
What five governments just told the world, together
AI models capable of launching major cyberattacks that could overwhelm the defences of governments and businesses are months — not years — away, an international alliance of intelligence agencies warned in a joint statement. The Five Eyes grouping, comprising the United States, United Kingdom, Canada, Australia, and New Zealand, urged governments and corporate leaders to "act now" to improve their defences against sophisticated cyber threats. DeepSeek
It is worth pausing on what the Five Eyes alliance actually is before reading further. This is not a research consortium, an industry body, or a coalition of concerned academics. It is the most established intelligence-sharing partnership among English-speaking democracies, built originally around signals intelligence and Cold War-era threat assessment, and it does not typically issue rare public statements about emerging technology unless it has independently assessed the threat as both credible and urgent. The rare call to action comes after the Trump administration ordered AI giant Anthropic to suspend use of its most advanced models by foreign nationals, and highlights the growing unease among western nations about the emerging capabilities of the technology.
A group of intelligence agencies from across the world, including the US, warned that artificial intelligence is "rapidly transforming" cybersecurity risks, urging global organisations to prepare immediately. In their own words: "While AI will help us improve cyber defence over time, it also accelerates the speed, scale, and sophistication of cyber threats." They added, deliberately and bluntly: "AI is not a future consideration — it is already here."
The joint statement, released Monday, states plainly: "Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities." "The timeline is not years, it is months."
The connection to a story we have been following since April
AI Ready School has tracked the story of Anthropic's Mythos model from the very beginning, and this week's warning is the direct continuation of that story arc — not a coincidence, but a consequence.
AI models are advancing at warp speed, and independent assessments have shown some models are now reaching expert levels of cyber capability. AI firms have long warned of how the technology could empower bad actors to hack faster, cheaper and at a broader scale, but concerns ramped up this year amid these firms' new cybersecurity models like Anthropic's Mythos model. Anthropic held back the full release of the Mythos model earlier this year, saying it was too dangerous for public use. The firm maintains Mythos is able to spot decades-old vulnerabilities, making it easier for governments, software and infrastructure to patch things up, but also easier for bad actors.
This is the precise tension AI Ready School covered in April, when Anthropic locked away Mythos before the world had heard of it, and again in June, when the company released a public version called Fable 5 with safety classifiers attached, only to have the US government order it suspended days later over a disputed jailbreak vulnerability. The intelligence brief highlights an immediate danger: advanced, upcoming models like OpenAI's "GPT-5.5-Cyber" and Anthropic's "Mythos" are actively lowering the technical barriers for digital crime. The same dual-use capability that made Anthropic cautious about releasing Mythos in the first place, that made the US government revoke public access to its safety-gated successor, is the exact capability that five national intelligence services are now telling the entire world to prepare to defend against — within months. Fortune
This is not five separate stories. It is one story, told from five different vantage points: a company that built something it judged too powerful to release freely, a government that judged the safety measures insufficient even after the company tried to fix them, and now a coalition of the world's most capable intelligence agencies confirming, independently, that the underlying capability genuinely is as serious as Anthropic originally feared.
The numbers behind the warning
The statement is not a vague gesture toward future risk. It is backed by data already visible in the world right now.
The rapid evolution of these tools means everyday internet users are about to face a much shiftier digital landscape. Bad actors are leveraging conversational models to generate hyper-personalised phishing scams at an industrial scale. This shift matters because it removes one of the oldest and most reliable forms of digital self-defence: spotting bad grammar, awkward phrasing, or generic mass-produced scam emails. Rather than relying on easily spotted, poorly written spam emails, automated systems can scan public social media profiles to write flawless, highly convincing messages designed to steal credentials. A scam email no longer has to be generic. It can now be written specifically about you, in a tone that matches how people you know actually write, referencing real details from your own public digital footprint.
This trend is hitting the Asia-Pacific region particularly hard, with countries like India recording a staggering 165% spike in ransomware incidents in early 2026 due to AI-assisted targeting. That figure deserves particular attention for any organisation operating in India. A 165% increase is not a gradual trend line. It is evidence that AI-assisted attacks are already operating at meaningfully different scale and sophistication than the threats Indian institutions — including schools — were built to defend against even twelve months ago.
According to the World Economic Forum's Global Cybersecurity Outlook, a massive 94% of corporate executives identify AI as their top threat vector, yet two out of three organisations report moderate to critical cybersecurity talent shortages. Read those two numbers together. Almost every senior executive in the world now agrees that AI-driven cyber risk is the single biggest threat their organisation faces. At the same time, the majority of those same organisations openly admit they do not have the trained people needed to respond to it. The gap between the scale of the threat and the scale of the available expertise is, in itself, one of the most important workforce and education stories of this decade.
The primary challenge facing cyber defenders is that machine-paced offence naturally moves faster than human-led detection. This single sentence captures the structural problem underlying the entire warning. Human security teams, however well-trained, operate at human speed — reviewing alerts, investigating anomalies, making judgment calls. An AI-driven attack does not wait for a human review cycle. The asymmetry between machine-speed offence and human-speed defence is precisely why intelligence agencies that rarely comment publicly on emerging technology chose to speak now, together, and in unusually direct language.
