The leaders of the Five Eyes cybersecurity agencies have warned that frontier AI will “fundamentally” transform offensive and defensive capabilities within months.
In a public statement issued on June 22, the UK, US, Canada, New Zealand and Australia called on business leaders to prioritize cyber resilience or risk facing “growing operational and strategic disadvantage.”
“AI is not a future consideration – it is already here,” the statement read.
“It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly. At the same time, AI offers powerful tools to strengthen defense.”
Read more on frontier AI: Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
The group urged a “whole-of-organization” and “whole-of-society” response based around “getting the basics right, acting quickly, and integrating cyber security into core business strategy.”
It warned that breaches will inevitably occur as AI finds more zero-day vulnerabilities and urged a focus on preparedness to contain the fallout – alongside secure-by-design and default practices and defence in depth.
Organizations should also look to integrate AI into their security operations to “detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents,” the missive added.
Five Eyes Advice for Organizations
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the Five Eyes statement said. “We must act before and be prepared to adapt and withstand evolving threats.”
With this in mind, it recommended five practical steps to help organizations reduce their operational, financial and reputational exposure:
- Reduce the attack surface by limiting unnecessary system access and external connectivity, and isolating systems that don’t need to be connected
- Accelerate patching in order to mitigate the impact of AI-powered vulnerability discovery and exploitation
- Address legacy systems including unsupported systems that are easy targets
- Review and strengthen identity and access controls to limit who can access sensitive systems; enforcing strong authentication and regularly reviewing permissions
- Prepare for incidents before they happen by testing response plans, training teams, and assume breaches will occur. The focus should be on rapid containment and recovery
Graeme Stewart, head of public sector at Check Point, agreed with the Five Eyes assessment of the threat landscape.
“We need to see a global coalition on cyber collaboration, establishing a best-practice guide to protect businesses and government infrastructure,” he said. “The threat posed by AI is indeed massive, and tackling it goes well beyond the means of a single country.”
Meanwhile, Andy Ward, SVP international at Absolute Security, warned that this is “just the beginning” in terms of attacks that move at AI speed.
“Without robust AI-powered cyber resilience strategies and real-time visibility in place, the UK risks sleepwalking into deeper vulnerabilities,” he added.
