Powerful AI models capable of devastating new cyber attacks on governments and businesses are mere months away, intelligence agencies for the Five Eyes have warned in a rare joint statement, urging leaders to “act now”.
The surprising public intervention by signals agencies for Australia, the US, the UK, New Zealand and Canada comes after the Trump administration earlier this month decided to block “foreign nationals” from using a much-hyped AI model built by tech company Anthropic, called Fable.
The statement, issued late on Monday night, Sydney time, said while AI “would help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats”.
“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months,” the warning by Five Eyes agencies said.
“In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value.”
The cybersecurity agencies said the leaps in AI models showed the technology would lower barriers for bad actors and increase the speed and complexity of attacks.
“A whole-of-organisation and whole-of-society response is required,” the statement continued.
“Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”
Generative AI models are powerful new tools capable of looking for vulnerabilities in cyber security systems, and they can help exploit those vulnerabilities as well as repair them.
“What’s different about the latest [AI models] ones is they’re very good at generating exploits,” Olivia Shen, an expert in national security and AI at the University of Sydney’s United States Studies Centre, said.
While no AI models or companies are mentioned in the Five Eyes statement by name, many around the world have their eyes on Anthropic’s advanced tier of tools.
One of the major tech company’s latest inventions is called Fable 5, a supposedly more community-friendly version of Mythos – a powerful AI model released earlier this year capable of detecting vulnerabilities in cyber systems that is only available to vetted organisations and companies because of concerns it could be exploited.
Both of Anthropic’s models were suspended for use by “foreign nationals” in June by the US government, which cited advice by national security authorities.
Shen said much of the world was focused on what happens next for Anthropic but there could be many more powerful AI models not far off.
“I think we have to anticipate that the next Mythos or the next Fable is just around the corner,” Shen said.
“We can only see what’s been released but there could be other models being developed by the likes of China, or other states and other actors and companies, that are just as advanced.”
In March, the Albanese government signed Anthropic as the first company on to its national AI plane.
The non-binding memorandum of understanding means companies agree to share details of AI progress with the government and “promote safety”.
The government’s national plan promotes a light-touch approach on regulating the sector in a bid to capture economic and productivity benefits from the technology.
FormerKarmaKing on June 22nd, 2026 at 17:48 UTC »
I'm a programmer that works in AI. I'm still waiting to hear a benchmark for how much more effective these models are at detecting security problems versus models from the exact same model makers.
Reason is that we already use AI for detecting security vulnerabilities. And if even if those models are 80% as good, the attack vector is less every piece of software out there and more public packages that are used by thousands of other pieces of software.
So even if the existing models are 80% as good at finding vulnerabilities, the existing models can hammer away at all of them for longer and likely find all of the same bugs, just in slightly longer time (and possibly lower cost). Nation states are already doing this and they have more than enough budget and patience to continue indefinitely, even at 80% effectiveness.
As such, the real solution here would not be to try to lock-down further AI model development, but rather for GitHub and other hosts of shared code / packages to scan the code in question. This adds value to their platforms, and in the case of GitHub, Microsoft owns them, a big chunk of Open AI, and many of the data centers on which Open AI runs.
What myself and other technical people are seeing instead is security theatre from the model companies to hopefully lock-out any competiros via onerous regulations and even giving the U.S. partial ownership to lock-in their competitive positions.
DefTheOcelot on June 22nd, 2026 at 16:59 UTC »
coming from the members of the five eyes which have all gone insane and are destroying themselves
jojotortoise on June 22nd, 2026 at 16:37 UTC »
I'm going to take the opposite side on this: release them.
It's not like our adversaries don't know how to hack -- and they have the manpower to do it. These models also help "harden" things. So having them in the hands of "the good guys" is pretty important.