‘Months, Not Years’: Five Eyes Sounds Alarm on AI Cybersecurity Threats

The world’s most powerful intelligence alliance is raising the alarm about AI cybersecurity threats — and the timeline they’re describing is unsettling. Governments could face destabilizing attacks from advanced AI models within months, not years, according to a rare joint public warning issued by the Five Eyes, the signals intelligence partnership comprising Australia, the United States, the United Kingdom, New Zealand, and Canada.

Key takeaways

• The Five Eyes issued a rare joint public statement warning that frontier AI models could destabilize governments and businesses within months.
• AI accelerates both offensive and defensive cyber capabilities, lowering barriers for bad actors and increasing attack sophistication.
• The US blocked foreign nationals from accessing Anthropic’s AI model Fable in June, citing national security concerns.
• Anthropic’s advanced models — Mythos and Fable 5 — have drawn global attention for their power and misuse potential.
• Australia’s Albanese government signed Anthropic onto its national AI plan in March under a non-binding safety memorandum of understanding.

Five Eyes Warns of Imminent AI Cyber Threats

A joint statement from the Five Eyes’ cybersecurity agencies is a significant moment. These agencies rarely speak publicly in unison, and when they do, the message carries weight that goes far beyond a routine advisory. This time, they’re warning that frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities — and doing so faster than almost anyone has publicly acknowledged.

A Rare Joint Public Statement

“The timeline is not years, it is months,” the Five Eyes agencies stated directly. That framing — blunt, time-bound, and unusually specific for intelligence agencies — signals a level of institutional alarm that policymakers and business leaders would be unwise to dismiss.

The statement acknowledged AI’s dual role in cybersecurity: while it can improve cyber defence over time, it also accelerates the speed, scale, and sophistication of attacks. The agencies warned that advancing AI will lower barriers for bad actors, allowing threats to grow in complexity faster than defences can adapt.

Notably, no specific companies or AI models were named in the statement itself. But the timing is hard to ignore. The warning comes shortly after the Trump administration moved to block foreign nationals from accessing Anthropic’s AI model Fable in June, citing national security advice. The move drew immediate international attention to the growing intersection of advanced AI development and geopolitical risk.

Urgency of Cyber Resilience and Leadership

“Cyber risk can no longer be treated as a purely technical issue,” the agencies declared. “This is a core business risk and leadership responsibility.”

That framing represents a meaningful shift in how AI-enabled cybersecurity threats are being communicated to decision-makers. The call is not just for IT departments or security teams — it’s directed at boards, executives, and heads of government. The agencies explicitly called for a whole-of-organisation and whole-of-society response, a phrase that underscores the scale of what they believe is coming.

Cyber resilience, in this context, is now directly tied to market confidence and long-term business value — not just operational continuity. For companies still treating cybersecurity as a cost centre rather than a strategic priority, that framing carries a direct warning.

Anthropic’s Advanced AI Models and US Government Actions

At the center of international scrutiny right now are two AI models developed by Anthropic: Mythos, a powerful system capable of detecting vulnerabilities in cyber infrastructure, and Fable 5, described as a more community-oriented iteration of the same underlying technology. Both models have drawn global attention — not just for what they can do, but for the risks they carry if misused.

Fable and Mythos Models’ Capabilities and Controls

Mythos is currently available only to vetted organisations and companies, a restriction that reflects Anthropic’s own recognition that tools capable of identifying cyber vulnerabilities could be weaponized. Fable 5 followed as a wider-access variant, though the specifics of its access controls remain limited in public disclosures.

The analytical concern here is straightforward: AI models that can find exploitable weaknesses in digital infrastructure represent a category of technology with enormous legitimate value — and equally enormous misuse potential. The Five Eyes’ statement, while not naming Anthropic directly, aligns closely with the capabilities these models reportedly possess.

US Ban on Foreign Nationals Using Fable

In June, the US government suspended access to both of Anthropic’s advanced models for foreign nationals, acting on advice from national security authorities. The decision reflects a broader pattern in Washington of treating cutting-edge AI as strategically sensitive technology — similar to how semiconductor exports have been managed in recent years.

The limited transparency around the exact scope and enforcement of this restriction leaves important questions open. But the act itself signals that the US government views Anthropic’s most capable AI models as tools with serious national security implications, not simply consumer software products.

Olivia Shen, a national security and AI expert at the University of Sydney’s United States Studies Centre, put the broader risk in sharp perspective. “I think we have to anticipate that the next Mythos or the next Fable is just around the corner,” Shen said. “We can only see what’s been released, but there could be other models being developed by the likes of China, or other states and other actors and companies, that are just as advanced.”

That observation matters. The Five Eyes’ warning is not just about Anthropic. It’s about an entire trajectory of AI development that is accelerating beyond public visibility.

Government Partnership and National AI Strategy in Australia

Australia’s approach to Anthropic has been notably different from Washington’s restrictive posture — at least in its publicly stated form.

Anthropic’s Agreement with the Albanese Government

In March, the Albanese government signed Anthropic as the first company to join its national AI plan, under a non-binding memorandum of understanding. The agreement commits Anthropic to share details of AI progress with the Australian government and to actively promote safety standards. It represents one of the more concrete early steps any government has taken to bring frontier AI companies into a formal — if voluntary — accountability structure.

Light-Touch Regulation Focused on Safety and Economic Benefits

Australia’s national AI strategy is built on a deliberately light-touch regulatory approach, designed to allow the country to capture economic and productivity gains from AI without creating barriers that would push development elsewhere. That balancing act is now under considerable pressure given the Five Eyes’ timeline.

Whether a non-binding memorandum and a growth-friendly regulatory stance can keep pace with AI models that intelligence agencies say are months away from destabilizing potential is one of the more uncomfortable questions sitting beneath this entire episode. The gap between voluntary safety commitments and binding risk controls may be tested sooner than anyone planned.

FAQ

What is the significance of the Five Eyes’ joint warning on AI?

The Five Eyes — comprising Australia, the US, the UK, New Zealand, and Canada — issued a rare public statement warning that powerful AI models are months away from being capable of destabilizing governments and businesses. The joint nature of the warning and its unusually specific timeline signal a high level of concern among the world’s leading signals intelligence agencies.

Why did the US block foreign nationals from using Anthropic’s Fable model?

The US government suspended foreign nationals’ access to Anthropic’s Fable model in June, citing advice from national security authorities. The move reflects broader concerns about advanced AI tools with capabilities that could be exploited for cyberattacks or intelligence purposes.

What are the key AI models developed by Anthropic mentioned in the warning?

Anthropic has two advanced AI models at the center of current scrutiny: Mythos, a powerful system capable of detecting vulnerabilities in cyber systems and available only to vetted organisations, and Fable 5, a more accessible version of the same technology. Both have drawn international attention for their capabilities and misuse potential.

How does AI impact cybersecurity leadership and risk management?

The Five Eyes agencies stated explicitly that cyber risk can no longer be treated as a purely technical issue. They framed it as a core business risk requiring direct leadership involvement, and called for a whole-of-organisation and whole-of-society response to address the escalating threat environment created by advancing AI models.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.