Skip to content
You can now search across every topic, entity and event.What's new
Five Eyes
Organisation

Five Eyes

Intelligence alliance of the US, UK, Canada, Australia, and New Zealand; coordinates cyber threat response.

Last refreshed: 24 June 2026 · Appears in 1 active topic

Key Question

Why did all five Western cyber agencies jointly warn AI threats arrive in months?

Timeline for Five Eyes

#822 Jun

Issued first joint AI cyber-risk statement declaring months-not-years threat timeline

Cybersecurity: Threats and Defences: Five Eyes warn AI threat is months away
View full timeline →
Common Questions
What countries are in Five Eyes?
The Five Eyes alliance consists of the United States, United Kingdom, Canada, Australia, and New Zealand, united by signals-intelligence sharing agreements dating to 1946.Source: UKUSA Agreement / intelligence community
What did the Five Eyes say about AI cyber threats in 2026?
On 22 June 2026, all five cyber agencies issued their first joint AI cyber-risk statement, declaring frontier models will fundamentally transform offensive and defensive capabilities and that AI-enabled exploitation is a threat measured in months, not years.Source: Five Eyes joint AI cyber-risk statement, June 2026
Why do Five Eyes joint advisories matter more than single-country warnings?
A Five Eyes joint statement means all five governments agreed on the claim, absorbing the diplomatic cost of collective attribution. It eliminates the possibility that the warning reflects one country's political interest and sets the reference standard for Allied Nations and enterprise security teams globally.Source: Five Eyes advisory methodology

Background

The Five Eyes is the signals-intelligence sharing alliance of the United States, United Kingdom, Canada, Australia, and New Zealand, established through a series of bilateral agreements from 1946 onwards. In the cybersecurity domain, the alliance operates through its five national cyber agencies: the US CISA, the UK NCSC, Australia's ASD (Australian Signals Directorate), Canada's CCCS (Canadian Centre for Cyber Security), and New Zealand's NCSC-NZ. These five bodies issue joint advisories, threat attributions, and policy statements when they have reached consensus on a significant cyber risk. On 22 June 2026 they issued their first joint statement specifically on artificial-intelligence cyber risk, declaring that frontier models will fundamentally transform both offensive and defensive capabilities and placing the threat horizon at months, not years.

The alliance's cyber co-ordination has become more operationally significant over the past four years. Past joint outputs include the 16-agency China-nexus advisory (2023) and repeated attribution statements on Russian state cyber actors. The decision to publish as Five Eyes rather than as individual national agencies signals that member governments consider a claim substantive enough to absorb the diplomatic cost of collective attribution. For AI risk, that threshold having been crossed means the warning is not hedged by any single government's political calculus; all five signed it.

The Five Eyes cyber voice carries outsized normative weight relative to the alliance's combined population. Its advisories routinely set the reference point for European, Japanese, and South Korean cyber posture, and are cited by vendors when advising enterprise clients on threat prioritisation. The June 2026 AI statement arrived the same week the US operationalised the exploit-automation concern into its new patch-tiering directive BOD 26-04, and within days of the UK NCSC quantifying 200-plus CNI incidents in a year. The alignment across all three outputs makes the AI threat assessment harder to discount as a single agency's outlier forecast.

More questions
Who are the Five Eyes cyber agencies that signed the 2026 AI statement?
CISA (US), NCSC (UK), ASD (Australian Signals Directorate), CCCS (Canadian Centre for Cyber Security), and NCSC-NZ (New Zealand) jointly issued the statement on 22 June 2026.Source: Five Eyes joint AI statement signatories
How does the Five Eyes AI cyber warning connect to the new US patch directive?
BOD 26-04, issued 10 June 2026, scores exploit-automation feasibility as one of its four risk dimensions. The Five Eyes statement named that same AI-enabled acceleration as a months-horizon threat, effectively validating the directive's core assumption at an allied level.Source: CISA BOD 26-04 + Five Eyes statement
Source Material