On June 22, 2026, the cyber security agencies of the Five Eyes alliance — the US, UK, Canada, Australia, and New Zealand — did something they rarely do: issued a joint public warning. On AI-powered hacking, their words were blunt: "The timeline is not years, it is months," and "breaches will occur." They expect frontier AI to "fundamentally transform both offensive and defensive cyber capabilities."

A reflexive read is "AI is about to take down governments." That's not what they said — that phrasing came from a headline, not the agencies. Their actual warning is narrower and arguably more useful: the tools that let attackers find and exploit security holes are about to get dramatically better, dramatically faster, and broadly available.

The backdrop: a model pulled off the market

The warning lands days after the US moved on the most powerful AI on the market. In mid-June, the Trump administration issued an export-control order barring any foreign national — including Anthropic's own foreign employees — from accessing the company's two top models, Fable 5 and Mythos 5. To comply, Anthropic disabled both models for all customers worldwide. The government cited national security and a security flaw (a "jailbreak"); Anthropic called the flaw narrow. The Five Eyes statement reportedly name-checks Fable 5 as an example of the capability it's worried about.

The thing nobody says plainly

The people whose job is to be paranoid about cyber threats — and who almost never speak with one public voice — just did. When the NSA, GCHQ, and their counterparts agree the timeline is "months," the safe assumption is that it's already here in private.

Disclosure: The BL:UF's publisher builds products using Anthropic's AI models.

Receipts: cyber.gov.au (official Five Eyes cyber security agencies statement); CyberScoop ("the timeline is not years, it is months"); Axios, Al Jazeera, The Hill (the US order barring foreign access to Fable 5 / Mythos 5, and Anthropic disabling both for all customers).