The leaders of the Five Eyes cyber security agencies have issued a joint warning that the rapid evolution of artificial intelligence (AI) is transforming the cyber threat landscape and urged businesses and governments to act immediately to strengthen resilience.

In a joint call to action, cyber security chiefs from Australia, Canada, New Zealand, the United Kingdom and the United States warned that advanced AI models could fundamentally change both offensive and defensive cyber capabilities, with major shifts expected within months rather than years.

“AI is not a future consideration – it is already here,” the agencies said, warning that malicious actors are using AI to increase the speed, scale and sophistication of cyber attacks.

The statement said while AI would provide powerful tools to improve cyber defence, it was also lowering barriers for criminals and accelerating the exploitation of vulnerabilities.

The leaders urged organisations to treat cyber security as a core business responsibility rather than solely a technical issue.

“Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”

They called on business leaders and boards to understand cyber risks, strengthen accountability, invest in foundational security practices and ensure cyber teams have the authority and resources needed to respond effectively.

The agencies highlighted several priority actions for organisations, including reducing unnecessary system exposure, accelerating security patching, addressing outdated legacy systems, strengthening identity and access controls, and regularly testing incident response plans.

The warning comes as AI-driven cyber threats are expected to become increasingly sophisticated, with attackers using emerging technologies to discover vulnerabilities, automate attacks and improve social engineering campaigns.

The Five Eyes cyber leaders emphasised that organisations must adopt a “secure-by-design” and “secure-by-default” approach, while maintaining layered defences rather than relying on a single security solution.

“Breaches will occur. Preparedness helps you contain them quickly and prevent escalation into major operational and financial crises.”

The agencies also encouraged organisations to use AI as part of their defensive strategy, including for detecting vulnerabilities, improving software security, identifying unusual activity and responding faster to incidents.

The Five Eyes partnership said closer cooperation and information sharing between governments, industry and technology providers would be critical to protecting communities, businesses and critical infrastructure as AI capabilities continue to advance.

“Cyber resilience is not an IT issue — it is central to operational continuity and market trust,” the leaders said, warning that organisations that delay action face increasing operational, financial and reputational risks.

Australian Cyber Security Centre head Stephanie Crowe joined counterparts from the Canadian Centre for Cyber Security, National Cyber Security Centre, National Security Agency and Cybersecurity and Infrastructure Security Agency in issuing the warning.

Support our Journalism

No-nonsense journalism. No paywalls. Whether you’re in Australia, the UK, Canada, the USA, or India, you can support The Australia Today by taking a paid subscription via Patreon or donating via PayPal — and help keep honest, fearless journalism alive.