The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment Canada (CSE), is urging organizations across Canada to take action on emerging cyber risks linked to frontier artificial intelligence (AI).
This call to action follows the joint statement issued by the leaders of the Five Eyes cyber security agencies, urging senior decision-makers across around the world to strengthen their cyber defences now before a cyber incident escalates into a major operational and financial crisis.
As the Government of Canada's technical and operational authority for cyber security, we work closely with partners across governments, critical infrastructure, the private sector, academia, and with international allies to understand these risks and help defenders keep pace.
We also engage directly with industry, including AI vendors, to track how frontier AI is evolving and what that means for Canada's cyber security. This includes participation in initiatives such as Project Glasswing.
AI is rapidly reshaping the cyber threat landscape. As outlined in our Frontier artificial intelligence advisory, these models can help cyber threat actors find and exploit vulnerabilities - including software flaws and weaknesses in security controls - much faster than before. This significantly shortens the time defenders have to respond - in some cases from days or weeks to hours - and increases the likelihood of successful cyber attacks.
Our National Cyber Threat Assessment 2025-2026 and Ransomware Threat Outlook 2025-2027 assess that AI is also lowering barriers to entry for malicious cyber activity. Threat actors are already using AI to:
- create more convincing phishing, vishing (voice scams), and deepfake impersonation faster and at greater scale
- find and combine weaknesses to carry out attacks, a technique known as vulnerability chaining, and
- make it easier for less skilled actors to carry out more sophisticated cyber attacks
AI also introduces risks from within organizations, including unapproved use of AI tools, exposure of sensitive data, and the potential for systems to rely on inaccurate or manipulated outputs.
This is not just a technical issue. For Canadian businesses, critical infrastructure operators and public sector organizations, AI-enabled cyber incidents can disrupt businesses, operations, expose sensitive data, damage trust, as well as create financial and regulatory risks. Strengthening cyber resilience requires sustained leadership attention, not just IT action.
The Cyber Centre supports organizations in assessing risks, strengthening defences, and adopting secure-by-design practices through practical advice and guidance, and organizations have a key role to play in putting these measures into practice.
Leaders should look at how AI can support their own defences, particularly by identifying exposures earlier, testing controls, and improving response time. This includes integrating AI into software development processes to identify vulnerabilities earlier in the development lifecycle and strengthen secure-by-design practices.
Whether your organization has a mature cyber security program or is just starting to assess AI-related risks, one of the most effective ways to reduce exposure is by reinforcing strong cyber hygiene practices. Organizations across Canada should:
- apply security patches promptly and keep systems up to date
- limit exposure to the Internet and reduce attack surfaces
- implement strong authentication, including phishing‑resistant multi‑factor authentication
- centralize logs across systems and environments so unusual activity can be detected sooner
- separate key systems, a practice known as system segmentation, so an attack is easier to contain and less likely to spread
- address unsupported or legacy systems
- test incident response plans and plan for containment and recovery
- build internal awareness and clear guidance on the appropriate and responsible use of AI tools, including how to handle sensitive information
Organizations that rely on third-party service-providers should ensure those providers are also applying strong cyber security measures. Cyber resilience is a shared responsibility that extends across the entire supply chain.
Practical resources are available to support these actions. The Cyber Centre's Top 10 IT security actions and Top 10 artificial intelligence security actions: A primer - ITSAP.10.049 provide clear, prioritized guidance to help strengthen cyber resilience. Organizations can also stay informed through the National Cyber Threat Notification System (NCTNS), which provides timely alerts on emerging threats.
Timely incident reporting is critical to protecting Canada's digital ecosystem. Organizations - especially those in government and critical infrastructure - should report suspected cyber incidents as soon as possible. Early reporting helps us assess threats more quickly and provide effective guidance.
While no single measure can eliminate risk, organizations that apply strong cyber hygiene are significantly more resilient, even as threats evolve.
The Cyber Centre will continue to work closely with Canadian industry, critical infrastructure owners and operators, academia, AI vendors and international partners to monitor developments in frontier AI and support organizations across Canada in staying ahead of emerging threats. This includes developing practical guidance to address these risks, helping organizations identify and reduce vulnerabilities more quickly, and assessing emerging capabilities that can strengthen Canada's cyber defences and support defensive cyber security across Canada.
Quote
"Frontier AI is reshaping the cyber threat landscape at a pace that demands action now. The Cyber Centre is working with industry, academia, and global allies to ensure defenders can stay ahead of those who seek to exploit these emerging technologies. But organizations can also use these same technologies to reinforce their own defences by identifying risks earlier and responding faster. We urge every organization in Canada to strengthen its cyber defences today. Strong cyber hygiene remains your most powerful and effective advantage in a rapidly evolving threat landscape."
-Rajiv Gupta, Head of the Canadian Centre for Cyber Security
