The intelligence agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand do not typically co-sign the same document. When they do, it is worth reading slowly.
This week, they did. The Five Eyes alliance issued a joint advisory on artificial intelligence and cybersecurity. The headline finding was not buried: "Cyber risk assumptions can become outdated in months, not years."
That sentence describes where things already stand. Beyond the headline, the advisory focuses its guidance on AI-enhanced reconnaissance, where attackers use AI to gather detailed intelligence on targets before striking, alongside the use of generative AI to craft highly personalized phishing messages at scale. The agencies underscore the importance of employee awareness programs that reflect today's threat landscape, multi-factor verification protocols for high-risk transactions, and incident response plans that account specifically for AI-generated impersonation. The advisory's posture is deliberate: the window to prepare is open, and organizations that move now will be better positioned than those waiting for further guidance. The shift the advisory describes is already visible in practice. Robert Knake, former Deputy National Cyber Director at the White House and a cybersecurity expert at Harvard Kennedy School, put it plainly at a Berkman Klein Center panel in April 2026: "A year ago, we still had email messages in our inbox that had misspellings that were not colloquial English, that were easy to identify if you were vigilant. Now, all those signals are gone."
AI Has Changed the Math
Running a sophisticated cyberattack used to require meaningful technical skill. Crafting a convincing phishing email took time. Impersonating an executive over the phone required specialized tools or a gifted actor. Building a fake persona that could withstand scrutiny was a significant undertaking.
AI has changed all of that.According to SlashNext's 2024 mid-year State of Phishing report, phishing attacks have grown by 4,151% since the launch of ChatGPT.. In 2024, there were over 100,000 deepfake attacks in the United States alone, roughly one every five minutes. The models powering these attacks are widely available, inexpensive, and improving rapidly. Many run open source, with little to no moderation, which means anyone can download and deploy them without oversight.The numbers behind that shift are striking. Research published in Harvard Business Review by Fred Heiding, a research fellow at Harvard's John A. Paulson School of Engineering and Applied Sciences, and Bruce Schneier, a lecturer in public policy at Harvard Kennedy School and fellow at the Berkman Klein Center, found that AI-generated phishing emails achieved a 54% click-through rate compared to 12% for standard phishing messages – at a cost of 95% less to produce. The economics of running a sophisticated attack have fundamentally changed.
Verizon's 2026 Data Breach Investigations Report confirms the human element remains central to the breach lifecycle, and that mobile phishing click rates are now 40% higher than on traditional email, as attackers follow people to less-protected channels. Social engineering has been a leading cause of breaches for years. AI has not created a new category so much as it has dramatically lowered the barrier to entry for existing ones. The advisory is significant. The underlying math has been significant for a while.
The Threat Centers on People
What makes the Five Eyes alert worth close attention is where it places its focus. The agencies center their concern on people, specifically the manipulation of employees through impersonation, fabricated urgency, and AI-generated trust.
That is the category most accelerated by AI, and the one security leaders rank as their top concern. IBM's 2024 Cost of a Data Breach Report found the global average cost of a data breach reached an all-time high of $4.88 million, with phishing among the leading initial attack vectors, contributing to breaches that averaged $4.76 million. Dr. Lorrie Cranor, director of Carnegie Mellon's CyLab Security & Privacy Institute, has studied this dynamic for decades. At RSA 2026, she put the structural problem plainly: "Humans make errors, but they make errors doing things they shouldn't have to be doing in the first place." AI has multiplied those situations considerably. Behind each of those breach costs is an employee who received a message that felt legitimate and responded to it.
The attack surface has also expanded significantly. Historically, phishing happened over email. The same style of attack now arrives over SMS, voice calls, and video conferences. These are channels that often carry far fewer protections than a corporate inbox. An attacker who fails against a well-defended email system can simply call the same target's cell phone instead. Or text them. Or join a vendor call.
The Encouraging Part
Here is what tends to get lost alongside statistics like those: organizations that prepare their people are measurably better protected.
Social engineering works because it exploits the gap between what employees expect and what they encounter. A cloned voice on a phone call succeeds because it is unexpected. A fabricated participant on a Zoom call succeeds because the attack surface expanded faster than most security programs could communicate it to their teams. The attacks land because they feel new, and people do not yet have practiced instincts for them.
Training changes that equation. An employee who has already navigated a safe simulation of a voice phishing call from their CFO carries that experience into the next unexpected call. Pattern recognition is a skill, and it is a trainable one.Stephanie Carruthers, Chief People Hacker at IBM X-Force Red, has spent her career testing exactly this. Her finding, consistent across client engagements: "Social engineering awareness training is more successful" against attacks that use the standard psychological triggers like urgency, authority, and fear because those are patterns employees can learn to recognize. The goal, as she puts it, is to "help clients find their vulnerabilities so they can fix them before an attacker does."
The kind of training that builds those instincts looks quite different from the annual compliance videos that have defined the category for years. Content specific to an employee's role, organization, and the attack patterns they are likely to face will land differently than a generic awareness module. Employees who encounter a realistic simulation, and learn from it in the moment, develop intuition that does not fade between training cycles.
Security awareness is one layer of a broader defense-in-depth approach. Technology controls, verification protocols, and incident response processes all matter. What well-designed training does is reduce the probability that a well-funded attacker finds a willing human to hand over access.
What Getting Ahead of This Looks Like
The Five Eyes advisory is a useful prompt to take a clear-eyed look at where an organization stands. A few specific places to start:
- Change your outgoing voicemail greeting. If your message uses your own voice, an attacker needs only that clip to clone it. Switching to the default robotic greeting removes one of the easiest data sources attackers use to build voice impersonations. It takes thirty seconds and costs nothing.
- Establish passcodes for high-risk transactions. Almost no organizations have a verbal passcode system for wire transfers, payroll changes, or executive financial requests. It is one of the most effective controls against AI-generated voice impersonation, and it costs nothing to implement. A simple agreed-upon word or phrase that must be exchanged before any financial action proceeds gives attackers almost nothing to work with on voice channels.
- Simulate before attackers do. The most useful thing a security team can do is find out where their people are vulnerable before an attacker does. AI-powered simulations across email, SMS, and voice give security leaders a map of their exposure. They also give employees safe, low-stakes experience with the exact scenarios they are likely to face.
- Track reporting rates alongside click rates. An employee who clicks on a phishing simulation and then reports it as suspicious has done the right thing. Organizations that measure both behaviors, and reward reporting, build a culture where employees function as partners in security rather than subjects of a compliance exercise.
- Audit your verification controls by channel. Most organizations have reasonable controls on email. The gaps tend to appear on voice, SMS, and video. Mapping out what happens when an attacker calls the finance team, texts an executive assistant, or joins a call as a fake vendor is a useful exercise. The weaknesses tend to be obvious once the audit is complete.
A Window Worth Using
The Five Eyes advisory describes a narrow window before AI-powered attacks become more sophisticated and more pervasive. That framing can feel like pressure. It is worth treating it as an opening.
Organizations that move now will build teams that recognize these attacks on sight, verification controls that hold under pressure, and institutional instincts that compound over time. A team that has practiced recognizing a cloned voice does not freeze the next time it hears one.
The goal is people who recognize the pattern when something feels off, pause before acting on urgency, and verify before they trust. Those are learnable skills, and a lot of organizations are actively building them right now.
Five governments have made their read on the moment clear. The tools to respond are available, the approach is established, and the window is open.
Contents
