Five Eyes warns AI heightens cyber risk & sovereignty
Fri, 3rd Jul 2026 (Today)
Security agencies across the Five Eyes alliance have warned that artificial intelligence is reshaping cyber risk, while Australian technology leaders raise fresh concerns about dependence on overseas AI vendors.
These twin interventions from government and industry highlight growing tension between AI's promise for security and fears over digital sovereignty and operational control.
Elastic ANZ Country Manager Jeremy Pell said recent joint guidance from the Australian Cyber Security Centre and New Zealand's National Cyber Security Centre marked a clear escalation in tone on AI-enabled threats.
"The Five Eyes statement is a direct message to organisations across Australia and New Zealand: the window to act is closing, and AI is the reason why. Both the ACSC and New Zealand's NCSC have co-signed this call to action, and that carries weight. This isn't a theoretical risk assessment from overseas. It is our own cyber security leadership telling boards and executives that the threat has fundamentally changed in nature and speed. AI is collapsing the time between vulnerability discovery and exploitation to minutes or seconds. For organisations across Australia and New Zealand navigating stretched security teams, legacy infrastructure, and fragmented environments, that pace is genuinely dangerous if they are still relying on manual detection and response. The agencies are right that this isn't about having more tools. It is about getting the fundamentals right and using AI deliberately to strengthen defence. That means moving towards an agentic security operations capability, where AI handles triage and enrichment at machine speed while human analysts focus on judgement and escalation. Both countries have strong cyber security foundations. The question the ACSC and NCSC are asking is whether we are building on them fast enough," said Jeremy Pell, ANZ Country Manager, Elastic.
Pell's comments follow an expanded wave of public guidance from the Five Eyes intelligence alliance on how AI is changing both attack and defence. Security leaders in Canberra and Wellington have increasingly framed AI as a force multiplier for well-resourced criminal and state-backed groups.
Vendors and consultants across the region report that boards are revisiting spending and risk models in light of AI-assisted exploitation. The focus is shifting from buying point solutions to reconfiguring security operations and incident response around automation and machine-led analysis.
Elastic works with major corporates across Australia and New Zealand on security, search and observability. It says it engages with 45 per cent of the ASX top 20 and half of the Fortune 500 on its AI search platform.
Concerns over AI are not confined to cyber defence. SUSE General Manager for AI Rhys Oxenham said the recent shutdown of Anthropic's models for Australian customers under a United States government directive had exposed a deeper structural risk in how many organisations consume AI.
"When a prominent AI vendor abruptly disabled global access to its flagship models over a single June weekend, driven by a sudden US government directive, Australia's tech landscape received a sharp wake-up call. Though the immediate operational impact was low, it sets a dangerous market precedent. It exposes the stark reality of being at the mercy of foreign regulatory interventions, pricing shifts, or sudden termination of access.
"What we must address, clearly and directly, is the immense operational risk this exposes to businesses in Australia. Relying on centralised, proprietary SaaS APIs leaves organisations operating with an external kill switch hanging over them. Access can be withdrawn instantly and without warning, proving that if you cannot choose where and how you deploy your intelligence, you can never truly own or control it.
"Our research shows that while 98 per cent of IT leaders prioritise digital sovereignty, only 52 per cent have acted, leaving many to build AI foundations without true operational ownership. As enterprises align with the Essential Eight and tighter protections under the Security of Critical Infrastructure (SOCI) Act, relying on unmitigated foreign SaaS models creates critical compliance and business continuity risks.
"To eliminate this kill switch risk, Australian organisations must embrace a private enterprise AI methodology. As a blueprint for true sovereign infrastructure, private enterprise AI can coexist with international vendor ecosystems while securing the local capability to operate technology independently. Adopting this framework through secure, hybrid and open-source alternatives provides the platform independence, resilience and genuine autonomy that today's compliance landscape demands," said Rhys Oxenham, General Manager for AI, SUSE.
Oxenham's warning reflects growing interest in sovereign cloud, open-source model stacks and hybrid deployments. Large organisations in regulated sectors are now reassessing where critical AI workloads run and who can interrupt them.
For Australian and New Zealand executives, the two sets of concerns point to the same conclusion: AI is now central to both the resilience of cyber defences and the resilience of the AI services themselves.