Why AI is accelerating cyber risk and what business leaders must do now
The heads of Five Eyes cybersecurity agencies issued a rare joint statement warning that artificial intelligence is reshaping cyber risk in months rather than years, and called on business and government leaders to take immediate action.
The statement, released Monday night, brings together the cybersecurity chiefs of the Five Eyes allies – Australia, the US, the UK, Canada and New Zealand. Edge AI models are expected to exceed industry expectations and will transform both attack and defense, he says, and the gap between finding a vulnerability and exploiting it is rapidly closing.
“The urgency is clear. Artificial intelligence is not a future consideration, it is already here,” the statement says. “It reduces barriers for malicious actors and increases the speed and sophistication of attacks… At the same time, AI offers powerful tools to strengthen defenses.”
The warning follows a recent reminder of how quickly these capabilities move. On June 13, Anthropic suspended worldwide access to its two most powerful AI models, Fable 5 and Mythos 5, following a US export control directive over security concerns, with Australian users losing access without notice.
Tests by the UK’s AI Security Institute found that one of the models was able to penetrate systems about 73 percent of the time; Gina Neff, an academic at Queen Mary University of London, described it as “a step change in talent”.
Cyber risk can no longer be treated as a purely technical issue, the agencies said. This is a fundamental business risk and leadership responsibility, they said, and boards and executives need to make sure their defenses will survive an actual attack, rather than simply keeping controls in place.
Among the signatories was Stephanie Crowe, head of the Australian Signals Directorate’s Australian Cyber Security Centre. He said Australia was in a good position if organizations took the threat seriously.
“I’m actually really confident that we have the tools and the capabilities,” Crowe said. “If we all take action and really take the time to look at our cyber risk management plans and the priorities we place on the things we need to do to defend ourselves, then we’re in a really good place.”
Crowe said advocates should learn from emerging technologies like artificial intelligence. “Our enemies use them, and we all need to use them to defend our networks,” he said.
Chiefs identified practical steps organizations should take, encouraging leaders to reduce the number of systems exposed to the internet, fix known flaws more quickly, retire unsupported legacy systems and tighten controls on who can access critical networks. They said AI shortens the time between a flaw being discovered and exploited, making delays in patching more dangerous, especially for operational systems with long update cycles.
Agencies said breaches should be assumed rather than feared, with response plans tested in advance so that incidents can be contained before they become operational and financial crises.
The statement also pressured leaders to use artificial intelligence to defend themselves. Organizations that integrate technology into security operations are able to detect vulnerabilities earlier, monitor unusual behavior and respond to incidents sooner, reducing both the cost and impact of attacks, the chiefs said. Success, they said, comes from getting the basics right and moving quickly, not by buying lots of tools.
The intervention reflects growing unease among Western security agencies about the pace of cross-border development of artificial intelligence and its use by state-sponsored and criminal hackers. Cyber risk assumptions can become outdated within months, and resilience is central to operational continuity and market confidence, the agencies said.
“Cyber resilience is not an IT problem,” the statement said. “Leaders who act now will reduce risks, strengthen resilience and build trust with customers, partners and investors. Those who delay will face growing and preventable risks.”
The agencies called on the industry, including technology vendors, to work together. “We call on industry leaders to act now and work together to protect our people and secure our future,” the statement said.
The Business Briefing newsletter delivers big stories, exclusive news and expert insights. Sign up to receive it every weekday morning.
David Swan is the technology editor of The Age and The Sydney Morning Herald. He was previously technology editor of The Australian newspaper.Connect with: X or email.
