




















Five Eyes cyber leaders have warned that governments and businesses must act now ahead of a looming wave of AI-driven security risks – here’s what the industry has to say.
David Hayes
Director, APAC, at Arctic Wolf
The Five Eyes warning reinforces what many security leaders are already seeing. AI is making it easier for cyber-criminals to launch attacks faster, at greater scale and with less effort than ever before.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
While AI is often associated with sophisticated new threats, the bigger concern is how quickly it can help attackers identify vulnerabilities, craft convincing phishing campaigns and exploit existing security gaps. In many cases, attackers don't need new attack techniques. They simply need to find weaknesses faster than organisations can fix them.
That's particularly concerning given Arctic Wolf's recent State of the Cybersecurity Attack Surface Report found that one in three IT assets are either missing a critical security control or are misconfigured. As AI continues to accelerate the speed and scale of cyber threats, organisations need greater visibility across their environments and a strong foundation of security controls to reduce opportunities for attackers.
The fundamentals of cybersecurity haven't changed, but the pace has. Organisations need to be able to identify, prioritise and respond to threats quickly, because attackers are increasingly operating with AI on their side.
Jeremy Pell
ANZ Country Manager at Elastic
The Five Eyes statement is a direct message to Australian organisations: the window to act is closing, and AI is the reason why.
Australia's own ACSC has co-signed this call to action, and that carries weight. This isn't a theoretical risk assessment from overseas. It's our own cyber security leadership telling boards and executives that the threat has fundamentally changed in nature and speed.
AI is collapsing the time between vulnerability discovery and exploitation to minutes or seconds. For Australian organisations navigating stretched security teams, legacy infrastructure, and fragmented environments, that pace is genuinely dangerous if you're still relying on manual detection and response.
The agencies are right that this isn't about having more tools. It's about getting the fundamentals right and using AI deliberately to strengthen defence. That means moving towards an agentic security operations capability, where AI handles triage and enrichment at machine speed while human analysts focus on judgment and escalation.
Shane Fry
CTO at RunSafe Security
One of the most important messages in the Five Eyes warning is that AI is changing the economics and speed of cyber attacks. As AI enables adversaries to discover and exploit software weaknesses faster, organisations can no longer depend exclusively on patch cycles and vulnerability management. The window between discovery and exploitation is shrinking to the point where remediation alone may not keep pace.
This is particularly concerning for embedded systems, operational technology and critical infrastructure environments, where patching can take months or years and systems often remain in service for decades. The focus must shift from simply identifying vulnerabilities to making them unusable to attackers. Resilience and vulnerability mitigation need to become foundational design principles because the AI era rewards attackers that can move faster than defenders.
Australia has strong cyber security foundations. The question the ACSC is asking is whether we're building on them fast enough.
Cornelius Mare
Chief information security officer, Australia, at Fortinet
As the threat landscape evolves, so too must the baseline required to protect critical infrastructure. It will be important to define a baseline that supports safe adoption of emerging technologies and AI, with more context-aware frameworks that help secure critical infrastructure and Australian businesses.
Gary Barlet
Public Sector CTO at Illumio
The idea that the threat was somehow going to be slowed because models like Mythos weren't broadly released was always wishful thinking. Whether it's Mythos, Fable, or the next frontier model, it isn't a matter of if these capabilities become widely available; it's when. The Five Eyes warning is a wake-up call that AI is about to dramatically accelerate the speed, scale, and sophistication of cyberattacks, lowering barriers for adversaries and giving them capabilities that were once limited to highly skilled actors.
What worries me is that too many organisations still think they can patch their way out of this problem. We couldn't keep up before AI, and we certainly won't keep up after it. Attackers have always had the upper hand because they don't operate under the same constraints as defenders, and that's even more true in the age of AI. It's time for organisations to stop treating a breach as a possibility and start treating it as an inevitability.
Want to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。