The three-page statement, released simultaneously in five countries, didn't name any specific company or AI model. But the wording was clear: "Advanced AI models are predicted to far surpass current tech industry predictions, fundamentally altering both offensive and defensive capabilities in cyberspace." And immediately following that was the most widely quoted statement: "The timeline isn't measured in years, but in months."
This isn't the first warning about AI and cybersecurity. But it's different in the level of consensus. The five leading cybersecurity agencies in the Five Eyes alliance – comprising the Australian Cyber Security Centre, the Canadian Cyber Security Centre, the New Zealand National Cyber Security Centre, the UK National Cyber Security Centre, along with the US Cybersecurity and Infrastructure Security Agency (CISA) and the NSA – which don't usually issue joint statements, this time signed a document using the same urgent language. "Cyber risks can no longer be viewed as purely technical issues," the statement reads, "These are core business risks and leadership responsibilities."
The direct reason for this urgency lies in how AI alters the pace of an attack. Previously, there was a time lag between the discovery of a software vulnerability and its exploitation, enough time for security teams to patch it. AI shortens that time lag to unprecedented levels: models can automatically scan, write exploit code, and spread attacks faster than humans can react. Just 12 days before this announcement, CISA ordered all civilian federal agencies to address the most critical vulnerabilities within three days, a much shorter timeframe than the traditional patching cycle which typically takes weeks.
The impact is not evenly distributed. Cybersecurity experts believe that large corporations, which have invested years in defense systems, will adapt more quickly. The most vulnerable are small and medium-sized enterprises (SMEs), where cybersecurity budgets are limited and technical teams are small. India, one of Asia's fastest-growing digital economies , has seen a 165% increase in ransomware attacks in the first few months of 2026; in which AI is believed to have helped hackers choose targets more precisely and create phishing emails that are increasingly difficult to distinguish from real ones.
However, the statement also points to another reality. While warning about the risks, these five agencies assert that AI is part of the solution, not just a source of threat. Organizations that integrate AI tools into their security operations, according to the statement, can detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond more quickly when incidents occur. This is no random paradox. It accurately reflects the nature of dual-use technology: the speed that AI provides to attackers is the same speed it can provide to defenders. The question is who deploys it first, and who deploys it better.
This warning itself comes at a somewhat ironic time. Just days earlier, the US government had tightened access for foreign entities to some of the most advanced AI models, citing national security concerns. This shows that even within the West, there is still no complete consensus on the risks and benefits of the most powerful AI models. One side sees restricting access as a way to control the spread of risk. The other, as evidenced by the Five Eyes statement itself, believes that equipping AI for broader defense is the only way to keep pace with the speed of an attacker.
The specific recommendations in the statement are nothing new: faster patching, restricting access to sensitive systems, and keeping devices off the network unless necessary. These are still the basic cybersecurity advice, repeated countless times over the years. What's new isn't the solutions themselves, but the timeframe within which they must be implemented. An organization that once had months to patch a critical vulnerability now has only days. The question is no longer which organization will be targeted, but which organization can adapt before the time advantage completely shifts to the attacker.
Source: https://cand.vn/cuoc-dua-an-ninh-mang-tinh-bang-thang-post814834.html
