Jun 24, 2026
Podcast: Months, Not Years—The Five Eyes AI Warning and Your Security Program
Tova Dvorin (00:01.973) On Monday, the 22nd of June 2026, six of the most senior intelligence and cybersecurity officials in the democratic world signed a joint statement. The heads of GCHQ’s NTSC in the UK, CISA and the NSA in the United States, the Australian Signals Directorate, the Canadian Centre for Cybersecurity, and New Zealand’s GCSB, all of them together on a single page saying: the AI shift in cyber risk is here, and the timeline is months, not years. And if you haven’t acted yet, you’re already behind. That’s the five eyes statement that dropped on June 22nd, 2026. And today we’re going to talk about what it actually means. Adrian (00:40.376) thing that stopped me, Tove, when I read it was the word months. These agencies don’t use that kind of language lightly. They are, as institutions, extremely cautious about timelines. They’re very experienced in risk and briefing senior government officials. When the NSA and GCHQ are jointly telling the business world, not the intelligence community, the business world, that their cyber risk assumptions could be outdated in months, not years, that’s not a hedge, that’s a warning. Tova Dvorin (01:10.421) Welcome to the Cyber Resilience Brief, a Safe Breach podcast. I’m your host, Tova Dvorin, joined as always by my favorite offensive cybersecurity and AI expert, Adrian Culley. Now, for everyone who hasn’t read it yet, I genuinely recommend you do. It’s three pages, it’s publicly available. The statement is titled The AI Shift in Cyber Risk: Why Leaders Must Act Now. Signed by Richard Horn at GCHQ, Nick Anderson at CISA, David Bordino at the NSA, Stephanie Crow at the Australian Signals Directorate. Vajiv Gupta at the Canadian Center for Cybersecurity, and Katriona Robinson at New Zealand’s GCSB. That’s the full five eyes intelligence alliance, aligned public at director level. Adrian, when was the last time we saw that? Adrian (01:52.056) Honestly Tova, there have been joint advisories, AA coded joint advisories on specific threat actors, Chinese pre-positioning, Russian descriptive campaigns, but a strategic level statement like this, all five nations, all six signatories, aim not at the security community, but boards and executives, I can’t think of a single direct precedent. This is the intelligence community deciding that the pace of change has outrun what it can communicate through normal channels. going direct. Tova Dvorin (02:23.991) Well let’s talk about what they’re actually saying because I think there’s a risk of reading this as just another cyber is important statement. This one is different. Walk me through the argument that they’re making. Adrian (02:33.4) So the core argument is that AI has fundamentally changed two things simultaneously. And these two changes compound each other in a way that makes the current period categorically different from what came before. The first change, AI lowers the barrier to entry for attackers. It accelerates reconnaissance. It assists with payload generation. It helps less skilled actors operate at a level of sophistication that previously required significant expertise and resources. The second change, and this one is what most organizations are not internalizing fast enough, AI is compressing the window between vulnerability discovery and exploitation. The statement is explicit on this. Patching processes need to accelerate because AI is shortening the time between when a vulnerability is published and when it’s being weaponized in the wild. Tova Dvorin (03:25.931) And that second point is the one that we should be land that second point is the one that should be landing harder than it is. Because the traditional response to patch faster is we have to change management processes, we have maintenance windows, we have operational systems that can’t just be updated on a Tuesday morning. The five eyes are essentially saying that model is broken, and AI just broke it faster than thought it was. Adrian (03:47.799) right and the statement acknowledges the operational reality. It specifically calls out systems with long update cycles as a higher risk category. They’re not pretending patch management is simple but they’re also not letting anyone off the hook with it’s complicated. The framing is delays in patching are now increasing the risk at a rate that is qualitatively different from what your existing risk models assumed. Your risk model needs updating. Tova Dvorin (04:16.604) There’s a line in the statement that I want to read directly because I think it’s the key phrase. It says, and I’m quoting, It is not enough to have controls. Leaders must be confident those controls were performed during a real incident. That’s not just a cybersecurity principle, that’s the entire argument in one sentence. Adrian (04:33.844) That sentence is doing a lot of work Tova. What it’s saying is that the presence of controls is not the same as the effectiveness of controls. You can have a firewall, an EDR, an identity platform, a SIEM. You can have every category of security tool uncovered and still not know whether any of it will actually stop the