Five Eyes Warns of AI Cyber Attacks — What Irish Businesses Must Know Now

Earlier this year, national security agencies from the Five Eyes countries — the US, UK, Canada, Australia, and New Zealand — jointly released a warning about the growing cyber risks of AI. Their message was stark: AI models can now autonomously hack into systems and networks, and the threat is accelerating faster than most businesses realise.

Security expert Bruce Schneier, writing in The Guardian, described what is changing. For most of history, causing damage through hacking required skill. That is no longer true. AI is creating a widening gap between skill and ability — allowing people with minimal technical knowledge to carry out attacks that previously required expert training.

From script kiddies to AI-powered attackers

In the 1990s, the biggest cybersecurity worry was “script kiddies” — amateurs who used hacking tools written by others without understanding how they worked. Today’s AI systems go much further. They do not just follow instructions. They can act autonomously, probing networks, finding vulnerabilities, and executing attacks with only minimal prompting.

The Five Eyes agencies acknowledged this directly: “The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years.” The advice they gave is the same standard cybersecurity guidance that has been recommended for decades — but with a new level of urgency that makes it impossible to ignore.

What is different this time is the scale. An AI tool can draft a convincing phishing email in seconds, in perfect Irish-accented English, mentioning details scraped from your website or social media. It can probe your systems at 3am when nobody is watching. And because open-source AI models are freely available to anyone, these capabilities are not limited to sophisticated state-sponsored hackers. They are available to anyone willing to download a model.

Why this matters for Irish small businesses

You might think sophisticated cyber attacks target only big companies. But AI-powered attacks are automated and cheap to run. Attackers can target hundreds of businesses in the time it used to take to target one. Small and medium businesses are often the most vulnerable because they have fewer security resources and less time to dedicate to cyber defence.

A typical small Irish business might have a basic firewall, antivirus software, and perhaps a password policy. That was probably adequate against older forms of attack. Against AI-powered attacks that can adapt and learn in real time, basic defences may not be enough.

What the Five Eyes recommends

The agencies’ advice is familiar but worth taking seriously. Keep all software and systems updated. Use multi-factor authentication everywhere it is available. Train staff to recognise phishing attempts — and do it regularly, not as a one-off. Back up critical data in a way that cannot be altered or deleted by an attacker. Limit user permissions to only what each person actually needs.

The Five Eyes also highlighted AI’s defensive potential: the same technology can detect vulnerabilities earlier, monitor unusual behaviour, and respond faster to incidents. The best defence against AI-powered attacks may well be AI-powered defence tools that can spot patterns humans would miss.

The Five Eyes statement also emphasised the growing ransomware threat enabled by AI. Automated vulnerability scanning tools powered by AI can now identify weaknesses in business networks within minutes — work that previously took skilled human attackers hours or days. Once inside, AI-generated ransomware can adapt its behaviour to evade detection software, making it harder to stop once an attack begins.

One practical step to take this week

If you do nothing else, review your email security. AI-generated phishing emails are now convincing enough to fool even cautious staff. Make sure your email provider has strong spam filtering, and consider adding a basic email security tool that flags external senders and suspicious links.

The threat is real, but it is manageable. The businesses that will be safest are the ones that treat cybersecurity as an ongoing habit, not a one-time fix.