On June 29, 2026, The Guardian published security expert Bruce Schneier’s warning that modern AI now acts like a “universal adviser” for harm. His point is blunt: the skill barrier to serious intrusions is collapsing, as off-the-shelf models coach novices through each step. That puts AI-enabled cyberattacks on a faster, broader track than traditional crimeware.
What Schneier’s Guardian essay argues
In The Guardian’s technology section, Schneier frames today’s large models as tutors that can guide people to do damage, from crafting phishing lures to probing networks (The Guardian). He also argues the same tools must be used for defense. That duality is the headline risk. When coaching becomes cheap and private, intent begins to outweigh expertise.
There’s precedent for this direction. The UK’s National Cyber Security Centre assessed in February 2024 that AI would lower entry barriers for cybercrime and raise the volume and quality of social engineering, while only gradually improving hard technical exploits (NCSC report). Schneier’s framing aligns with that view, but goes a step further by treating the model as an always-on co-conspirator.
Why AI-enabled cyberattacks lower the barrier
The force multiplier isn’t magic malware. It’s speed, personalization, and tutoring at scale. A model can help a novice stitch together open-source tools, write believable emails in any dialect, and revise scripts until they run. That’s what makes AI-enabled cyberattacks different from prior waves of do-it-yourself kits: the assistant is reactive and specific to each hurdle a would-be attacker hits.
Public agencies and researchers see the same shift. ENISA’s 2023 threat review flagged higher-quality phishing and deepfake-enabled fraud as near-term changes, not distant risks (ENISA). The NCSC added that language models help threat actors with reconnaissance, scripting, and translation—areas that used to filter out less-skilled players. Each removal of friction expands the pool of offenders.
The flip side is scale. Defenders already drown in alerts. If low-skill attackers can now generate convincing lures by the thousand, filters trained on stale patterns will miss more. That is the uncomfortable math behind Schneier’s warning.
Defensive AI that could actually help
If a model can coach attackers, it can also compress a responder’s workload. That’s the practical reading of Schneier’s call to “harness AI for defense.” Security teams are testing copilots that summarize alerts, draft incident timelines, and map indicators to known techniques. Microsoft began pushing this approach in March 2023 with Security Copilot, pitching faster triage for overworked analysts (Microsoft Security).
Three defensive bets stand out now:
- Automate level-one triage. Use models to narrate what an alert likely means, cite evidence, and suggest next steps. Humans keep the last word.
- Saturate with canaries and honeytokens. If phishing gets better, plant tripwires in inboxes, storage, and code repos. Let AI cluster hits and surface the real campaigns.
- Write forensics-ready playbooks. Have the assistant generate clean notes, queries, and artifacts during an incident so evidence holds up for audits and claims.
Policy and procurement must move in parallel. The US Cybersecurity and Infrastructure Security Agency’s Secure by Design push urges vendors to ship safer defaults and log what matters (CISA). NIST’s AI Risk Management Framework gives buyers a checklist for model testing, monitoring, and abuse prevention in enterprise settings (NIST AI RMF). Those documents won’t stop an email lure, but they set expectations that tools must fail safer and explain themselves.
None of this neutralizes the coaching effect. It narrows the response gap. That’s the best near-term goal when AI-enabled cyberattacks are scaling faster than headcount.
The next moves for boards and regulators
Boards should ask one question first: where does AI help my team act in minutes, not hours? If the answer is vague, the program is window dressing. Tie model adoption to specific bottlenecks—alert overload, case documentation, or phishing takedown—and measure dwell time before and after.
Insurers will push the same way. Expect questionnaires to probe AI-assisted controls: automated phishing simulation, rapid takedown pipelines, and model governance tied to NIST AI RMF. If claims spike from social engineering, premiums will follow. Firms that can document faster containment will negotiate better.
Regulators aren’t waiting. As NCSC and ENISA guidance spreads, “reasonable security” will begin to imply some AI-backed detection and response. That doesn’t mean buying a shiny copilot. It means showing that staff can process a surge, that logs are queryable, and that models are tested for failure modes attackers already exploit.
Schneier’s Guardian essay names the tension clearly. We won’t uninvent the tutor. The practical move is to assume AI-enabled cyberattacks are the baseline, then fund the few automations that shrink decision time without blinding the team. The organizations that do this first won’t be invincible. They’ll just be ready when the coaching starts on the other side. For more on this, see reuters.com and bloomberg.com.
Related reading: AI in Education • Data Privacy • AI in Society