attack that’s coming because you’ve never subjected those controls to the conditions under which they’ll be tested. Stress testing it’s often referred to as. And in an AI accelerated threat environment, The conditions change faster. The controls you validated six months ago may already have gaps you don’t know about. Tova Dvorin (05:12.126) Adrienne, this is a theme we’ve come back to on the show multiple times. Visibility is not readiness. Having the tool isn’t the same as knowing the tool works against the thing that’s coming for you. But hearing it from the five eyes agencies in a joint statement with that level of explicitness, this is the intelligence community telling the business world something it’s been reluctant to fully accept. Adrian (05:32.727) Notice what they’re calling for. They’re not calling for more investment in more tools. They’re calling for validation. The practical actions they list. Reduce your attack surface. Accelerate patching. Address legacy systems. Strengthen identity controls. Prepare for incidents. None of these are buy a new product. They’re test what you have, understand where you are exposed and close the gaps you find. That’s a fundamentally different ask than the usual cybersecurity is underfunded narrative. Tova Dvorin (06:06.558) Let me double down on that legacy systems point specifically because they use language that I found striking. Now they don’t call legacy systems a technical problem, they call them strategic liabilities. That’s something that here at Safe Reach we’ve been saying for years when it comes to validation, and it’s ultimately a finance and board conversation, not an IT conversation. Adrian (06:25.46) It’s a deliberate reframe you’re quite right to highlight Tova and it’s the right one. A legacy system that’s running an unsupported operating system that can’t be patched because the vendor is end of life, that can’t be isolated because it’s too deeply integrated into the operational processes. That system isn’t just technical debt, it’s an entry point that an attacker with AI assisted reconnaissance will find, understand and exploit faster than your team can respond. When the Five Eyes call it a strategic liability, they’re trying to force a conversation that too often gets stuck in the IT department and never reaches the CFO or the board. Tova Dvorin (07:03.84) Let’s talk about the AI for defense piece because the statement is genuinely balanced here. They’re not just warning about AI-enabled offense. They’re pushing organizations to use AI on the defensive side as well. And instead of making general statements about AI is scary, they’re being specific about what that looks like. Detect vulnerabilities earlier, improve your software quality, monitor unusual behavior, and respond faster to incidents. Adrian (07:28.428) The framing there is important. They’re saying adversaries are already doing this. Adversaries are already using AI to move faster and more effectively to quote the report. And defenders that don’t match that capability have fallen behind. This isn’t a future state consideration. It’s not a prediction. The asymmetry is already in play. And what’s interesting is that the defensive use cases they name aren’t exotic. They’re not asking organizations to build custom AI models. or invest in research grade capabilities, they’re saying, integrate AI tooling into what you already do. For the outcomes you’ve already supposed to be achieving, earlier detection, better software, faster response. The AI component accelerates those. It doesn’t replace the underlying security practice. Tova Dvorin (08:17.728) The whole of organization language in the statement is also worth unpacking. They use the phrase whole of organization and whole of society response, that’s a quote. And it’s also language borrowed from national resilience doctrine. It’s the kind of framing that you use when you’re talking about pandemic preparedness or critical infrastructure protection. It’s interesting to see it being applied to enterprise cyber risk because that’s a significant elevation. Adrian (08:41.452) It’s an explicit signal that the board’s and executive audience isn’t being addressed as a courtesy. The agencies are saying the people who make capital allocation decisions, who set organizational priorities, who decide whether cybersecurity gets authority and resources, those people are accountable for what happens next. The CISO can’t carry this alone. The statement is almost diplomatic in its phrasing, but the message underneath is… If your board isn’t engaged on this, your board is part of the problem. Tova Dvorin (09:13.994) We should also talk about the signatories themselves for a moment, because the composition of all of those who signed this five eyes statement tells you something about their intent. So Richard Thorne at GCHQ, that’s the UK’s most senior cyber official. Nick Anderson is the acting director at CISA, which is the US federal agency responsible for critical infrastructure protection. David Imbordino is director of cybersecurity directorate at the NSA. That’s the signals intelligence community’s offensive and defensive cyber capability in one role. These