On 22 June 2026, the Five Eyes intelligence alliance — the signals agencies of the US, UK, Australia, Canada and New Zealand — did something they rarely do. They issued a coordinated public warning that AI models capable of devastating cyberattacks on governments and businesses are, in their words, “not years away, months away.” The instruction to leaders was blunt: act now.
When the NSA, GCHQ and their counterparts speak in unison, it pays to listen. It also pays to ask why they’re speaking at all — because a coordinated warning from the world’s most powerful surveillance apparatus is never just a weather report. It’s an instrument. And this one landed in the same fortnight the US government blocked foreign nationals from using Anthropic’s most capable model. Hold that thought.
What the warning actually says
Strip out the urgency and the assessment is coherent. Frontier AI is compressing the offensive cyber timeline. Vulnerability discovery that took skilled humans weeks can be automated. Phishing and social engineering — already the cause of most breaches — can be produced at industrial scale and near-perfect quality. Malware can adapt. The agencies argue this will primarily accelerate the speed, scale and sophistication of attacks, lowering the bar for malicious actors who previously lacked the skill.
The single most useful line in the whole intervention is this: cyber risk can “no longer be treated as solely a technical issue” — it is a core business risk and a leadership responsibility, demanding a whole-of-organisation response. CSOs are being told to rewrite their risk strategy. That reframing is correct, and it’s the part every board and CFO should internalise immediately.
Now the counter-arguments — because there are good ones
I take the threat seriously. I’m more sceptical of the framing. Three reasons.
First: defence compounds too — and faster than they admit. The warning concedes, almost in passing, that AI will strengthen defence “over time.” That’s a tell. The same models that write exploits write detections. They triage alerts, parse logs, and patch faster. The attacker-defender asymmetry is real, but when the tooling is symmetric it’s measured in months, not epochs. The organisations that put AI into their own security operations won’t be passive victims of this curve — they’ll be riding it.
Second: the fundamentals haven’t moved. AI makes the volume worse, not the vector new. The overwhelming majority of breaches still walk through the same three doors: unpatched legacy systems, weak identity, and phished credentials. AI lets attackers knock on those doors faster and more convincingly. It does not build a new door. If your patching cadence is tight and your identity controls are phishing-resistant, you have already closed most of the attack surface this warning is about.
Third — and this is the one that should make you sit up: cui bono. The same week five governments tell us AI is so dangerous we must urgently defend against it, one of those governments decides AI is so dangerous that only trusted parties should be permitted to hold the best of it. Threat inflation and the control agenda travel together. “This technology is catastrophically dangerous” is the premise for both “spend more on defence” and “centralise capability into licensed, surveilled, government-approved hands.” One of those conclusions protects you. The other protects the gatekeepers. Be precise about which is which.
And “months away” has a track record. We have been told imminent-catastrophe timelines on AI before. Healthy scepticism about the specific clock is warranted, even when the direction of travel is right.
What businesses should actually do — the defensive half
The boring measures are the effective ones. None of this is exotic:
- Make cyber a board-level risk with a named owner. Not the IT line. A P&L and governance exposure with an accountable executive and a tested incident-response plan. Assume breach, and rehearse it.
- Patch ruthlessly and kill legacy. Unsupported systems are the real attack surface. Accelerate the cadence; retire what you can’t defend.
- Harden identity. Phishing-resistant MFA, least privilege, no standing access. Identity is the new perimeter.
- Brief your people on cheap, convincing impersonation. Voice and video deepfakes are now trivial. For a finance function this is acute: payment-authorisation and supplier-bank-change controls are no longer process hygiene — they are fraud defence. The CEO-on-the-phone authorising a wire is a 2026 problem, not a hypothetical.
And the half nobody puts in the headline — the offensive use
The warning is almost entirely about threat. The opportunity gets a sentence. That imbalance is itself worth questioning, because the upside is where the advantage lives:
- Put AI inside the SOC. Detection authoring, log triage, anomaly spotting, first-line response. Defenders who adopt will outpace those who wait for permission.
- Use it on the unglamorous wins. Due diligence, contract review, continuous controls monitoring, reconciliations. The finance and risk functions are sitting on the highest-ROI, lowest-risk AI use cases in the business.
- Hedge your sovereignty. The Fable episode is the lesson: do not build your operational stack on a single frontier model that a government can switch off by signature. Optionality — open-weight models, local fallback, multi-vendor — is now a resilience decision, not an ideological one. Owning, or at least controlling, your intelligence is becoming a continuity-of-business question.
The real signal
Read the warning twice. The first reading is the obvious one: the threat is accelerating, and any leader who treats cyber as someone else’s technical problem is negligent. That reading is correct — act on it.
The second reading is the one the cypherpunks have been making for thirty years, and it’s the one that matters for the decade ahead. When the state simultaneously tells you a technology is too dangerous to be undefended and too dangerous to be widely held, the question stops being purely technical. It becomes a question about who gets to hold power, and on whose terms. Phil Zimmermann faced exactly this argument when he released PGP and strong encryption was treated as a munition. The technology won. The control attempt didn’t.
So defend yourself properly — patch, harden, rehearse, train. But don’t accept the inference that protection requires surrender of capability to a licensed few. The genuinely resilient organisation does both: it builds a defensible perimeter, and it keeps its hands on the tools. Being the best is not the same as being unstoppable — and being protected is not the same as being dependent.
The agencies are right that the clock is running. They’re just not the only ones who should be deciding what you do with the time.

Leave a Reply