The West may have only a few months of breathing room before rivals catch up in AI-powered cyberattacks, according to a warning from the Five Eyes intelligence alliance. The message is blunt: the same models that are helping companies automate cybersecurity work are also making attacks faster, more adaptive, and harder to spot.
That warning landed just after U.S. authorities moved to block Anthropic from giving foreign governments access to its Claude 5 models. Anthropic then cut off most users from those systems, including people in the U.S., after it could not enforce the narrow access rules the government wanted. The episode is a neat little reminder that AI security is now being shaped by export controls as much as by code.
Five Eyes says the AI cyber lead is measured in months
The alliance, which includes the U.S., the U.K., Canada, New Zealand, and Australia, says Western countries still lead in using AI across commercial and military systems. But the lead is not a comfortable one, and it is certainly not something measured in years. In its telling, the clock is already down to months.
That framing matters because cyber defense has usually rewarded scale, money, and patience. AI compresses all three. A defensive model can scan logs, flag anomalies, and triage alerts at machine speed, while an offensive one can help attackers adapt payloads, vary targets, and automate reconnaissance. Once both sides can rent the same tools, the moat gets shallow fast.
Anthropic’s restricted models exposed a hard limit
The Anthropic move shows how messy AI governance gets once governments try to separate ”trusted” users from everyone else. If a company cannot reliably carve out access by nationality or jurisdiction, the fallback is simple but disruptive: shut the door more widely. That is bad news for customers, but it also shows regulators are now treating frontier models like strategic infrastructure, not just software subscriptions.
There is also a competitive wrinkle here. U.S. firms are being asked to innovate quickly, secure their systems, and comply with tighter controls all at once, while rivals elsewhere are being warned that they no longer need years to close the gap. Google had already signaled in May that AI-assisted attacks were becoming a real concern, suggesting this is not a one-off alarm but part of a broader shift in threat intelligence.
The new cyber threat is faster, broader, and harder to model
Five Eyes says malicious activity is becoming both more sophisticated and more distributed across targets. That is the uncomfortable part for defenders: AI does not have to make every attack brilliant, it only has to make enough of them cheaper, faster, and slightly more convincing.
- Defenders get AI for log analysis, detection, and response.
- Attackers get AI for reconnaissance, adaptation, and scale.
- Governments get a race they cannot freeze with policy alone.
The obvious next move is for Western governments to push harder on domestic AI adoption inside critical infrastructure, while companies lean more on their own models and security stacks. The open question is whether that happens fast enough to matter, or whether the rest of the world spends the next few months quietly erasing the lead the West thought it had.