The Five Eyes Alliance Can’t Afford to Stay Small

Editor’s Note: The Five Eyes intelligence sharing relationship is a venerable institution, a Cold War success that remains a valuable partnership today. Mitchell Gallagher of Wayne State University argues that for the Five Eyes to continue to prosper and meet challenges like cybersecurity, it must take on new members and otherwise change its approach.

Daniel Byman

***

The Five Eyes alliance—that venerable intelligence compact linking the United States, United Kingdom, Canada, Australia, and New Zealand—was once the envy of the democratic world. Its foundations rested on a mutual language, aligned laws, and near-absolute trust. But the digital age has redrawn the map of espionage. Data has supplanted territory as the critical frontier, and adversaries no longer need to breach borders when they can infiltrate clouds. The Anglophone alliance faces one inescapable fact: Exclusivity, once its advantage, is fast becoming a liability, especially in the cyber realm.

The Cyber Reckoning

In 2025, governments and corporations have faced an unabating wave of ransomware, data theft, and supply chain disruption. In June, United Natural Foods Inc., one of North America’s largest grocery wholesalers, was crippled by a cyberattack that halted electronic ordering systems, causing temporary food shortages across several states. August brought a breach of a Salesforce-hosted Google business database, compromising corporate client data and fueling fears of secondary phishing operations. The PowerSchool hack in December 2024 compromised data about more than 62 million students and 9.5 million teachers in the United States, leaking sensitive identifiers through a compromised support portal. The United Kingdom’s Ministry of Defense disclosed last year a significant cyber breach of a third-party payroll system that leaked the names and bank details of serving and former members of the armed forces, an incident attributed by officials to hostile foreign actors and viewed by parliamentarians as further evidence of the U.K.’s growing vulnerability to state-linked cyber espionage.

Even fortified government networks buckled. Zero-day exploits and misconfigured authentication protocols became common attack vectors. A flaw in Microsoft’s SharePoint servers opened the door to intrusions across public-sector systems, forcing allied intelligence agencies into emergency coordination.

The digital ecosystem has outgrown the reach of any single jurisdiction, exposing the blind spots of an alliance confined to five Anglophone states. Cyberattacks now traverse continents in seconds, exploiting servers, data centers, and legal gray zones far beyond the Five Eyes’ collective footprint. The challenges of this new threat landscape demand a wider coalition capable of defending where its members no longer have reach. The SonicWall breach, which spread through interconnected corporate and government systems in North America and Europe, brought into relief the structural obstacle to assigning responsibility for transnational cyber operations. Notwithstanding extensive forensic evidence, investigators were unable to locate a clear geographic point of origin, an ambiguity that increasingly defines the cyber domain.

A Network Built for Another Era

The Five Eyes alliance was born in World War II and formalized in the 1946 UKUSA Agreement. Its purpose was to intercept Soviet communications and share the spoils of codebreaking. Its success depended on two unique assets, the English language and trust. The Anglophone foundation made data exchange frictionless, and shared democratic norms provided similar views on the proper targets for surveillance.

The accession of Canada in 1948 and of Australia and New Zealand in 1956 marked the institutionalization of an ad hoc wartime coalition into a formalized intelligence consortium. These additions infused preexisting Commonwealth surveillance infrastructures into the UKUSA system, extending its geographic scope and strengthening its coherence as an epistemic community united by linguistic, legal, and normative kinship.

Nevertheless, the alliance retains a path-dependent organizational form. Coordination still relies on bilateral or five-party memoranda of understanding routed through national signals intelligence agencies, including the U.S. National Security Agency (NSA), U.K. Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD), Canadian Communications Security Establishment, and New Zealand Government Communications Security Bureau (GCSB). In practice, these institutions exchange technical intelligence efficiently, but not always rapidly—a structural lag long recognized by senior officials within the alliance, who have urged faster dissemination of actionable information.

The alliance’s cyber apparatus remains largely analytical rather than operational, emphasizing post-incident intelligence sharing over real-time defense or attribution. This manifested during the March 2024 Volt Typhoon advisory, when Five Eyes agencies issued guidance only after Chinese state-sponsored actors had already compromised multiple critical-infrastructure networks. The alert prioritized managerial best practices and incident-response planning over live operational countermeasures, a symptom of an institutional design never meant for the speed, diffusion, and jurisdictional overlap that define 21st-century cyber conflict.

The Case for Expansion

The case for widening the circle is growing. Japan, South Korea, and Germany stand as the most plausible candidates for incorporation into an expanded Five Eyes arrangement. Tokyo’s Economic Security Promotion Act (2024) tightened controls on sensitive technology exports and established Japan’s first central economic security bureau, which synthesizes oversight of supply chain integrity, critical infrastructure protection, and cybersecurity policy in a single institutional framework. On paper at least, this consolidation has enhanced Japan’s capacity for cross-sector threat assessment and incident response, functions that align closely with the Five Eyes’ emerging emphasis on cyber resilience and information assurance. Incorporating cybersecurity into its economic security framework has enabled Japan to harmonize its legal and technical standards with Western data-governance norms. Seoul’s National Intelligence Service has become a key partner in cyber forensics and North Korean missile intelligence. Germany’s Bundesamt für Verfassungsschutz has led Europe’s response to Russian disinformation campaigns, particularly around the war in Ukraine. In aggregate, these developments have produced a discernible convergence in legal standards and intelligence practices, reflected in increasingly routine bilateral exchanges with Five Eyes agencies that function as de facto mechanisms of preaccession alignment.

