The leaders of the Five Eyes alliance of cybersecurity agencies have warned that AI is fundamentally changing the cyber threat landscape, which has implications for customer experience leaders and the way they approach cybersecurity.
In a joint call to action, the agencies representing Australia, Canada, New Zealand, the UK and the US said that frontier AI models are rapidly increasing offensive and defensive cyber capabilities, leaving organizations with limited time to adapt.
“The timeline is not years, it is months,” the statement said, warning that AI is shrinking the gap between vulnerability discovery and exploitation while lowering barriers for malicious actors.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats.”
As AI becomes embedded across customer interactions, operational resilience is becoming inseparable from customer trust, service continuity and brand reputation.
AI Is Increasing the Pace of Cyber Risk: Faster Attacks Demand Faster Response
The Five Eyes agencies warned:
“Cyber risk can no longer be treated as a purely technical issue. This is a core business risk and leadership responsibility.”
That message aligns with concerns emerging across the enterprise AI ecosystem following the recent release and subsequent withdrawal of Anthropic’s Claude Fable 5 and Mythos 5 frontier models in response to U.S. government export control requirements.
The guidance warned that AI is dramatically reducing the time available to respond to emerging vulnerabilities, making long-established security practices more urgent than ever.
That aligns with comments by Vincent Danen, Vice President of Product Security at Red Hat, in a recent CX Today interview, warning that enterprises need to prepare for an unprecedented increase in discovered vulnerabilities.
Rather than treating every newly discovered vulnerability as equally urgent, Danen recommends that enterprises adopt a structured risk-based approach.
The Five Eyes agencies similarly encourage organizations to focus on cybersecurity fundamentals, including reducing attack surfaces, accelerating patching, replacing unsupported legacy systems, strengthening identity management and regularly testing incident response plans.
Danen believes that the biggest challenge for enterprises will be adapting security operations quickly enough. “AI is like dog years, it compresses everything,” Danen said. “Everything is moving so fast.”
“The more important part to look at is exploitation is going to happen faster. People who typically are used to a patch window… have to learn to be nimble.”
Patching alone will not be enough, particularly as attackers increasingly use AI to automate exploitation, Danen added. “The time to really shore up our defenses is now.”
The Five Eyes agencies encourage organizations to use AI proactively within security operations to detect vulnerabilities earlier, identify unusual behavior and accelerate incident response.
AI Resilience Becomes a Customer Experience Issue
Ashish Nagar, Founder and CEO of Level AI, said in an interview with CX Today that the incident demonstrates why enterprises should avoid becoming overly dependent on third-party AI providers for critical customer-facing services.
“Enterprises need to be in control of their own destiny. Don’t be dependent on a public LLM provider for critical AI resources because this stuff can be cut off anytime.”
Organizations should increasingly evaluate vendors that own their AI models or build on open-source foundations, reducing exposure to regulatory changes, pricing shifts and model availability, Nagar added.
Nagar expects vulnerability discovery to accelerate significantly over the coming year, while remediation will remain a longer-term challenge because engineering, testing and quality assurance cannot be fully automated.
For organizations delivering AI-powered customer experiences, security failures can quickly become customer experience failures.
Nagar warned that losing access to an AI model supporting customer-facing operations could have immediate business consequences.
“If the model underlying is gone… it can lead to critical operational gaps, it can lead to brand impact… and customer churn.”
The Five Eyes statement echoed that perspective, stressing that resilience cannot rely on a single technology and that organizations should assume breaches will occur while ensuring they can rapidly contain and recover from incidents.
Procurement and Governance Move Into the Spotlight
As enterprise AI adoption accelerates, organizations are also being encouraged to reassess how they evaluate AI vendors.
Nagar recommended that enterprise buyers look beyond benchmark performance and ask detailed questions about model ownership, data governance, security and pricing, such as “Do you have vertical-specific models?… What is the security protocol?… How is my data security and privacy being handled?”
Organizations should examine whether their vendors remain dependent on external model providers, Nagar added.
“You’re giving your entire product performance destiny in the hands of the other model provider, which is just too risky for enterprise customers.”
For customer experience leaders, the message is becoming increasingly clear that as AI takes on a larger role in customer engagement, protecting customer trust depends ensuring that the resilience, governance and cybersecurity foundations supporting those experiences can keep pace with an increasingly AI-driven threat landscape.
