Five Eyes issue ‘call to action’ as AI becomes a ‘core’ cybersecurity risk – National
Cybersecurity agencies for Canada and its Five Eyes allies have issued a whole-of-society “call to action” that warns artificial intelligence is “rapidly transforming cyber risk,” allowing attackers to exploit vulnerabilities at ever-increasing speed.
At the same time, the joint advisory says AI offers “powerful tools” to strengthen cyber defences and urges organizations to integrate them into their core business strategies.
“While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats,” the Canadian Centre for Cyber Security and its counterparts in the U.S., Britain, Australia and New Zealand said.
“The timeline is not years, it is months.”
The advisory says the arrival and rapid advancement of frontier AI models that can find and exploit unknown vulnerabilities faster than humans means cyber risk “can no longer be treated as a purely technical issue.”
“This is a core business risk and leadership responsibility,” it says. “Boards and executives should ensure cyber resilience is in place and works under pressure.
“It is not enough to have controls,” the advisory continues. “Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defence – not just improve efficiency.”
Organizations across all sectors are being urged to take “urgent” action on limiting system access, invest in training and preparedness, accelerate protocols and timelines for security updates and patching vulnerabilities, and enforce strong permissions and authentication for verified users.
Get daily National news
Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.
However, the cyber agencies acknowledge that “breaches will occur” as ever-evolving AI models are harnessed to find new vulnerabilities, including “zero-day vulnerabilities” where a solution or patch does not yet exist.
The advisory says those same AI tools can also be integrated by organizations to detect vulnerabilities earlier, respond to breaches faster and monitor “unusual behaviour,” all while reducing costs.
By doing so, the agencies say, organizations can ensure “operational continuity and market trust” — so long as leaders are quick to act.
“Adversaries are already using AI to move faster and more effectively. Defenders must do the same,” the advisory says.
“Leaders who act now will reduce exposure, strengthen resilience, and build confidence with customers, partners, and investors. Those who delay will face growing and avoidable risk.”
The advisory comes in the wake of the federal government’s updated AI strategy that aims to greatly increase AI adoption across the public and private sectors.
Among the key actions listed under one of the strategy’s central pillars, “protecting Canadians and safeguarding our democracy,” is a commitment to accelerate AI research and deployment for cyber defence and data protection.
It also promises to “proactively work with frontier AI companies” to ensure critical systems are protected from AI-based cyber and national security threats.
Earlier this month, Ottawa confirmed it had gained access to Anthropic’s powerful AI model Mythos 5, and was using it to test the security and resiliency of government and critical systems.
Anthropic has said Mythos 5 is so “strikingly capable” that it was limiting its use to select customers because of its ability to surpass human cybersecurity experts in finding and exploiting computer vulnerabilities.
However, the U.S. government soon after directed Anthropic to withhold Mythos and its publicly-released counterpart Fable 5 from use by foreign nationals, citing national security concerns.
Prime Minister Mark Carney told reporters in Ireland that the move underscored the need for Canada and other nations to develop their own AI models.
“The situation we’re in collectively right now with Mythos and Fable is something that can happen with overreliance on certain models,” Carney said.
“Nobody has done anything wrong in the situation. But we will have done something wrong if we just accept this, don’t take the lesson, don’t build out and diversify.”
—with files from the Associated Press
© 2026 Global News, a division of Corus Entertainment Inc.
