The West may not have years to prepare for AI-powered cyberattacks; it may have only a few months. That is the blunt message from the Five Eyes intelligence alliance, which says the US, the UK, Canada, New Zealand, and Australia currently hold an edge in using AI for both defense and offense, but the gap is shrinking fast.
The warning lands right after US authorities told Anthropic to block foreign access to its Mythos 5 and Fable 5 models. Anthropic could not enforce that kind of country-by-country access control cleanly, so it cut off most users, including some in the US. That is a tidy illustration of the problem: once a powerful model exists, limiting who can touch it is harder than the policy memo makes it sound.
Why Five Eyes is sounding the alarm
According to the alliance, advanced AI systems are already reshaping cyber operations in both directions. The old model of slow, labor-intensive attacks is giving way to campaigns that can adapt on the fly, spread across more targets, and become harder to detect. In other words, the attacker gets scale; the defender gets more alerts. Everyone loses sleep.
That concern is not theoretical. In May, Google said it suspected geopolitical rivals were using AI to attack information infrastructure with algorithms that adjust automatically to changing conditions. The capabilities of would-be attackers are still not well understood, which is a polite way of saying the industry is probably underestimating how fast this gets messy.
What companies are being told to do
The advice from Western intelligence officials is simple enough: use AI more aggressively to defend corporate and government systems, and lean less on outside help. That means building more in-house resilience, training security teams around AI tools, and moving faster than adversaries who no longer need much manual effort to cause trouble.
- Defensive AI tools are now part of basic cyber hygiene, not a nice-to-have experiment.
- Access controls around frontier models are becoming a policy issue, not just a product feature.
- Governments and firms that wait too long risk facing attacks that are cheaper, faster, and more distributed.
The next test for AI security policy
The real question is whether Western governments can turn this warning into actual defensive speed before others catch up. If the lead is measured in months, not years, then every procurement delay and every compliance debate becomes part of the threat picture. That is a harsh way to introduce a technology wave, but it is the one cyber teams are now living through.