Modern AI systems are effectively universal advisers that help people perform harmful actions, widening the gap between skill and ability in cyber-attacks, according to security technologist Bruce Schneier. Writing in response to a recent Five Eyes security agencies' statement, Schneier argues that while cyber risks are not new, AI is accelerating the decoupling of skill from ability, enabling more people to cause greater damage with less expertise.
Five Eyes Warning on AI Cyber Risks
Earlier this week, national security agencies from the Five Eyes intelligence alliance—comprising Australia, Canada, New Zealand, the United Kingdom, and the United States—jointly released a statement warning of increasing cyber risks from AI models. The statement highlighted AI's ability to autonomously hack into systems and networks. While the advice given was standard security guidance, it carried newfound urgency due to the pace of AI development.
The Skill-Ability Gap
Schneier notes that for most of human history, skill and ability were synonymous, but computers have decoupled them. AI tools now empower humans to perform more writing, research, analysis, and also more damage than ever before. With minimal direction, AI models can autonomously hack into networks, steal data, deploy ransomware, and destroy systems.
In 1998, the hacker group L0pht testified to Congress that they could take down the internet in 30 minutes, illustrating that hacking required significant skill. Contrast this with 'script kiddies,' who used prewritten tools with minimal skill. As those tools became widespread, the number of potential attackers increased. Today, AI systems are capable of carrying out cyber-attacks automatically, and while they perform better with skilled attackers, they can act autonomously with only minimal prompting.
Outsiders Without Ethical Constraints
Schneier emphasizes that people with ability but no skill are often outsiders, not bound by professional rules or norms. This phenomenon extends beyond cybersecurity: doctors know how to poison, virus researchers know how to create bioweapons, and engineers know how to destroy bridges. However, the lengthy process of acquiring those skills also instills a moral and ethical code. If every random person has access to good poisoning advice, society faces greater danger.
Modern AI systems act as universal advisers for harmful actions. While AI megacorporations are building guardrails to prevent harmful queries, Schneier argues this will not work long-term. Smaller, cheaper, open-source models—including those that run on personal computers and groups of models working in concert—are just as capable as frontier models from companies like OpenAI and Anthropic. These models will be shared like script kiddie tools and will lack guardrails.
Ineffective Solutions
Instructing AI models to spy on users and report malicious prompts fails for similar reasons. Megacorporations can implement such measures, but locally run open-source models will not. This approach might buy only a few months at best.
Another possibility is to make models inherently unable to hack computers or create bioweapons. However, this is impractical because the knowledge required for defense is the same as for offense. Teaching doctors how to treat poisonings also teaches them how to poison; teaching AI to find vulnerabilities also teaches it how to exploit them.
Increased Volatility and the Path Forward
Schneier concludes that we are entering a world of increased volatility, where super-powered humans with AI assistants can do both wonderful and horrible things. The Five Eyes statement recommends standard security practices that have been advised for decades, but the pace of change is unprecedented: 'The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years.' The agencies point to using AI technology to strengthen defense—detecting vulnerabilities earlier, improving software quality, monitoring unusual behavior, and responding faster to incidents.
Schneier endorses this advice, urging that it be applied to every risk that AI heightens, not just cybersecurity.
