A Rare Joint Statement From the World’s Most Trusted Intelligence Alliance
It is not often that the cybersecurity agencies of five different nations speak with one voice. On June 22, 2026, they did exactly that.
The statement, titled “The AI shift in cyber risk: why leaders must act now,” carries the signatures of the heads of six major cyber and intelligence agencies: the Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand’s NCSC, the UK’s NCSC, the US NSA, and CISA. These agencies, known collectively as the Five Eyes, represent the world’s closest intelligence-sharing alliance, comprising the United States, United Kingdom, Canada, Australia, and New Zealand. When they issue a joint warning, governments and corporations around the world pay attention.
The message they delivered was blunt and urgent. “As the leaders of the Five Eyes cyber security agencies, we are united in our call to action: the evolving landscape of artificial intelligence is rapidly transforming cyber risk, and we must act swiftly to remain ahead.”
The Timeline Is Not Years. It Is Months.
What makes this statement different from the routine cybersecurity advisories that cross Dr. Tom’s desk regularly is the urgency of its central claim. Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.
In plain English, the agencies are saying that artificial intelligence is improving so quickly that the assumptions security professionals made about their defenses just months ago may already be outdated. It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly.
That shrinking window matters enormously. In the old model of cybersecurity, a company might discover a software vulnerability and have weeks or months to patch it before criminals figured out how to exploit it. By accelerating vulnerability discovery, automating reconnaissance, and lowering technical barriers for malicious actors, AI could significantly reduce the time organizations have to identify, patch, and mitigate emerging threats. The race between attackers and defenders is accelerating on both sides.
This Did Not Happen in a Vacuum
This joint statement is the latest and most dramatic step in a rapid sequence of escalating actions by Western governments over the past six weeks. The Five Eyes agencies had already issued guidance in May 2026 cautioning against the rapid deployment of agentic AI systems, meaning AI models capable of taking independent actions rather than just generating text or images, warning that rushing these systems into production could amplify existing vulnerabilities.
Then came an even more striking development. Around June 12, the US Commerce Department ordered Anthropic to restrict global access to its advanced AI models, including one referred to as Mythos, effectively treating a private company’s AI product as a national security concern requiring export-style controls.
“The really key lesson for this is that AI capabilities are evolving incredibly rapidly,” one cybersecurity expert noted, adding that even though the world’s attention is currently on Anthropic, someone else could produce the next highly capable model.
What the Agencies Are Telling Business Leaders to Do
The statement is addressed primarily to corporate executives and boards rather than everyday consumers, but the guidance is worth understanding because it shapes how seriously the businesses you rely on, your bank, your hospital, your utility company, are taking this threat.
The agencies recommend five practical actions. Reduce your attack surface by limiting unnecessary system access and external connectivity. Accelerate patching processes since AI is shortening the time between vulnerability discovery and exploitation. Address legacy systems, since unsupported systems are easy targets and represent strategic liabilities rather than mere technical debt. Review and strengthen identity and access controls, limiting who can access critical systems and enforcing strong authentication. And prepare for incidents before they happen by testing response plans, training teams, and assuming breaches will occur.
Perhaps most significantly, cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility. Boards and executives should ensure cyber resilience is in place and works under pressure. That is a notable shift in tone, moving cybersecurity out of the IT department and onto the desks of CEOs and corporate boards.
What This Means for You
You are not running a Fortune 500 company’s cybersecurity program, but this warning still affects you. The banks, hospitals, schools, and local government systems that hold your personal data are exactly the kind of organizations this statement is targeting. If they take this warning seriously and patch faster, strengthen access controls, and prepare properly for incidents, you benefit directly through fewer breaches of the type Dr. Tom has covered repeatedly in this column over the past several months.
The honest takeaway is this: the pace of change in artificial intelligence is no longer a topic for technology conferences and academic papers. It has become a matter serious enough that the world’s most trusted intelligence agencies felt compelled to speak with one voice and tell the world’s business leaders, quite simply, that the clock is now running in months, not years.
Stay safe out there, and I will see you next week!
Feeling lost in the digital world? Dr. Tom is here to help!
References
- Canadian Centre for Cyber Security. “Five Eyes Cyber Security Agencies Statement on the AI Shift in Cyber Risk: Why Leaders Must Act Now.” June 22, 2026. https://www.cyber.gc.ca/en/news-events/five-eyes-cyber-security-agencies-statement-ai-shift-cyber-risk-why-leaders-must-act-now
- Australian Cyber Security Centre. “Five Eyes Cyber Security Agencies Statement.” June 2026. https://www.cyber.gov.au/about-us/view-all-content/news/five-eyes-cyber-security-agencies-statement
- Cybersecurity and Infrastructure Security Agency. “Five Eyes Cyber Security Agencies Statement.” June 2026. https://www.cisa.gov/news-events/news/five-eyes-cyber-security-agencies-statement
- CNN. “AI Could Breach Government and Business Defenses in Months, US and Its Intelligence Partners Warn.” June 23, 2026. https://www.cnn.com/2026/06/23/world/ai-five-eyes-warning-cyber-threat-intl-hnk
- CSO Online. “Change Your Cyber Risk Strategy to Meet AI Threats, Five Eyes Countries Warn CSOs.” June 2026. https://www.csoonline.com/article/4188049/change-your-cyber-risk-strategy-to-meet-ai-threats-five-eyes-countries-warn-csos.html
- Crypto Briefing. “Five Eyes Warns New AI Models Pose Urgent Cyber Risk Within Months.” June 2026. https://cryptobriefing.com/five-eyes-ai-cyber-risk-warning/
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
