Powerful AI models could be used in cyberattacks within months, putting governments and businesses at greater risk, Western intelligence agencies warned today.
Leaders of the Five Eyes cybersecurity agencies, which include the UK, US, Canada, Australia and New Zealand, today warned that the “frontier AI” model poses greater risks to cybersecurity than expected.
“The rapid pace of frontier AI development means that cyber risk assumptions can become outdated in months, not years. We must act proactively and be prepared to adapt and withstand evolving threats,” the agencies said in an unprecedented warning.
Their advice reflects concerns that adversaries such as China, Russia, Iran, and North Korea could quickly catch up to the AI capabilities developed by the United States and available to European organizations, providing offensive cyber capabilities far ahead of what they have today.
This follows the US government’s decision to ban the use of Anthropic’s two most advanced AI models, Claude Mythos and Fable, by foreigners, saying their exports were a “national security” risk.
The Five Eyes statement warns that AI is no longer a future consideration in cybersecurity, but that the risks are already present.
“Frontier AI models are expected to exceed current industry expectations and fundamentally transform offensive and defensive cyber capabilities, with timelines in months, not years,” the magazine said.
The Five Eyes Group is urging business leaders to further advance its oft-repeated recommendations to build secure systems and resilience against cyberattacks by leveraging AI to strengthen cyber defenses.
“Adversaries are already leveraging AI to act faster and more effectively, and defenders must do the same,” they say.
“Organizations that integrate AI tools into their security operations can detect vulnerabilities early, improve software quality, monitor anomalous behavior, and respond quickly to incidents, reducing both costs and the impact of incidents,” the notice adds.
Five Eyes says the fast pace of frontier AI development means cyber risk assumptions can become outdated in months rather than years. “We must be proactive and be prepared to adapt and withstand evolving threats.”
Company boards and management teams need to ensure that their companies are resilient to cyber threats and have confidence that the controls in place will work reliably in the event of an actual cyber incident.
“Breaches will occur, and being prepared can help you quickly contain them and prevent them from escalating into a major operational or financial crisis,” the warning states.
Richard Horne, chief executive of the GCHQ National Cyber Security Center, which published the recommendations ahead of other Five Eyes members, said: Increasing AI capabilities meant a “step change” in collective cyber defense was needed.
“The position we share with our international partners on what frontier AI means for cybersecurity is clear. “Recent developments are changing the global threat landscape and it is important that defenders keep up.”
“Now more than ever, it is important that all members of an organization, from the board of directors to the IT desk, work toward a common mission to protect the online world from those who would do harm,” he added.
