Cybersecurity agencies have sounded a warning to government and corporate leaders that the cyber risk posed by artificial intelligence (AI) demands urgent action.
And the Five Eyes agencies, from Australia, the US, UK, Canada and New Zealand, point to AI as also providing the solution, arguing AI tools offer the most effective cyber defence.
In a rare joint statement, the Five Eyes agencies warned leaders must “act swiftly” to address the imminent threat as AI increases the “speed, scale and sophistication of cyber threats”.
“AI is not a future consideration — it is already here,”
the joint statement said.
“It lowers barriers for malicious actors and increases the speed and complexity of attacks, shrinking the window between vulnerability discovery and exploitation ever more quickly.
“At the same time, AI offers powerful tools to strengthen defence.”
The agencies point to five practical steps, which they say are not new, but are much more urgent as the capability of AI-driven cyber attacks continues to grow.
They include reassessing which systems it runs actually need to be online, and removing those that do not need to be connected at all.
It warns “legacy systems” such as computers running old, unsupported software are a soft target, and urges organisations to regularly limit access to critical systems.
The joint statement said governments and corporations can no longer consider cybersecurity as an “IT issue”, arguing instead that it was critical to market confidence.
AI is the problem and the answer
But the agencies argue that as potent as AI is as a threat, it is equally useful in defending against cyber attacks.
It urges government and corporate leaders to incorporate artificial intelligence into cyber defences, and says continually reviewing and improving defences is also key.
“Organizations that integrate AI tools into their security operations can detect vulnerabilities earlier, improve software quality, monitor unusual behaviour, and respond faster to incidents — reducing both the cost and impact of incidents,” the joint statement said.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats.”
AI giant Anthropic recently offered access to its powerful Mythos tool to a number of Australian government and corporate organisations, with the aim of improving their cybersecurity capabilities.
But days later, the Trump administration limited the access of foreign nationals to Anthropic’s most advanced AI systems.
The Mythos AI model is considered so powerful in identifying software and network flaws that Anthropic has deliberately limited its access, fearing its capability should it fall into the wrong hands.
Head of the Australian Cyber Security Centre at the Australian Signals Directorate, Stephanie Crowe, said Australia was well placed to counter the threats AI poses if the right steps were taken now.
“I’m actually really positive that we have the tools and we have the capabilities,”
she said.
“If we all take action and we actually take the time to look at our cyber risk management plans, and the priorities we place on the things that we need to do to defend ourselves, then we’re in a really good place.
“It’s even better if we can learn from new technologies emerging in the environment, like AI, on how we can use these new technologies defensively, because our adversaries are using them and we all need to use them to defend our networks.”