What the agencies are actually recommending
It would be easy to read a warning like this and conclude that the only sensible response is fear or withdrawal from AI entirely. That is explicitly not what the Five Eyes statement recommends.
The Five Eyes alliance emphasises that the most effective way to withstand these accelerating AI cyber threats is to deploy automated defences. Security teams are actively integrating defensive artificial intelligence models to monitor unusual behaviour and isolate network breaches. The alert also urges organisations to fight fire with fire, deploying AI to fight off cyberattacks. FortuneTNW | Launch
Cybersecurity expert Demetrice Rogers, who teaches at Tulane University, said the Five Eyes statement was not entirely new information to specialists in the field. Another expert, Howell, said organisations cannot entirely stop AI-powered cyberattacks, but they can reduce the impact, and should move toward adaptive defences that assume criminal tactics will keep evolving. "The organisations that will struggle most are those treating AI-driven cyber threats as a future problem. It is already here, but in many cases it is showing up through ordinary attacks that are simply faster, more persuasive, and more scalable than before."
Rogers added a piece of practical advice that applies to every individual, not just institutions: "I always tell people, be mindful of what you put into AI. I know some people who upload all of their personal information and documents." He said that is risky, as there is no guarantee how well AI companies will protect personal data, or that the information will not end up in an unintended database somewhere.
For individual users, the basic rules of internet safety are becoming mandatory. Turning on multi-factor authentication and deleting old, unused online accounts remain among the most effective ways to break the automated chain of an AI-driven attack. The advice is unglamorous, almost old-fashioned. But the warning behind it is genuinely new: the cost of neglecting basic digital hygiene is rising sharply, because the attacker on the other end may no longer be a person working through a list of targets one at a time, but an automated system working through millions of targets simultaneously, at a speed no human attacker could ever match.
Why a warning like this belongs on a page about education
There is a temptation to read a story like this as belonging to the world of corporate IT departments, national security briefings, and cybersecurity vendors — important, but distant from a classroom in India. That reading misses something essential about what this moment actually represents.
Currently there is no transparent, consistent framework for regulating AI in the United States. While some experts say the government should be involved in conversations about AI safety, others argue the result could stifle the industry. Dozens of cybersecurity researchers, AI entrepreneurs, and corporate executives this month signed an open letter urging the Trump administration to commit to "an open, scientific and transparent process of handling AI risk assessments," saying it was "essential" for security teams to find and fix flaws in their own newly-written, as well as decades of legacy, code faster than adversaries. DeepSeekDeepSeek
This is the world the children sitting in classrooms today will inherit as working adults — not a world where AI is a novel tool to be cautiously introduced, but a world where AI-driven offence and AI-driven defence are already locked in a continuous, accelerating contest, and where the institutions responsible for governing that contest are still building the basic frameworks to do so. The 165% spike in ransomware incidents in India is not an abstraction for a school evaluating its own digital infrastructure, its own student data systems, its own AI tools. It is the threat environment those systems already exist within, right now, in 2026.
This is exactly why Matrix — AI Ready School's on-premise AI infrastructure — was built around the principle that data sovereignty and infrastructure control are not optional extras for a school adopting AI, but foundational requirements. A school whose student data, learning records, and AI systems live entirely within its own walls, governed by its own policies, is meaningfully less exposed to the kind of large-scale, AI-assisted, geographically indiscriminate attacks the Five Eyes statement describes than a school whose data sits entirely on third-party cloud infrastructure it does not control or fully understand.
But the deeper, longer-term answer to this week's warning is not infrastructure alone. It is the children themselves. "Be mindful of what you put into AI" is advice that belongs in every classroom, not just every corporate security briefing. A generation of students who have grown up genuinely understanding how AI systems work — what they can do, what they can be tricked into doing, how a convincing AI-generated message differs from a genuine one, and why basic digital hygiene now matters more than it ever has — is a generation better equipped to navigate the threat landscape this warning describes than one that has only been taught to use AI tools without understanding how they can be turned against the people using them.
This is the precise gap NEO and the Agentic AI for Kids programme are built to close: not teaching children to fear AI, and not teaching them to use it uncritically, but giving them direct, hands-on understanding of how these systems actually function — including their vulnerabilities — so that when they read a headline like this one as adults, they understand exactly what it means and what to do about it. The intelligence agencies of five nations have just told the world that the timeline for this threat is months, not years. The schools that take AI literacy seriously today are not preparing students for an eventual, distant future. They are preparing them for a present that has already arrived.
The sentence worth sitting with
"AI is not a future consideration — it is already here."
That sentence was written by the cybersecurity leadership of five national governments, addressed to every business, government, and institution on Earth. It applies just as directly to every school deciding, right now, how seriously to take AI literacy, AI infrastructure, and AI governance for the children in its care.