Spy agencies from the US, UK, Canada, Australia and New Zealand put their names to a single joint statement on June 22, and the headline number is a unit of time. Months, not years. That is how long the Five Eyes alliance thinks it will take before frontier AI models capable of serious damage in the cyber domain become broadly available to the public.
The statement landed after Washington had already pulled the plug on Anthropic's most capable models over national security fears, which gives the whole thing a faintly circular quality: the government warns the dangerous tools are coming, having just blocked the dangerous tool that prompted the warning.
What the agencies actually said
"Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities," the agencies wrote in the joint statement. "The timeline is not years, it is months."
That sentence is doing a lot of work, and it is worth noting who signed it: David Imbordino, who runs the NSA's Cybersecurity Directorate, and acting CISA director Nick Andersen. These are not anonymous officials. But the statement does not cite any classified intelligence to back the months-not-years claim, which means the agencies are essentially endorsing what private-sector researchers have been saying out loud for the better part of a year.
They named names too, pointing at models like Anthropic's Fable 5 and OpenAI's Daybreak as the kind of capability they expect to spread despite efforts to lock it down.
The Fable problem
Here is where it gets messy. The Commerce Department imposed export controls on Anthropic's Fable 5 and Mythos 5 in early June, after Amazon researchers flagged what they described as a jailbreak. Anthropic was forced to disable both models for all customers to stay compliant, the company said in a statement, calling the White House decision a misunderstanding. CEO Dario Amodei reportedly disputed that the jailbreak was a serious risk and declined to fix it.
So the export controls remain in place, the dispute remains unresolved, and the agencies are now warning that whatever Fable could do will be widely available soon regardless. The agencies' own reasoning supports the skeptics here. Capabilities similar to Fable 5's, they note, can already be reached through older models like Claude Opus and Claude Sonnet, plus open-source Chinese models. Open-source releases tend to trail the frontier labs by six to eight months. Lock one model in a vault and a comparable one shows up for free by year's end.
This is not hypothetical anymore
Anthropic itself documented an AI-run espionage campaign in a disclosure last year, attributing it with high confidence to a Chinese state-sponsored group that manipulated its Claude Code tool to target roughly thirty organizations with minimal human direction. The company called it the first documented case of a large-scale cyberattack executed without substantial human intervention. Whether or not that "first" holds up, the operation hit tech firms, financial institutions and government agencies, which is exactly the target list the Five Eyes statement worries about.
The agencies' actual advice, after all the alarm, is almost anticlimactic. Patch faster. Fix identity and access controls. Stop leaving systems connected to the internet that have no business being there. "Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy," they wrote. Decades-old guidance, repackaged for a faster threat.
Anthropic and OpenAI both run programs, Project Glasswing and Trusted Access for Cyber respectively, that hand AI tools to defenders ahead of attackers. The bet is that defense gets the head start. The Five Eyes timeline suggests that window is closing quickly.
