Five Eyes Warn: Frontier AI Will Break Defenses in Months

On June 22, six intelligence and cybersecurity directors from five allied nations signed a joint statement that, in the measured language of government agencies, amounted to a flare being fired over the industry. Their message: the window to prepare for AI-enabled cyberattacks is closing, and it is measured in months.

TL;DR

Six agency heads from the US, UK, Australia, Canada, and New Zealand jointly published "The AI shift in cyber risk: why leaders must act now" on June 22, 2026
Key warning: "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."
Anthropic's Mythos model found vulnerabilities in classified US government systems within hours during a controlled test, per Senate testimony
Organizations are told to cut attack surface, accelerate patching, treat legacy systems as "strategic liabilities," and test incident response before they need it
The statement arrives days after Anthropic accused Alibaba of running 28.8 million distillation attacks against Claude, and weeks after Washington restricted exports of Fable 5 and related models

Six Agency Heads, One Warning

The document was signed by the directors of six bodies: the Australian Signals Directorate's Cyber Security Centre (Stephanie Crowe), the Canadian Centre for Cyber Security (Rajiv Gupta), New Zealand's Government Communications Security Bureau (Catriona Robinson), the UK's National Cyber Security Centre (Richard Horne), the US National Security Agency (David Imbordino), and CISA (Nick Andersen).

That list matters. Joint Five Eyes statements on operational matters are uncommon. When all six agencies agree enough to put their names on the same statement, the underlying assessment has been stress-tested across six separate intelligence and signals services.

The Central Finding

The advisory doesn't soft-pedal its conclusion:

"Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."

The agencies identify a specific mechanism behind that acceleration: AI compresses the gap between vulnerability discovery and exploitation. A flaw that previously took a skilled attacker days to turn into a working exploit can now be operationalized in hours. For defenders relying on patching cycles measured in weeks, that arithmetic is lethal.

Richard Horne, CEO of the UK's National Cyber Security Centre, one of six agency heads who signed the joint statement. Source: ncsc.gov.uk

The Intelligence Behind the Statement

The advisory reads carefully. What it doesn't say - but what framed every newsroom's coverage when it dropped - is what Anthropic's Mythos model did inside a US government test environment weeks earlier.

Anthropic's Mythos and Classified Systems

In testimony before the Senate Intelligence Committee on June 11, Senator Mark Warner cited a briefing he had received from General Joshua Rudd, head of NSA and US Cyber Command: Mythos, given controlled access to US government infrastructure under Project Glasswing, found vulnerabilities in classified systems. Not in weeks - in hours.

Anthropic and the NSA have both declined to comment on specifics. But the detail that reached a public Senate hearing, attributed to the head of the NSA, is not the kind of thing that gets walked back quietly. Mythos access is tightly restricted under Project Glasswing, with roughly 40 firms and institutions granted initial evaluation access. Most governments and central banks aren't among them.

The Five Eyes statement does not name Mythos. It does not need to.

The Open-Source Lag Is Closing

The advisory also makes an observation that should worry any security team still treating AI-enhanced threats as a distant problem: open-source models normally lag frontier capabilities by six to eight months. That gap is closing. Representative Andrew Garbarino (R-NY) put it bluntly in a House hearing around the same time the advisory was published: "China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States."

The practical implication is that the dangerous capabilities now locked inside Anthropic's controlled Mythos rollout and OpenAI's Daybreak platform will, within a year, be available in open-weight models that anyone can download and run locally. The window the advisory is talking about isn't the window before frontier AI becomes dangerous - it is the window before it becomes widely accessible.

A locked padlock on a keyboard - illustrating the challenge of digital security in the AI era Defenders face a shrinking window: AI compresses the gap between vulnerability discovery and working exploit from days to hours. Source: unsplash.com

What Leaders Are Being Asked to Do

The statement isn't vague about what organizations should do. It condenses its recommendations into five concrete actions:

Action	What It Means in Practice
Reduce attack surface	Eliminate unnecessary external connectivity; minimize what can be reached
Accelerate patching	AI shortens exploitation windows - patch cycles must shrink to match
Address legacy systems	Unsupported infrastructure is described as a "strategic liability"
Strengthen identity controls	Review and tighten authentication and access permissions
Prepare incident response	Test response plans now; assume a breach will happen

The agencies also offered what amounts to a reframing of where cybersecurity sits in corporate governance. The statement insists that "cyber resilience is not an IT issue - it is central to operational continuity and market trust." That's language aimed directly at boards and CFOs, not security operations centres.

CISA's Implementation Step

With the advisory, CISA moved to operationalize the patching acceleration message. Federal agencies now face a requirement to triage vulnerabilities and patch the highest-risk ones within three days when AI involvement is identified in active exploitation. That three-day threshold is a significant shift from previous guidance.

Washington's Parallel Track

The Five Eyes statement didn't land in isolation. It follows a sequence of policy moves that, taken together, suggest allied governments are racing to establish guardrails before the open-source proliferation window closes.

The Trump administration has restricted exports of Anthropic's most advanced models, a measure that caught the company off-guard and that it contested publicly. The White House AI blueprint issued in earlier months took a different angle - preempting state-level AI regulation and establishing voluntary frameworks for early government access to frontier models before public release. CISA's new three-day patching rule operationalizes the AI risk framing into a hard requirement.

The Five Eyes advisory is the public-facing capstone of that sequence: six agency heads telling the private sector, in writing, that the timeline assumptions they have been working from are already obsolete.

The statement is careful not to tell organizations which specific AI tools are coming for their infrastructure. It is less careful about one thing: it makes clear that the agencies believe the question of whether frontier AI will be used to attack critical systems at scale is settled. The only open question is whether defenders will be ready when it happens.

Elena Marchetti covers AI safety and frontier model research at Awesome Agents.

Sources: