Canada’s cybersecurity agency and its Five Eyes alliance have issued a “call to action” to society at large, warning that artificial intelligence is “rapidly transforming cyber risks” and enabling attackers to exploit vulnerabilities with increasing speed.
At the same time, the joint advisory states that AI provides a “powerful tool” to strengthen cyber defenses and urges organizations to integrate AI into their core business strategies.
“While AI will help improve cyber defenses over time, it will also accelerate the speed, scale and sophistication of cyber threats,” said the Canadian Cyber Security Center and its counterparts in the United States, United Kingdom, Australia and New Zealand.
“The timeline is months, not years.”
The advisory states that the emergence and rapid advancement of frontier AI models that can find and exploit unknown vulnerabilities faster than humans can mean that cyber risk “can no longer be treated as a purely technical issue.”
“This is a core business risk and the responsibility of leaders,” the company said. “Boards and management teams need to ensure that cyber resilience is in place and performs under pressure.
“Managing alone is not enough,” the recommendation continues. “Leaders must have confidence that these controls will work in the event of an actual incident. This will require reevaluating long-standing trade-offs and intentionally using AI not only to improve efficiency but also to strengthen defenses.”
Organizations across all sectors are being asked to take “urgent” steps to restrict access to systems, invest in training and preparedness, accelerate protocols and timelines for security updates and patching vulnerabilities, and enforce strong privileges and authentication for verified users.
Get daily national news
Never miss the day’s top stories with Canadian news delivered to your inbox every day.
However, the cyber agency acknowledged that “breaches will occur” as ever-evolving AI models are used to discover new vulnerabilities, including “zero-day vulnerabilities” for which no solutions or patches yet exist.
The advisory states that organizations can also integrate these same AI tools to detect vulnerabilities earlier, respond quickly to breaches, and monitor for “anomalous behavior” while reducing costs.
In doing so, the agency said, as long as leaders act quickly, organizations can ensure “continuity of operations and market confidence.”
“Adversaries are already leveraging AI to act faster and more effectively, and defenders need to do the same,” the advisory reads.
“Leaders who act now will reduce risk, strengthen resilience, and build trust with customers, partners, and investors. Leaders who delay will face increasing avoidable risks.”
The recommendations come in the wake of the federal government’s latest AI strategy, which aims to significantly scale up AI adoption across the public and private sectors.
Among the key actions listed in one of the central pillars of this strategy, “Protecting Canadians and Protecting Democracy,” is a commitment to accelerate AI research and deployment for cyber defense and data protection.
It also pledges to “actively collaborate with frontier AI companies” to ensure critical systems are protected from AI-based cyber and national security threats.
Earlier this month, Ottawa admitted it had gained access to Anthropic’s powerful AI model Mythos 5 and was using it to test the security and resiliency of government and critical systems.
Anthropic said Mythos 5 is so “remarkable and capable” that it outperforms human cybersecurity experts in its ability to discover and exploit computer vulnerabilities, so it had restricted its use to a limited number of customers.
Shortly thereafter, however, the U.S. government instructed Anthropic to refrain from using Mythos and its public version, Fable 5, by foreigners, citing national security concerns.
Prime Minister Mark Carney told reporters in Ireland that the move highlights the need for Canada and other countries to develop their own AI models.
“The situation we’re collectively in now with Mythos and Allegory can result from an overreliance on a particular model,” Carney said.
“No one has done anything wrong in this situation. But if we just accept this and don’t learn the lessons and don’t build and diversify, we’ll have done something wrong.”
—With files from The Associated Press
© 2026 Global News, a division of Corus Entertainment Inc.