aren’t mid level policy officials. These are the people who see the threat picture in full. When they say frontier AI models are anticipated to exceed current industry expectations and that that timeline is months, they are not guessing. They are warning. Adrian (09:59.801) They have visibility that the public sector doesn’t. When CSO and NSA say something about the pace of AI enabled threat development, they are drawing on classified collection, on intelligence sharing across the Alliance, on analysis that the private sector does not have access to. That’s why the month’s not years framing is significant. They’re not extrapolating from public reporting. They’re telling you what they know and we should pay attention. Tova Dvorin (10:28.618) Which brings us to the question that everyone listening is probably asking, what do you actually do with this? Yet another warning, what do I do? Because the the statement gives five practical actions, but they’re not prescriptive, they’re directional. So for the CISO who reads this statement this week and goes back to their team, what does Monday morning look like and what is he or she going to be telling them? Adrian (10:47.406) So I think the honest answer is that Monday morning looks like a hard conversation about whether your current security program answers the question the statement is asking, which is, your controls perform under real conditions? And the reason that’s a hard conversation is that for many, if not most organizations, the answer is we believe so, but we haven’t tested it systematically. You have your tooling, you have your configuration baselines, You may have done a penetration test in the last 18 months, but continuous systematic validation of whether your controls stop the techniques that current threat actors are actually using, that’s where most programmes have a significant gap. Tova Dvorin (11:33.141) The statement specifically calls out the defense and death principle as well. You know, resilience cannot depend on a single solution or technology. And it anticipates emerging AI specific vulnerabilities, including zero days that don’t exist yet. By the way, if you haven’t listened to our episode on this, go back and listen to episode sixty four on your Cyber Resilience Brief Radio Dial. Anyway, these zero days that don’t exist yet is a remarkable thing to put in a public document. They’re essentially saying the attack surface you’re defending today will look different in six months. And you need to build a program that can adapt to that, not one that assumes a fixed threat landscape. Adrian (12:06.744) The zero day point is significant. We’re entering a period where AI systems themselves become attack surfaces, subject to a lot of internal work at Safe Breach at the moment. Model poisoning, adversarial inputs, prompt injection at scale, compromised training pipelines. Those aren’t theoretical areas I’ve been working on for over five years. But the more immediate concern the statement is flagging is that AI assisted vulnerability research will find zero days in existing systems. Your legacy infrastructure, your network devices, your identity platforms, faster than your patching cycles can respond. That gap is going to widen if you don’t change the model. Tova Dvorin (12:51.54) well said, Adrian. And you know, looking at this text, there’s a principle in the statement that I think should be the frame for how organizations read the whole document. They write, and I quote here, breaches will occur, preparedness helps you contain them quickly and prevent escalation into major operational and financial crises. End quote. That’s assumed breach thinking, made explicit by six intelligence agency heads in a public document. This is not a drill. This is not radical in the security community. But it’s also not the conversation most sports are having, and they need to start having them now. Adrian (13:25.228) It’s an important distinction. Assumed breach isn’t pessimism and isn’t defeatism. It’s the acknowledgement that perimeter defence as the primary model, keep attackers out and if they’re out you’re safe, is inadequate. The assumed breach model says your job is to minimise dwell time, to detect lateral movement early, to contain the blast radius, to get to recovery fast. And all of those outcomes depend on having tested whether your detection and response capabilities actually work. under the conditions an attacker will create. The five I’s aren’t just calling for better defences, they’re calling for validated defences. Tova Dvorin (14:05.588) Now Adrian, let’s come back to the safe breach angle because you’ll know this speaks directly to what adversarial exposure validation is actually built for. Adrian (14:13.208) This is the part where I try not to sound like a product brochure. But the honest answer is that the Five Eyes statement is essentially a description of the problem that adversarial exposure validation exists to solve. The specific line, it is not enough to have controls. Leaders must be confident those controls will perform during a real incident. That is the use case. Safe Breaches Helm runs continuous attack simulations against your environment. using