Menu
Data image

Five Eyes on AIs: the future of cyber threats

Posted on 14 July 2026

Reading time 4 minutes

What happened?

On 22 June, the Five Eyes intelligence alliance - comprising Australia, Canada, New Zealand, the United Kingdom and the United States - issued a rare joint statement warning that advanced AI models are likely to increase cyber risk for businesses and governments over the coming months.

The agencies advise that cutting-edge AI is expected to reshape both offensive and defensive cyber capability at pace, reiterating that cyber risk is a leadership issue with direct implications for resilience, continuity and trust, and not just a technical issue.

AI has already been observed making cyber intrusion activity more efficient, helping malicious actors identify weaknesses and develop exploits, especially against critical systems built on legacy or unsupported technology, or where AI models have been embedded in products to enhance productivity or automation without appropriate security guardrails.

Existing cyber threat activity is likely to be intensified by AI, rather than simply replaced by entirely new attack methods; capabilities such as reconnaissance, social engineering and malware creation are expected to become faster, more scalable, and more effective.

So what?

As organisations integrate AI models into business systems and operational environments, they create additional attack surface and new opportunities for exploitation - these risks can arise from misconfigured tools, poorly controlled system connections, and the use of unreliable or compromised models. Weak data retrieval processes, prompt injection, and vulnerabilities introduced by third-party suppliers or software components also contribute to these risks.

Beyond creating new technical vulnerabilities, AI is also increasing the effectiveness of social engineering and intrusion preparation. Threat actors can use AI to generate highly convincing phishing emails, fake websites and impersonation content at scale, while rapidly refining their approaches based on information gathered about an organisation’s people, processes and defences. As a result, traditional detection controls and user awareness measures may be less effective when relied upon in isolation.

The immediate concern, however, is the accelerated exploitation of known weaknesses, particularly as the window between vulnerability disclosure and active exploitation continues to narrow. AI-assisted vulnerability research and exploit development is expected to be one of the most significant shifts in the coming years, with vendors - such as Microsoft - already committing to leveraging such tools in their security development lifecycle.

The most advanced AI-enabled cyber operations are likely to remain concentrated among highly capable state actors with the investment, data and expertise to fine-tune models or build dedicated systems, with most other threat groups more likely to rely on commercial or open-source tools to enhance existing activity, as wider access to those tools is lowering the technical barrier to entry across criminal groups and hacktivists alike.

Although the Five Eyes statement does not identify specific models, recent developments involving Anthropic’s latest systems have already drawn regulatory attention. On 12 June, the US government imposed export controls on Anthropic’s newest models, Claude Fable 5 and Claude Mythos 5, highlighting the increasing level of government scrutiny being applied to advanced AI capabilities. These restrictions have subsequently been lifted on 30 June, with Anthropic advising that they have "instituted strong safeguards that greatly reduce the likelihood that Fable is misused for tasks related to cybersecurity."

What should I do?

AI can be used to strengthen defence by improving detection, investigation and response workflows, with many vendors already using this functionality to correlate large volumes of data, identify anomalies, flag suspicious behaviour, while supporting malware analysis and vulnerability identification. This value depends on visibility and control; if organisations do not understand their systems, identities, data flows and dependencies, having an AI-enabled defence in place will have limited effect.

The core message is simple - security foundations must be strong enough to make this approach effective, with those basics helping to reduce technical risk while limiting potential operational, financial and reputational exposure.

The Five Eyes agencies have recommended the following practical actions listed below:

  • Reduce your attack surface: Limit unnecessary system access and external connectivity. Challenge whether systems need to be exposed at all and isolate those that do not.
  • Accelerate patching processes: AI is shortening the time between vulnerability discovery and exploitation. Delays in patching increase risk, especially for operational systems with long update cycles. Prioritise security updates accordingly to manage risks.
  • Address legacy systems: Unsupported systems are easy targets. They are not just technical debt, they are strategic liabilities.
  • Review and strengthen identity and access controls: Limit who can access critical systems. Enforce strong authentication and regularly review permissions.
  • Prepare for incidents before they happen: Test response plans, train and prepare teams, and assume breaches will occur. Focus on fast containment and recovery.
How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

I'm a client

I'm looking for advice

Something else