The Five Eyes cyber security agencies have issued a joint warning urging governments, businesses, and critical infrastructure operators to adopt a “whole-of-organization and whole-of-society response” to address rapidly evolving cyber threats driven by artificial intelligence (AI).
In a statement released on June 22, 2026, senior leaders from the United States, United Kingdom, Canada, Australia, and New Zealand emphasized that AI is fundamentally reshaping the cyber threat landscape.
The agencies cautioned that the speed, scale, and sophistication of attacks are increasing significantly, with the timeline for emerging risks shrinking from years to months.
The joint advisory highlights that frontier AI models are expected to surpass current industry expectations, enabling both defenders and adversaries with powerful new capabilities.
However, threat actors are already leveraging AI to automate attacks, discover vulnerabilities faster, and scale operations with minimal effort. This shift is reducing the time between vulnerability discovery and exploitation, leaving organizations with narrower windows to respond.
Five Eyes Agencies Warn on Cyber Threats
The agencies stressed that cyber risk cannot be treated solely as a technical issue handled by IT teams. Instead, it must be recognized as a core business risk requiring active involvement from executive leadership and boards.
Organizations are being urged to reassess their cyber resilience strategies and ensure that defensive controls are not only implemented but also capable of performing effectively under real-world attack conditions.
A key theme of the statement is the importance of foundational security practices. The agencies noted that while AI introduces new capabilities, many breaches still occur due to basic security failures such as unpatched systems, weak access controls, and outdated infrastructure.
They warned that legacy and unsupported systems are increasingly becoming strategic liabilities, particularly as attackers use AI to identify and exploit such weaknesses more efficiently.
The advisory also reinforces the importance of adopting secure-by-design and secure-by-default principles across software and systems development.
As AI systems continue to evolve, the risk of previously unknown vulnerabilities, including zero-day flaws, is expected to increase.
Organizations are therefore encouraged to implement layered security approaches and prepare for inevitable breaches by strengthening incident response and recovery capabilities.
In addition to defensive measures, the agencies emphasized the need for organizations to integrate AI into their security operations actively. AI-driven tools can help detect anomalies, improve vulnerability management, and accelerate incident response.
However, the Cybersecurity and Infrastructure Security Agency (CISA) emphasized that success will not come from deploying more tools alone, but from effectively integrating security into core business strategy.
The Five Eyes alliance underscored that collaboration and information sharing remain critical to collective defense. By working together across public and private sectors, organizations can better anticipate threats and respond more effectively.
The agencies concluded with a clear warning that cyber resilience is now central to operational continuity and market trust.
Organizations that act quickly will be better positioned to reduce risk and maintain confidence. At the same time, those that delay may face escalating operational, financial, and reputational consequences.