the techniques that real threat actors are actually using. Drawn from the hackers playbook, mapped to the MITRE ATT &CK framework and tells you whether your controls detect and block them. Not do you have ADR, but did your ADR actually stop the credential dumping technique that APT 41 used in their last campaign? That’s a different question and the Five Eyes are saying it’s the question organizations should be asking. Tova Dvorin (15:10.646) And the patching prioritization point connects directly to breach impact scoring, knowing which of your unpatched vulnerabilities sit on live attack paths, so you’re not treating every CVE as equally urgent when your team has finite capacity. Adrian (15:23.562) Exactly. The statement says AI is shortening the window between vulnerability discovery and exploitation. The response to that isn’t to patch everything faster. That’s not operationally realistic. The response is to know which vulnerabilities are on attack paths that reach your critical assets and to prioritise those. Not everything that counts can be counted. Not everything that can be counted counts. This requires running the attack simulation to understand the path. Without that, you’re triaging by CVSS score, which tells you theoretical severity, not actual exploitability in your environment against your controls in their current state. Tova Dvorin (16:05.75) Before we close, the statement ends with a call to action directed not just at enterprises, but explicitly at vendors. The five eyes are calling on the technology industry and the security industry to step up. What’s your read on that? Adrian (16:18.026) It’s a point of inclusion. Secure by design and secure by default is one of the core principles they list. And that’s directed at software vendors as much as security teams. The agencies have been pushing the secure by design agenda through advisories for the past two years. This is that agenda elevated to a five-eye strategic statement. What it means in practice is that the argument, we disclose the vulnerability, patch exists, the customer just needs to apply it is no longer an adequate vendor posture. The expectation is shifting towards products that are hard to exploit by default, that reduce the attack surface at the point of design and don’t require a perfectly executed patch cycle to be survivable. That’s a long term pressure on the industry and the Five Eyes are very deliberately adding their weight to it. Tova Dvorin (17:12.694) So the bottom line from this statement is I read it the five eyes are telling the business world that the assumptions underlying most current security programs, assumptions about how fast threats move, how fast threats move, about how much time you have between a vulnerability and an exploit, and about what having controls means, are now being invalidated by AI, and the rate of invalidation is accelerating. The organizations that adapt now, that build programs around validation rather than present, that treat cyber resilience as a core business question and not an IT light item. Those organizations will be in a better position six months from now. The ones that don’t will face, in the statement’s words, growing and avoidable risk. And the word avoidable is doing a lot of work there. These agencies are not saying that this is inevitable. We’re saying you have a window. The window is months, not years, wake up and act. Adrian (18:00.206) The statement is publicly available, three pages. The heads of GCHQ, CISA, the NSA, their counterparts in Australia, Canada and New Zealand signed it. If you haven’t read it, read it. If your board hasn’t seen it, doesn’t know it exists, draw it to their attention, put it in front of them, take ownership, be the leader that drives the way. It’s the kind of external validation that changes the conversation. because it’s not your CISO saying we need to invest more in validation. It’s the Five Eyes Intelligence Alliance saying the same thing. Tova Dvorin (18:37.086) Adrian, thanks for walking through that with me today. We’ll link to the full statement in the show notes. And if this episode landed for you, share it with the people in your organization who are having or who should be having the conversation the five eyes are asking for. In the meantime, we’ll be back next week. Adrian (18:52.174) See you all then. Tova Dvorin (18:53.525) And until then, stay safe, stay safe with Safe Breach.
In This Episode
AI has rewritten the cyber attack timeline—and the world’s top intelligence agencies just said so officially.
On June 22, 2026, the heads of all six Five Eyes cyber agencies issued a rare joint statement: the window between vulnerability and exploit is now measured in months, not years. Host Tova Dvorin and offensive security expert Adrian Culley break down what this means for your security program right now.
- Why AI is collapsing the time between vulnerability disclosure and active exploitation
- The critical difference between “having controls” and having proven controls
- Why legacy systems are now strategic liabilities—a boardroom issue, not just an IT problem
- What “assumed breach” really means in practice and how to operationalize it


