It’s been reported that the Five Eyes intelligence alliance have released a statement warning about the risks of new AI models for cybersecurity and resilience. The coalition of US, British, Canadian, Australian, and New Zealand intelligence officials warn in their statement of the growing risks of AI models for vulnerability discovery and exploitation, urging organisations to act and reassess their existing defences, and providing advice for potential mitigations. Here, Michael Jepson, Head of Penetration Testing at CybaVerse, gives his thoughts…

While the report is short, it highlights growing government and industry anxiety surrounding new models and follows turbulence over the US Government’s recent and unexpected ban of Anthropic’s Mythos, along with the growing capabilities of open-source Chinese models like GLM-5.2 and DeepSeek.

‘Five Eyes’ intelligence alliance warns that new AI models pose urgent cyber risk – Reuters

“The warning from the Intelligence community here aligns with many similar industry concerns,” says Jepson.

“CybaVerse recently conducted a survey on security professionals’ attitudes towards advanced AI, and the majority believe these platforms will do more to reduce security than improve it. Our survey revealed that 86% of security professionals believe advanced AI systems will significantly reduce the time attackers need to identify and exploit vulnerabilities, while 75% believe advanced AI systems will eventually be weaponised by cyber criminals

“The risk these models present will no doubt continue to grow as they scale and become more capable, and these fears are reflected both among cybersecurity and intelligence leaders.

“The question of course is whether existing mitigations will be enough to cope, or if newer paradigms will need to be developed to respond to the widening of the threat landscape. 

“As the Five Eyes report warns, organisations in the future need to be oriented towards security from the ground-up, with a focus on isolated systems, regular review of internal permissions and controls, and reduced reliance on legacy, unpatched systems.

An interesting aspect of this is whether the threat landscape will ‘deepen’ and if mature organisations will be exposed to more sophisticated attacks, or if it will broaden and expose a much wider range of organisations not previously worth targeting to state and criminal attacks.

The latter seems to be a real concern: 68% of respondents said they were worried that their organisations would not have the resources to cope with increased patching demands, and this problem could cascade across organisations, especially SMEs, whose capacity to defend themselves is already limited.

As the Five Eyes go on to say, AI may be part of the answer here, and the resource gap could potentially be mitigated through proactive, defensive use of LLMs for monitoring and flagging; humans need to continue to remain well in the loop for accountability and verification, but for less serious issues automation could become key.”

For more cybersecurity news, click here