
On 22 June 2026, the intelligence agencies of the United States, United Kingdom, Australia, Canada, and New Zealand spoke in a single voice about enterprise AI risk, and what they said demands attention.
The Five Eyes cybersecurity agencies issued a joint statement warning that frontier AI models are improving at a pace that will allow them to bypass prevailing enterprise cybersecurity defences within months. Not within years. Not in the next planning cycle. Within months. The statement’s own language: “The timeline is not years, it is months.”
This Is Not an Abstract Warning
Joint statements from the Five Eyes agencies carry a different category of authority than vendor advisories or consultancy threat reports. These are national intelligence services with access to classified threat intelligence, speaking to government and enterprise leaders simultaneously. When they frame a risk as both imminent and enterprise-specific, take it at face value.
What sets this advisory apart from every AI security conversation most enterprises have been having is one thing: specificity. The Five Eyes statement does not describe abstract AI risks. It specifically names the enterprise AI tools deployed at scale in the last 18 months: copilots, AI assistants, browser-connected agents, and systems with access to operational and customer data. The primary attack mechanism, developed across Five Eyes guidance published earlier this year, is prompt injection: an adversary embeds hidden instructions in content the AI system processes, causing it to act outside its intended scope.
That specificity matters. It means the tools that most large enterprises have already deployed are the attack surface being described.
The Threat Moved Faster Than Your Review
Most organisations that have rolled out AI copilots, enterprise agents, or browser-integrated assistants have conducted security reviews of those deployments. The Five Eyes advisory is not questioning whether those reviews happened. It is saying that the threat has moved faster than the defences, and that a review conducted six months ago may no longer accurately reflect the risk profile today. The gap is not in intent. It is in elapsed time against a threat that has not stood still.
The advisory is explicit that this is not solely a security-team problem. The statement directs its recommendations at leadership, framing AI-driven cyber risk as a governance and board-level accountability question. The statement’s own title: “The AI shift in cyber risk: why leaders must act now.” That framing has direct implications for how risk registers are built and how AI deployment decisions are reported to boards.
Three Things Worth Doing Before Your Next Board Meeting
The advisory points to three things transformation leaders should act on before their next board meeting.
The first is a current security review. Every AI deployment connected to operational data, whether customer records, financial systems, or internal communications, needs a review that specifically addresses prompt injection risk. Not the review conducted at go-live. A current one, calibrated to the threat capability the Five Eyes describe as arriving within months.
The second is an updated risk register. Most enterprise risk frameworks assessed AI security risk at the point of initial deployment. The Five Eyes advisory says the threat environment has changed materially in the months since, and the assessment needs to reflect current threat capability rather than historical assumptions. An outdated risk assessment is not a minor administrative gap at this point. It is a governance exposure.
The third is using the advisory to reframe the conversation at board level. Six cybersecurity agencies from five countries issued this statement with an explicit focus on business leadership. That gives transformation leaders the instrument they need to move boards that have been treating AI security as an implementation detail. The Five Eyes advisory makes it a governance question. Use it as one.
The AI deployment decisions taken in the last 18 months created an attack surface. Most enterprise risk registers have not yet priced what that surface is worth to an adversary with AI-powered attack tools that are months from bypassing prevailing defences. That gap needs to close, and it closes with a current assessment, not one accurate at the time of go-live.