Western governments and businesses face a rapidly closing window to defend against a new generation of AI-engineered cyberattacks, according to a joint warning from the cyber chiefs of the Five Eyes intelligence alliance, comprising the US, the UK, Australia, New Zealand and Canada.
Without naming them, they cautioned that adversaries — widely understood to include Russia and China — could soon develop attacks sophisticated enough to overwhelm current defences, with officials stressing that “the timeline is not years, it is months”. The Five Eyes is an intelligence alliance formalised between the five countries after World War II.
In the middle of an AI cybersecurity race, the alliance warned that “frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities”.
The warning landed a few days after Washington ordered Anthropic to restrict foreign nationals’ access to its most advanced AI models over national security concerns.
US commerce secretary Howard Lutnick recently sent Anthropic chief executive Dario Amodei a letter stating that the company’s latest Claude Fable 5 and Claude Mythos 5 models are now subject to export restrictions.
The cybersecurity agencies said progress made by AI models showed the technology would make it easier for bad actors to operate, increasing the speed and complexity of attacks. “A whole-of-organisation and whole-of-society response is required…. Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility,” the statement said.
The question is whether there is a real risk that AI-versus-AI cyber conflict escalates faster than human oversight can keep pace with, similar to algorithmic trading flash crashes.
“With algorithmic trading, the issue was pure speed. Machines reacting to each other faster than any human could step in, and the cascade ran away before anyone could pull the plug. AI in cyber has that same speed problem, but it adds something trading never had: the attacker can change its mind mid-operation. A trading algorithm follows a fixed script. An AI agent running an intrusion can hit a wall, reason its way around it, switch targets, try a different exploit and all this without checking back with whoever launched it,” Srinivas L, joint MD and joint CEO, 63SATS Cybertech, told The Telegraph. The company, headquartered in Mumbai, offers advanced cybersecurity solutions.
He said: “So the genuinely dangerous moment isn’t one AI attacking. It’s an autonomous attacker running into an autonomous defender, both adapting to each other at a speed no human can follow in real time. That’s where
you get the unpredictable, runaway behaviour.”
AI-engineered threats are already present, capable of attacking a wider number of targets simultaneously. In May, Google Threat Intelligence Group (GTIG) said it had discovered a zero-day exploit developed with AI. The GTIG report said “prominent cyber crime threat actors” were planning to use the vulnerability for a “mass exploitation event” that would have allowed them to bypass two-factor authentication on an unnamed “open-source, web-based system administration tool”.
It was the first time Google had found evidence that AI was involved in an attack of this nature, although Google’s researchers note that they “do not believe Gemini was used”.
“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” said the GTIG report. “Threat actors associated with the
People’s Republic of China (PRC) and the Democratic People’s Republic of Korea (DPRK) have also demonstrated significant interest in
capitalising on AI for vulnerability discovery.”
The capabilities of AI models being developed in the West are relatively well known, including the concern surrounding the release of Anthropic’s Claude Mythos Preview, which found high-severity vulnerabilities, including some in every major operating system and web browser.
One may wonder how an AI model can find a previously unknown vulnerability and weaponise it without human direction. Traditionally, fuzzers (automated software-testing tools that bombard a system with random, invalid inputs) and pentesting tools (specialised tools that simulate cyberattacks on a computer system) were involved.
“What both always needed was human judgment. Turning a crash into a reliable exploit, or spotting a logic flaw that no fuzzer would ever stumble onto, meant a senior researcher sitting there reasoning about why the code behaves the way it does,”
said Srinivas.
“What’s new is doing them end to end, at machine speed, without a human between the steps, and doing the hard reasoning part, the bit that used to need a senior researcher, competently. That’s exactly why the agencies are saying ‘months, not years’, and why the window between a flaw
existing and it being exploited is collapsing.”
On Monday, fears about AI hacking capabilities saw OpenAI make several cybersecurity-focused announcements, including an improved version of its limited-access security-specialised model GPT-5.5-Cyber, expanded international work with governments and other institutions to give them “trusted access” to the
company’s latest cybersecurity-focused models, and an update of its Codex Security scanner.
“In the short term, export controls will slow down adversaries. However, restrictions drive innovation, as we have seen in the case of DeepSeek. Frontier models do have a capability edge, but in the longer term, open-weight models will also become more capable and, thus, riskier. The more the US restricts frontier models, the more the industry
will focus on open-weight models abroad. This can reshape which models will
diffuse the most,” Tarun Pathak, research director at Counterpoint Research, told The Telegraph.
Five Eyes cyber chiefs have suggested reducing attack surfaces and preparing
for incidents.