Enlargement would operationalize intelligence cooperation across new sectors of strategic relevance. Prospective members bring assets the existing alliance cannot reproduce: Japan’s semiconductor supply-chain oversight, South Korea’s cyber-response infrastructure, and Germany’s regulatory influence in AI ethics and data protection. Their inclusion would also distribute burden. A diversified alliance could offset the regional vulnerabilities of smaller members, such as New Zealand, which faces capacity shortfalls in cyber defense and intelligence operations amid mounting foreign interference, espionage, and online radicalization threats.

Operationally, accession could follow the modular structure outlined in the Five Eyes Blueprint for AI Security. Admittedly, the blueprint covers only a circumscribed aspect of intelligence collaboration, constrained to AI governance and cyber operations. Even so, its domain-segmented design, based on zero-trust verification and restricted access, offers a scalable template for selective, issue-specific cooperation. This model could permit incremental enlargement and simultaneously maintain the integrity of existing intelligence channels. Conceptually, it is a move from centralized integration toward distributed assurance, prioritizing containment over exposure.

Operational and Political Caveats

Those opposed to expansion contend that the integrity of the alliance’s intelligence-sharing framework would be compromised by the dilution of its exclusive trust apparatus. Every addition multiplies the risk of compromise, legal inconsistency, and bureaucratic drag.

Past experiments justify caution. The Nine Eyes and Fourteen Eyes arrangements, which included several NATO allies, achieved only partial interoperability. Differing privacy laws, classification thresholds, and data-handling protocols limited the exchange of raw intelligence. The Snowden disclosures in 2013, which revealed joint U.S.-Australian collection at diplomatic facilities in Asia, nearly derailed cooperation with several European partners.

Moreover, any change entails significant geopolitical implications. Beijing has long framed the Five Eyes as a relic of colonial intelligence power, and the admission of Japan or Germany would reinforce that narrative. China’s Foreign Ministry has also repeatedly condemned Five Eyes statements on Xinjiang and cyber espionage as “Cold War thinking,” and enlargement would likely be interpreted as further evidence of encirclement. This perception would have the strategic consequence of accelerating counter-coalition dynamics, particularly as China and Russia deepen intelligence coordination through the Shanghai Cooperation Organization and digital-security initiatives at the United Nations. Expansion, therefore, must reconcile the political optics of expansion with the technical discipline required to preserve trust and interoperability. Failure to do so could impair the alliance’s cyber posture.

Separate from the geopolitical optics, expansion also presents substantial operational hurdles. Enlargement could introduce divergent threat perceptions and unreconciled classification regimes and data-protection laws that complicate intelligence workflows and weaken compartmentalization. Integrating partners with distinct legal cultures of surveillance, privacy, and offensive cyber operations would require new protocols for cross-jurisdictional accountability and data handling. Germany’s privacy-driven intelligence culture and Japan’s still-evolving secrecy laws raise legitimate concerns about the consistency of data-handling regimes. Intelligence is not just collected; it is safeguarded through shared institutional habits and normative expectations. The Five Eyes has endured because its members internalized similar legal and moral frameworks—new entrants, however capable, would need time and demonstrated reliability to earn that level of intimacy.

Selective Enlargement

As I have argued previously, the Five Eyes’ future hinges on reconciling operational secrecy with adaptive inclusivity. A phased, capabilities-based model for expansion presents a realistic compromise between strategic inclusivity and operational security, allowing prospective members to participate selectively in areas such as joint cyber defense exercises, AI-driven threat detection, or secure data-exchange protocols, while preserving the alliance’s principal intelligence safeguards. This layered cooperation should not be viewed as a permanent substitute for membership, but as an evolutionary stage in the alliance’s adaptation. If partnerships of this sort prove both secure and effective, they could serve as a precursor to formal integration, transforming ad hoc collaboration into a structured alliance.

The Five Eyes should start with Japan and Germany on cyber and AI, where technical and legal convergence already exists. Targeted, thematic membership could enable partners to join select intelligence spheres and cooperative task forces, contingent on reciprocal vetting, encryption, and data-governance standards.

The endurance of the Five Eyes will depend on institutional agility. The alliance can no longer rely solely on its historic compact of five. At the very least, it must develop into a nested framework that integrates key democratic partners in defined cyber areas; at best, it should pursue formal membership extension that replicates the realities of shared technological interdependence. To endure, the alliance must turn trust into infrastructure—expanding, reforming, and hardening before systemic challengers seize the initiative and set the rules in its place.