access controls. The key principle is secure-by-design: systems must be built with security in mind from the outset.
Alarming Tests
A March blog from the NCSC showed that over 18 months, the best models progressed from near-zero progress to executing over half of a corporate attack scenario. In April, the UK AI Security Institute (AISI) reported that Claude Mythos Preview, for the first time, fully completed a 32-step simulation of an attack on a corporate network — in 3 out of 10 attempts. By May, the success rate had risen to 6 out of 10, and the model completed a second test scenario.
OpenAI, in turn, on June 22 released the full version of GPT-5.5-Cyber with an efficiency rating of 85.6% on the CyberGym platform. The company also launched the Patch the Planet initiative to automate vulnerability remediation in open-source projects.
Agentic AI: A New Threat Frontier
In May, the Five Eyes issued a separate guide on agentic AI systems. Such services, which use LLMs and external tools, expand the attack surface and create risks of misbehavior, from prompt injection to gaining excessive privileges. It is recommended to deploy them gradually, starting with low-risk tasks.
My analysis: The industry is at a bifurcation point. If before we talked about potential AI threats, now they have become a reality. The speed at which models master complex attack chains requires businesses not just to update security policies, but to completely overhaul their defense architecture. Those who postpone this for "later" risk becoming the first victims of autonomous cyberattacks.