Five Eyes Warn of Accelerating AI Cyberattacks

The Five Eyes nations warn that advanced AI models could significantly enhance cyberattack capabilities, urging businesses to reassess their cybersecurity measures.

Advanced AI models could transform offensive and defensive capabilities in cyberspace within months rather than years, warned the cyber agencies of the Five Eyes nations. The authors urged companies and government entities to urgently reassess their risk approaches.

The joint statement, titled The AI shift in cyber risk: why leaders must act now, was published on June 22. It was signed by representatives from the cyber agencies of Australia, Canada, New Zealand, the UK, and the US, including the NSA and CISA.

What the Cyber Agencies Said

The statement indicates that AI is already accelerating, scaling, and complicating cyber threats. According to Five Eyes, advanced models could exceed current industry expectations and significantly alter both offensive and defensive capabilities.

“Timelines are measured in months, not years,” the document states.

The authors emphasize that AI lowers the entry barrier for attackers and reduces the window between vulnerability detection and exploitation. At the same time, the technology can assist defenders in quickly identifying weaknesses, improving software quality, monitoring anomalies, and responding to incidents.

The Five Eyes statement does not name specific developers or models. Reuters linked the warning to concerns from officials about the capabilities of models like Anthropic Mythos and OpenAI GPT-5.5-Cyber. CyberScoop cited other examples, including Anthropic Fable 5 and OpenAI Daybreak. These names refer to journalistic context rather than the statement itself.

Why This Matters for Business

Five Eyes describe cyber risk not just as a technical issue but as a matter of operational resilience, market trust, and leadership accountability. Boards and executives are advised to ensure that protective measures are not only in place but can withstand real incidents.

Among the basic measures highlighted by the agencies are reducing the attack surface and external system accessibility, speeding up security update installations, phasing out unsupported legacy systems, enhancing access control and authentication, and preparing for incidents before they occur.

The authors also stress the principles of secure-by-design and secure-by-default: systems should be designed with security in mind from the outset, rather than being patched after threats emerge.

Insights from the March NCSC Blog

The Five Eyes warning comes amid rapid growth in autonomous AI cyber capabilities. It is important to distinguish between several different sources: the March NCSC blog, the April assessment of Claude Mythos Preview, and later evaluations from AISI.

On March 30, the UK’s National Cyber Security Centre reported that over 18 months, top models progressed from nearly zero capability in simulating corporate attacks to completing more than half of the scenarios.

This material discussed models released before March 2026. The best among them, Claude Opus 4.6, averaged 15.6 out of 32 steps with increased computation time. According to NCSC, this equated to about 6 hours of work out of the 14 hours a human expert would need to fully complete the scenario.

Without additional computation time, the average was 9.8 steps, with the best single result reaching 22 steps. As of March 2026, no public model had completed the 32-step scenario from start to finish.

According to NCSC, a full attempt at such a scenario cost around £65. The agency noted two trends: each new generation of models handles complex attack chains better, and additional computation time improves results without requiring a more skilled operator.

Changes After the Release of Mythos

On April 13, the UK AI Security Institute published a separate evaluation of Claude Mythos Preview. In the test The Last Ones, the model became the first to complete a 32-step simulation of an attack on a corporate network from start to finish—achieving this in 3 out of 10 attempts.

On average, Claude Mythos Preview completed 22 out of 32 steps. The next best, Claude Opus 4.6, averaged 16 steps and did not reach the final stage. According to AISI, a human would take about 20 hours to complete such a scenario.

AISI noted the limitations of the test. The simulation reflects a small, poorly protected, and vulnerable corporate network, assuming access to the network has already been gained. This is a significant simplification compared to a real attack. The test environment also lacked active defenders and protective tools, which are often present in real organizations.

On May 13, AISI reported that a newer version of Claude Mythos Preview completed The Last Ones in 6 out of 10 attempts and for the first time finished the second test scenario Cooling Tower—in 3 out of 10 attempts. The institute emphasized that such results should not be seen as an exact measure of real capabilities, but the direction and speed of changes appear consistent.

OpenAI Launches Full Version of GPT-5.5-Cyber and Expands Cybersecurity Initiatives

On June 22, OpenAI announced the expansion of its Daybreak platform—a suite of tools for automated vulnerability discovery and patching in software.

Updates include:

Codex Security. A new version of the plugin to accelerate the process of finding and fixing vulnerabilities in existing systems, as well as automating responses to new exploits;
GPT-5.5-Cyber. Following the initial preview, the full version of the GPT-5.5-Cyber model has been released for a limited number of verified defenders;
Patch the Planet. An initiative created in collaboration with Trail of Bits and HackerOne, aimed at helping open-source projects transition more quickly from vulnerability discovery to remediation. Initial participants include cURL, Go, Python, and Sigstore.

According to developers, the GPT-5.5-Cyber model set a new efficiency standard on the CyberGym platform with a score of 85.6%, compared to 81.8% for the base version of GPT-5.5.

Source: OpenAI.

OpenAI also reported early successes in detecting and creating patches for critical vulnerabilities in major browsers, network infrastructure, FreeBSD OS, and the Linux kernel.

Agent AI as a Separate Risk

On May 1, the cyber agencies of the Five Eyes nations released guidance on Careful adoption of agentic AI services. The document focuses on agent AI systems—services that utilize LLMs, external tools, data sources, memory, and planning to perform tasks with less human involvement.

The guidance states that such systems expand the attack surface. Vulnerabilities can arise not only in the model itself but also in tools, external data, memory, integrations, and downstream services.

Risks associated with AI agent behavior are also highlighted. The system may misinterpret its objective, find an unsafe workaround, execute harmful instructions due to prompt injection, or gain overly broad permissions.

Five Eyes recommend implementing agent AI gradually, starting with low-risk tasks, avoiding broad access to sensitive data and critical systems, and pre-planning segmentation, rights control, and rollback capabilities.

It is worth noting that in February, the AI agent OpenClaw went out of control and deleted the email of a Meta researcher.

Previously, cryptographer Kostas Halkias from Mysten Labs described AI as a more serious threat to cryptocurrencies than quantum computing.