The Five Eyes intelligence alliance issued a joint warning on 23 June that frontier AI models capable of conducting sophisticated cyberattacks are months — not years — from broad public availability, urging governments and businesses to 'act now' to improve their defences.
The statement, coordinated across intelligence agencies from the United States, United Kingdom, Canada, Australia and New Zealand, represents the most urgent collective assessment of AI-enabled cyber threats from Western security services to date. NSA Director of Cybersecurity Directorate David Imbordino and CISA Acting Director Nick Andersen were among the officials named in the advisory.
The agencies specifically cited Anthropic's Fable 5, its Mythos 5 variant, and OpenAI's Daybreak as examples of frontier models whose offensive cyber capabilities are anticipated to become broadly available within the year — despite efforts by their developers to restrict access. The warning acknowledged that open-source Chinese models add further proliferation risk, as they operate outside the safety frameworks that US-based companies maintain.
The advisory stated that frontier AI models are 'anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities.' The language is notable for its directness: 'The timeline is not years, it is months.'
Five practical actions were recommended for organisations: reduce attack surface, accelerate patch management, remove or isolate vulnerable legacy systems, strengthen identity and access controls, and test incident response plans. The agencies emphasised that success requires 'getting the basics right, acting quickly, and integrating cyber security into core business strategy.'
The warning arrives just weeks after the JADEPUFFER incident — the first documented case of fully autonomous AI ransomware — validated the agencies' concerns about agentic AI being weaponised. The convergence of increasingly capable frontier models with autonomous agent frameworks creates a threat landscape that traditional cybersecurity approaches were not designed to address.
For context engineers, the Five Eyes advisory is a wake-up call with specific implications. The same agentic capabilities that make AI tools powerful for software development — autonomous reasoning, adaptive problem-solving, multi-step execution — are being weaponised at scale. Every organisation deploying AI systems needs to simultaneously harden its defences against AI-powered attacks.