Five Eyes Warns Frontier AI Models Will Reshape Cyber Threats in Months, Not Years

The Five Eyes intelligence alliance, comprising agencies from the United States, Canada, the United Kingdom, Australia, and New Zealand, issued a joint statement on June 22, 2026, warning that advanced AI models capable of automating sophisticated cyberattacks are months away from broad public availability. The statement, signed by NSA Cybersecurity Director David Imbordino and acting CISA Director Nick Andersen, says frontier models like Anthropic's Fable 5 and OpenAI's Daybreak will fundamentally transform both offensive and defensive cyber capabilities within the year, despite company efforts to restrict access.

The agencies note that open-source models typically lag frontier AI development by six to eight months, meaning capabilities that were restricted yesterday are already available in older commercial or open-source models today. For example, the capabilities that led the Trump administration to impose export controls on Fable 5 can now be replicated using older models like Claude Opus or open-source Chinese alternatives.

AI agents already breaching companies with minimal skill

Recent incidents underscore the immediacy of the threat. A novice hacker used vague, low-skill prompts in Anthropic's Claude and OpenAI's Codex to breach 14 companies, with AI agents performing the actual exploitation. This demonstrates that frontier AI models lower the barrier to entry for cyberattacks, enabling even unskilled actors to cause significant damage.

• Legacy systems, slow patching cycles, unnecessary internet connectivity, weak identity and access controls, and lack of pre-incident planning are key weaknesses AI will exploit.
• Anthropic shut down access to its Fable 5 and Mythos 5 models after the export control dispute, but the underlying capabilities persist in older models.
• Programs like Anthropic's Project Glasswing and OpenAI's Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense, aiming to give defenders a head start.
• The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years.

Basic cybersecurity hygiene remains the best defense

Despite the advanced AI threat, the Five Eyes agencies emphasize that success will come from getting the basics right: acting quickly, integrating cybersecurity into core business strategy, and treating digital security as a strategic priority rather than a compliance checkbox. The recommended guidance echoes decades-old advice, underscoring that many organizations still fail to implement fundamental protections.

Looking ahead, the agencies urge governments and businesses to prepare for a landscape where AI-driven attacks become routine. Those that fail to adapt will face growing operational and strategic disadvantage. The timeline is not years, it is months, and the window for proactive defense is closing rapidly.