Cyber security agencies from across the Five Eyes intelligence alliance, comprising Australia, Canada, New Zealand, the United Kingdom, and the United States, have urged organisations to act now to mitigate the imminent threat of AI-enabled attacks.

In a joint statement, cyber and intelligence agencies warn that sophisticated attacks launched using AI are months, not years away and that organisations must respond by adopting a top-down approach to preparing their defences.

The agencies urged organisations to reduce their attack surface now by limiting unnecessary system access and dependencies, comprehensively adopt secure-by-design principles, reduce reliance on legacy systems, and strengthen identity controls.

AI also holds strong defensive potential, the agencies added, and they advised all organisations to use the technology to radically speed up their patching process.

The joint statement was signed by: the UK’s National Cyber Security Centre (NCSC); the US’s National Security Agency and Cybersecurity and Infrastructure Security Agency; the Canadian Communications Security Establishment; New Zealand’s Government Communications Security Bureau; and the Australian Signals Directorate.

Richard Horne, chief executive at the NCSC, said that defenders must work to keep pace with the threat landscape as AI continues to develop.

“It is more important than ever that every member of an organisation, from the Board to the IT desk, works towards a shared mission: keeping our online world secure from those who would harm it,” he said.

The NCSC specifically advised organisations to prepare for a “patch wave” in the near future, a sudden rush of new patches that need to be applied as offensive AI tools allow hackers to find vulnerabilities much quicker.

It recommended automated patching as a priority and to focus on external attack surfaces first to prevent hackers from exploiting latent vulnerabilities.

The potential for AI to reshape cybersecurity, both positively and negatively, has been a topic of intense focus in recent months.

Anthropic’s launch of Project Mythos in April sparked fears that AI could soon be used to expose sophisticated and previously unknown vulnerabilities. Organisations such as the European Central Bank subsequently held crisis meetings to discuss how to secure cyber defences, even as more organisations have gained access to Mythos and OpenAI’s competing model GPT-5.5 Cyber.

---