Cyber agencies from the Five Eyes intelligence-sharing alliance — Australia, Canada, New Zealand, the UK, and the US — warned that artificial intelligence could reshape cyber threats within months, not years.
The warning says advanced AI could speed up both cyberattacks and cyber defense, raising pressure on organizations that use AI assistants, copilots, browser tools, and agents connected to enterprise data. For security teams, the priority is no longer just whether to adopt AI, but how to control its access, monitor its actions, and prepare for attacks that move faster than traditional response cycles.
AI shrinks the cyber response window
In the joint Five Eyes statement, cyber leaders said AI is increasing the speed, scale, sophistication, and complexity of cyber threats. The agencies framed AI-driven cyber risk as a leadership issue and urged organizations to reduce attack surfaces, patch faster, address legacy systems, strengthen identity and access controls, and prepare incident response plans.
AI can help attackers scan for weaknesses, generate cleaner phishing lures, and move faster from vulnerability discovery to exploitation. It can also help defenders find vulnerabilities, monitor unusual behavior, and respond faster to incidents.
Permissions and logging are now central to enterprise AI security. An assistant with broad access to email, documents, or collaboration platforms can expose sensitive data if its retrieval, summarization, or actions are manipulated. Recent incidents involving vendor access and exposed customer data show why connected systems and third-party integrations deserve close review.
Prompt injection turns trusted tools into attack paths
The OWASP Top 10 for LLM Applications lists prompt injection as LLM01:2025, covering attacks that manipulate a model through direct prompts or indirect content the model retrieves from outside sources.
A malicious instruction can be hidden in an email, web page, document, chat message, or knowledge base entry. If an AI assistant retrieves that content, the model may process the hidden instruction with the material it was asked to summarize or analyze.
One documented example is EchoLeak, tracked as CVE-2025-32711. Researchers said the Microsoft 365 Copilot vulnerability showed how a crafted email could trigger data exfiltration through an AI assistant without user interaction.
Generative AI can also help attackers write more polished and personalized phishing messages. That risk overlaps with broader cybercrime trends, including AI-enabled scams and phishing activity flagged in recent APAC threat reporting.
High-risk setups include AI assistants connected to email, calendar, and document systems; browser summarization tools; retrieval systems that pull from internal and public sources; and agents allowed to send messages, modify files, run queries, or act without approval.
CISA and its partners have urged caution around agentic AI services, which can use tools or take actions with varying levels of autonomy. Adoption is moving quickly across enterprise software as companies add more agentic AI features. These systems need strict access controls, human approval for sensitive actions, activity logs, and incident response procedures.
The practical response is not to halt AI adoption, but to narrow where AI tools can reach. Security teams should inventory AI connectors, reduce permissions to least privilege, disable unnecessary web summarization, log assistant activity, and test how they would investigate an AI-related incident.
Read more: Europol and Microsoft disrupted malware infrastructure tied to 27 million stolen logins and 140,000 infected computers.