Artificial intelligence is advancing at an extraordinary pace. Every few months, another frontier model emerges with stronger reasoning capabilities, better coding performance, and increasingly autonomous behavior.
The latest model making headlines is GLM-5.2, an open-source AI model released by Chinese AI company Z.ai. Security researchers have drawn comparisons between GLM-5.2 and leading commercial models from OpenAI and Anthropic, while noting that it can be run locally, modified by users, and operated at a significantly lower cost. Those characteristics are prompting fresh discussions about how advanced AI could be misused by cybercriminals.
Advanced AI capabilities are becoming cheaper, more accessible, and increasingly difficult to control.
For organizations, that means preparing for a future where sophisticated cyberattacks are no longer limited by the technical skill of the attacker. Instead, powerful AI systems may help automate many of the tasks that previously required experienced operators.
What is open-source AI?
Open-source AI refers to artificial intelligence models whose underlying model weights are made publicly available, allowing developers and organizations to download, run, and customize them on their own infrastructure.
Unlike commercial AI services that operate through a provider's cloud platform, open-source—or more accurately, open-weight—models can often be deployed locally without relying on the original developer to host or manage them. This gives organizations greater flexibility, privacy, and control over how AI is used within their environments.
For businesses, that can offer significant advantages. Sensitive data can remain on-premises, models can be fine-tuned for specific workloads, and organizations are not dependent on a third-party provider for every AI interaction.
However, those same characteristics also create new cybersecurity challenges.
Because these models can be downloaded and modified, attackers may be able to alter or remove built-in safety mechanisms, operate them without oversight, and use them to automate tasks that previously required considerable technical expertise.
The concern isn't that open-source AI is inherently less secure than commercial AI. Rather, as increasingly capable models become widely accessible, organizations should expect AI-assisted cyberattacks to become more common.
That's why controlling what applications can run, what privileges they have, and what systems they can access remains just as important in the age of AI as it has always been.
Why cybersecurity professionals are paying attention
Open-source AI models represent a significant shift in how AI is distributed.
Unlike commercial AI platforms, which are delivered through cloud services controlled by the vendor, open-weight models can be downloaded and deployed on private infrastructure. Organizations gain flexibility, but so do attackers.
Researchers note that models such as GLM-5.2 can be customized, fine-tuned for specific workloads, and in some cases modified to remove built-in safety controls. Security researchers have already observed discussions on underground forums about bypassing the model's safeguards for offensive cybersecurity tasks.
This doesn't mean the model was designed for cybercrime. It means the barriers that once limited access to frontier AI capabilities are rapidly disappearing.
Why open-source AI changes the security equation
Commercial AI providers maintain oversight of how their services are used.
They can monitor abuse, improve safety mechanisms, suspend malicious accounts, and continuously update protections as new threats emerge.
Open-source models operate differently.
Once deployed locally, there is little visibility into how the model is being used. Users can run it entirely within their own environments without relying on a commercial provider. For legitimate organizations, this offers greater privacy and flexibility, but cybercriminals have an opportunity to experiment with fewer restrictions and less risk of detection.
This growing accessibility means organizations should expect AI-assisted attacks to become increasingly common over the coming years.
How attackers could use advanced AI
Despite the headlines, AI is unlikely to replace skilled attackers overnight. Instead, it acts as a force multiplier. Rather than writing every script manually or researching every vulnerability themselves, attackers can increasingly rely on AI to accelerate common offensive tasks, including:
- Identifying potential vulnerabilities
- Generating phishing content
- Writing or modifying malware
- Automating reconnaissance
- Assisting with exploit chaining
- Producing PowerShell or command-line scripts
- Planning lateral movement across compromised environments
Many of these activities already exist today. AI simply reduces the time and expertise required to perform them.
As these models continue improving, attackers may be able to conduct larger campaigns with fewer resources than ever before.
AI doesn't eliminate the need for access
One misconception surrounding AI-powered cyberattacks is that the platform creates the breach. AI still depends on the same conditions attackers have always needed.
Applications must be allowed to execute, with privileges available to abuse, systems run on implicit trust, and users have unnecessary access permissions.
Whether commands are written by a human operator or generated by an AI model, the underlying attack still relies on the ability to execute code and move through the environment. That's why Zero Trust remains one of the most effective ways to limit the impact of AI-enabled attacks.
AI will continue to evolve. Zero Trust should remain constant.
It seems like another AI breakthrough dominates the headlines every few months. The technology will continue evolving, becoming faster, cheaper, and more capable. The fundamentals of cybersecurity, however, have not changed.
Organizations shouldn't build their security strategy around whichever AI model is making headlines this month. Focus instead on limiting what any attacker can do after getting inside their environment.
A layered Zero Trust approach built around control and visibility remains one of the most effective ways to contain modern AI-powered cyber threats. When attackers can't execute, elevate, or move, even the most capable AI has nowhere to go.