Five Eyes agencies warn AI is months away from devastating attacks on businesses and governments
Key Points
- The Five Eyes alliance has issued a rare statement on the risks posed by frontier AI models to governments and businesses.
- Agencies warned that AI will fundamentally transform cyber threats and defence in months, not years.
- Businesses and governments must act now to be prepared for the threat, and they should use AI to harden their defences, the agencies said.
- Earlier this month, the US government issued an export control directive to Anthropic that resulted in its most powerful Fable 5 and Mythos 5 models being made unavailable worldwide.
- The US government cited national security concerns over the model's cyber capabilities when it issued its directive.
A rare statement from the Five Eyes intelligence alliance has warned of the imminent risks posed by frontier AI models for companies and governments across the world.
The Five Eyes alliance is an intelligence-sharing partnership formed after World War II, comprising the UK, United States, Canada, Australia, and New Zealand.
In the joint statement, Five Eyes agencies warned that the timeline for AI to fundamentally transform both offensive and defensive cyber threats is not years, but months.
The agencies anticipate frontier AI models to exceed current industry expectations, and they urged leaders to prioritise foundational cybersecurity defences and empower cyber leaders with both authority and resources to respond to this threat.
“AI is not a future consideration – it is already here,” the statement reads.
“It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly.”
Five Eyes agencies argued that a whole-of-society response is required to appropriately defend against this threat, adding that it is not enough to have controls but leaders must also use AI to deliberately strengthen defence and ensure those controls work.
“Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility,” the agencies warned.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats.”
Crackdown on Claude Mythos and Fable
The Five Eyes statement comes after the United States government issued an export control directive to Anthropic earlier this month, requiring the company to suspend access to its Fable 5 and Mythos 5 models to any foreign national.
The government cited national security concerns as the motivation for the export control order, which was said to be motivated by a jailbreak that circumvented specific safeguards in the models.
As Anthropic is unable to reliably differentiate between users of different nationality, and subsequently disabled these models for all customers worldwide.
The jailbreak which Anthropic believed prompted the export control directive was previously known to the company and was labelled a minor vulnerability, essentially involving the user asking the model to read a specific codebase and fix software flaws.
The company disagreed with the decision to impose the legal directive, saying that the capability exposed by this jailbreak in question was available from other models.
