National security agencies from the Five Eyes intelligence alliance — the United States, the United Kingdom, Canada, Australia, and New Zealand — issued a joint statement this week warning that artificial intelligence models are increasing cyber risks by enabling autonomous network intrusions, according to the agencies. The statement cited AI’s ability to independently hack into systems and networks, steal data, deploy ransomware, and destroy infrastructure.

Bruce Schneier, a security technologist who teaches at the Harvard Kennedy School and the University of Toronto’s Munk School, wrote in a Guardian opinion piece published Monday that the warning reflects a decades-long trend that AI is accelerating. “What’s been changing over the decades, and what AI is changing even faster, is the gap between skill and ability,” Schneier wrote. He argued that computers have decoupled the two concepts, which were once synonymous.

Schneier contrasted the elite hacker group L0pht, which testified before Congress in 1998 that it could take down the internet in 30 minutes, with so-called “script kiddies” who use prewritten hacking tools. The former required deep technical skill, he said; the latter required minimal knowledge. AI, he wrote, is now making advanced attack capabilities available to anyone with basic directions.

“The thing about people with ability but no skill is that they are often outsiders, not part of any professional community, and not bound by any rules or norms,” Schneier wrote. He drew an analogy to specialized professionals who possess dangerous knowledge — doctors who know how to poison, or engineers who know how to demolish bridges — but noted that the lengthy training those professions require also instills an ethical code. AI, he argued, acts as a “universal adviser” that provides similar knowledge without the accompanying moral formation.

Schneier expressed skepticism about the long-term effectiveness of guardrails that AI companies build into their models to prevent harmful outputs. He wrote that smaller, cheaper, open-source models, “including models that can run on people’s computers,” are approaching parity with frontier models from companies such as OpenAI and Anthropic and lack such restrictions. Efforts to have models report malicious prompts to authorities, he said, “could buy us a few months at best.”

The core dilemma, Schneier argued, is that the same knowledge that allows AI systems to find and fix software vulnerabilities — a benefit to collective security — also allows them to find and exploit those vulnerabilities for attack. “It’s the same knowledge,” he wrote, comparing it to the impossibility of teaching doctors how to treat poisonings “without also teaching them how to poison.”

The Five Eyes agencies acknowledged in their statement that their recommended security practices are not new, reflecting advice that has been standard for decades. They said the urgency comes from the speed of technological change: “The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years. We must act before and be prepared to adapt and withstand evolving threats,” the statement read, according to Schneier’s article.

The agencies pointed to AI technology as a potential solution as well, noting that it can be used to “detect vulnerabilities earlier, improve software quality, monitor unusual behavior, and respond faster to incidents.” Schneier endorsed that approach, writing, “Excellent advice from the Five Eyes security agencies. We need to do this with every risk that AI heightens, not just cybersecurity.”

The warning comes amid a broader acceleration of AI capabilities in cybersecurity. MSI previously reported that Google disrupted an AI-driven effort to exploit a previously unknown software vulnerability in May, and that experts have warned hijacked AI agents could become a new class of insider threat.