
Five Eyes
Intelligence alliance of the US, UK, Canada, Australia, and New Zealand; coordinates cyber threat response.
Last refreshed: 24 June 2026 · Appears in 1 active topic
Why did all five Western cyber agencies jointly warn AI threats arrive in months?
Timeline for Five Eyes
Issued first joint AI cyber-risk statement declaring months-not-years threat timeline
Cybersecurity: Threats and Defences: Five Eyes warn AI threat is months awayWhat countries are in Five Eyes?
What did the Five Eyes say about AI cyber threats in 2026?
Why do Five Eyes joint advisories matter more than single-country warnings?
Background
The Five Eyes is the signals-intelligence sharing alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, established through a series of bilateral agreements from 1946 onwards. In the cybersecurity domain, the alliance operates through its five national cyber agencies: the US CISA, the UK NCSC, Australia's ASD (Australian Signals Directorate), Canada's CCCS (Canadian Centre for Cyber Security), and New Zealand's NCSC-NZ. These five bodies issue joint advisories, threat attributions, and policy statements when they have reached consensus on a significant cyber risk. On 22 June 2026 they issued their first joint statement specifically on artificial-intelligence cyber risk, declaring that frontier models will fundamentally transform both offensive and defensive capabilities and placing the threat horizon at months, not years.
The alliance's cyber co-ordination has become more operationally significant over the past four years. Past joint outputs include the 16-agency China-nexus advisory (2023) and repeated attribution statements on Russian state cyber actors. The decision to publish as Five Eyes rather than as individual national agencies signals that member governments consider a claim substantive enough to absorb the diplomatic cost of collective attribution. For AI risk, that threshold having been crossed means the warning is not hedged by any single government's political calculus; all five signed it.
The Five Eyes cyber voice carries outsized normative weight relative to the alliance's combined population. Its advisories routinely set the reference point for European, Japanese, and South Korean cyber posture, and are cited by vendors when advising enterprise clients on threat prioritisation. The June 2026 AI statement arrived the same week the US operationalised the exploit-automation concern into its new patch-tiering directive BOD 26-04, and within days of the UK NCSC quantifying 200-plus CNI incidents in a year. The alignment across all three outputs makes the AI threat assessment harder to discount as a single agency's outlier forecast.