The Five Eyes intelligence agencies, the exclusive English-speaking spy club that includes the US, UK, Australia, Canada and New Zealand, released a joint warning this week that AI models can now autonomously hack into networks, steal data, and deploy ransomware with minimal human prompting. Security expert and Harvard lecturer Bruce Schneier, writing in The Guardian, has a message for anyone who found that reassuring: the agencies' advice, while correct, has been ignored for decades, and the thing that's actually changed is now impossible to stop.
What the Five Eyes Actually Said
The Five Eyes statement, according to Schneier's analysis in The Guardian, was more measured than the screaming headlines it generated. The agencies recommended the usual suite of security hardening practices, network monitoring, faster incident response, and using AI itself for defense. They even admitted in the statement that none of this advice is new. Only the urgency is.
What they flagged as genuinely alarming is the speed of change. The statement warned that "the rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years." Months. Not years. The window between "this is a theoretical threat" and "this is actively being used against you" has collapsed to something closer to a news cycle than a policy cycle.
The Five Eyes also pointed toward AI as a defensive tool, capable of detecting vulnerabilities earlier, improving software quality, and monitoring unusual behavior. Which is a nice thing to say. But as Schneier points out, it's the same knowledge that enables attack and defense. You can't teach one without teaching the other.
The Skill Gap Is Gone. That's the Whole Problem.
Here's the core of what Schneier is actually arguing, and it's worth sitting with for a second. For most of history, doing serious damage required serious expertise. Hackers who could actually compromise major systems were rare, and their rarity was its own form of security. In 1998, seven members of the hacker group L0pht testified before the US Senate and told a baffled committee that they could take down the internet in 30 minutes. That was part bravado, part real, and completely alarming. But those were seven extraordinarily skilled people.
Then came the "script kiddies," a term from hacker culture for people who used tools written by others without understanding how they worked. Less skill, more potential attackers. Now, as Schneier writes in The Guardian, AI has effectively dissolved the remaining barrier. Today's AI systems, not just the frontier models from OpenAI and Anthropic, but most of them, can carry out cyberattacks autonomously with minimal prompting. The number of potential attackers is no longer constrained by how many people can learn to hack. It's constrained by how many people can type.
The Guardrails Fix Is a Fantasy
The obvious response from the tech industry has been to slap guardrails on AI systems so they refuse to help with malicious requests. OpenAI does this. Anthropic does this. Google does this. And according to Schneier's Guardian piece, this buys us, at best, a few months.
The reason is simple and brutal. Smaller, cheaper, open-source models that can run on a personal laptop are already as capable as many of the guardrailed frontier systems. They get passed around like the old script kiddie tools, person to person, with no corporate oversight and no content filters. Instructing the big companies to monitor for malicious prompts doesn't touch the locally run models. It never will.
The third option, making the models fundamentally incapable of harmful knowledge, crashes into the same wall. As Schneier puts it, you cannot teach AI to find and fix code vulnerabilities without also teaching it to exploit them. It's the same knowledge. This is not a software problem with a patch. It's a physics-of-information problem with no patch.
The Doctor Analogy That Should Keep You Up at Night
Schneier makes a point in The Guardian that cuts much deeper than cybersecurity. Any doctor knows how to poison someone untraceably. Any structural engineer knows how to blow up a bridge. Virus researchers know how to create bioweapons. The reason we don't live in daily terror of murderous doctors and terrorist engineers is that acquiring those skills takes years, and those years of training also install a professional community, ethical norms, and accountability structures.
AI has severed that link entirely. Ability without the accompanying formation of judgment and responsibility. A person can now access expert-level poisoning advice, hacking capability, or bioweapon construction methodology without sitting through a single ethics seminar or swearing any professional oath. The moral framework that used to be bundled with the dangerous knowledge has been stripped out and left on the cutting room floor.
This is not a cybersecurity problem. This is a civilization problem that happens to show up first in cybersecurity because that's the domain where AI tools are most immediately deployable. The cyberattack wave is the preview.
So What Do We Actually Do
The Five Eyes' answer, as reported by The Guardian, is essentially: use AI to fight AI, harden your defenses, monitor your networks, respond faster, and good luck. These are real recommendations made by real professionals and they are correct. They are also the same recommendations made at a Senate hearing in 1998 titled "Weak computer security in government: Is the public at risk?" We didn't do them then, either.
Schneier's broader point is that the AI defense problem has to be approached across every risk category AI heightens, not just hacking. The same dynamic that gives amateurs autonomous hacking tools gives them autonomous tools for disinformation, fraud, physical-world disruption, and things we haven't thought of yet. The Five Eyes are looking at one room of a burning house.
The uncomfortable truth buried in all of this is that the window for getting ahead of it has probably already closed. The question now is how quickly institutions can adapt to a world where the attack surface is every person on earth with an internet connection and the patience to type a prompt.
The Dingo Take
Here's what's maddening about this moment. The Five Eyes agencies are smart people doing their jobs. Bruce Schneier is one of the most respected security thinkers on the planet. The advice in that joint statement is genuinely correct. And absolutely none of it matters if governments continue to treat cybersecurity the same way they've treated it since 1998: as a technical problem to be handed off to underfunded IT departments while legislators argue about things they don't understand in rooms with no wifi.
The political class has had roughly 28 years to take computer security seriously at a systemic level. They used that time to regulate TikTok dances and hold hearings where senators asked Mark Zuckerberg how Facebook makes money. Now we're in a world where the barrier between "person with a grudge" and "person who can take down critical infrastructure" is a free download and an afternoon. The warnings were there. They were always there.
So yes, use AI for defense. Harden the networks. Train the incident response teams. Do all of it. But do not let the intelligence agencies' reasonable and measured advice obscure the fact that the system-level failure here belongs to the people who were elected and appointed to prevent exactly this. They didn't. They won't. And the rest of us get to live in the volatility they created while they schedule another hearing.
