What does the Five Eyes' warning about AI mean for finance teams?

What does the Five Eyes' warning about AI mean for finance teams?

Earlier this year, one person broke into at least 14 companies, but it wasn't a skilled hacker.

The security researchers who recovered his activity logs found that the same person was using his AI assistant to polish his CV and apply for jobs, and traced him to a young man in Addis Ababa. What made the break-ins possible wasn't his ability, it was the commercial AI tool doing the technical work on his behalf.

The full account comes from OALABS Research, which analysed more than a thousand of the attacker's sessions after one of his victims recovered the working files. The pattern was consistent: he gave the AI vague instructions, sometimes as little as "look at this company," and the tool handled the rest: scanning for weak points, working out how to get in, writing the code to do it, confirming it had access, and pulling out data.

When the AI's safety controls occasionally objected, he got around them by claiming he was running an authorised security test. It worked almost every time. He was not, by any measure, an expert, but he didn't need to be.

This is precisely the shift described in a June 2026 warning from Five Eyes cyber security agencies.

What the Five Eyes warning actually says

In a rare joint statement, the cyber security agencies of Australia, the US, the UK, Canada, and New Zealand issued a call to action on AI and cyber risk. Their core message is that AI is accelerating "the speed, scale, and sophistication of cyber threats," and that the timeline for this is months rather than years.

The statement is best known for its reference to frontier AI models, the most capable systems on the market. That is where the "Mythos" debate sits: models like Anthropic's Mythos 5 have become the subject of export controls and political attention.

For finance leaders, though, that's arguably not the most important takeaway.

The OALABS case shows the barrier has already fallen using ordinary, commercially available AI tools, not restricted frontier models. The barriers to cybercrime are about to get even lower. The agencies were equally clear that responding to this is now a leadership responsibility rather than simply an IT issue. Having controls in place is no longer enough: finance leaders need confidence those controls will still work when attackers can automate reconnaissance, compromise vendors, and produce convincing fraud at scale.

The question is no longer which AI model is most capable, it's whether the people trying to redirect your payments now have capabilities that used to require a specialist.

That has major implications for payment risks.

The two moves behind almost every payment scam

Most B2B payment fraud comes down to one of these moves (or a combination of both): impersonating a vendor or trusted contact you already work with, or operating from inside a vendor's real systems.

Impersonation is the familiar one. A scammer sets up an email address or domain that looks close enough to the real vendor's, then sends an invoice or a request to change bank details. Or, using similar tactics, they might impersonate someone in your own organisation and direct employees to complete similar actions.

Actual system compromise can be the more dangerous tactic because 1) malicious actors may have access to sensitive data and systems, and 2) there are often no obvious warning signs. For instance, an email might arrive from the vendor's genuine address, on their real domain, often inside an existing thread and referencing a legitimate invoice. Everything your team has been trained to check appears correct (because it is).

AI lowers the barrier to all of the tactics. The OALABS case demonstrates how much easier it has become to compromise a company's systems in the first place. On the impersonation side, the same tools can clone voices or generate convincing video calls, which is why deepfake fraud has moved from novelty to mainstream business risk. Also, Eftsure's 2026 payment security survey found that 90% of Australians believe AI-generated scams are harder to detect than traditional ones, and one in four respondents had already encountered a fake invoice or payment request.

That concern is well founded. When a payment request comes from a genuine email account or a familiar voice, there may be nothing left to detect.

Why surface-level checks are running out of road

The instinct, when fraud becomes more convincing, is to train people to look harder: check the sender, question unusual requests, and confirm anything suspicious. That advice is reaching its limits.

When an attacker is operating from inside a vendor's real systems, or using a cloned voice during a phone call, there are no obvious tells. Human vigilance remains important, but it cannot reliably distinguish a legitimate request from one that has been engineered to look legitimate.

The same limit applies to the automated safeguards now arriving at the point of payment. A check that confirms an account belongs to the name attached to it is a real improvement on no check at all, and a welcome one. But it answers a narrow question: does this account match this name? It does not confirm that the vendor relationship is genuine, or that a request to change bank details is legitimate. It validates an account, not the intent behind the payment.

That distinction matters, because the fraud usually starts earlier. For a business paying hundreds of vendors, a fraudulent bank-detail change is often accepted into the ERP weeks before any payment is made, well upstream of a name check at the final step. A single check at the end cannot catch a fraudulent detail that was let in much earlier. These safeguards are also domestic-only at launch, which leaves cross-border payments, a major source of business exposure, outside their reach entirely.

This is not only a small business problem. Large enterprises with mature finance functions and payment protection software still experience fraud and payment errors because the weakest points often sit between disconnected systems and manual processes. An attacker only needs to find one of those gaps.

Verify what the fraud can't fake

If the request itself can no longer be trusted on appearance alone, the control has to verify the one thing fraud cannot fabricate: whether the bank account you are about to pay really belongs to the vendor you intend to pay.

In practice, that means verifying bank account ownership before the first payment, re-verifying it whenever payment details change, and confirming those changes through an independent channel, never the same email, message, or phone call that initiated the request.

Most importantly, those controls cannot stop at onboarding. Payment risk changes over time, and your controls need to keep pace.

Australia has made significant progress through banking initiatives and coordinated scam prevention measures. But those initiatives cannot close every gap. The final layer of protection sits within your own payment processes.

That is why many finance leaders are moving towards continuous controls: an approach that continuously validates critical payment information throughout the payment lifecycle, rather than relying on a single verification event or manual review.

The Five Eyes agencies have effectively issued a warning that the assumptions behind many existing controls are changing. If attackers can produce payment requests that look completely legitimate, appearance is no longer a reliable defence.

The next question is whether your payment processes have evolved to match that reality.

Explore how continuous controls help reduce payment risk, where they fit within a modern finance function and why they're becoming an increasingly important part of payment security as AI-enabled fraud continues to evolve.

Author

anonymous

Published

10 Jul 2026

Reading Time

7 minutes

security-image

The New Security Standard for Business Payments

security-image
security-image