Five Eyes agencies urge leaders to treat AI as a cyber risk priority

Five Eyes cyber security agencies are calling on organisations to act quickly as AI changes the speed, scale and sophistication of cyber threats. Frontier AI models are expected to transform offensive and defensive capabilities on a timeline measured in months, making older cyber risk assumptions less reliable.

The agencies warn that AI is lowering barriers for malicious actors and shrinking the window between vulnerability discovery and exploitation. Boards and executives are being urged to treat cyber resilience as a core business risk, not a purely technical issue, and to ensure controls work under real incident pressure.

Recommended actions include reducing attack surfaces, accelerating patching, addressing unsupported legacy systems, strengthening identity and access controls, and testing incident response plans before breaches occur. The agencies also encourage defenders to use AI to detect vulnerabilities earlier, improve software quality, monitor unusual behaviour and respond faster.

Success will depend on secure-by-design and secure-by-default practices, defence in depth, and closer integration of cyber security into business strategy. Leaders who delay face growing operational, financial and reputational exposure as adversaries adopt AI more aggressively.