AGI Isn't the Real Near-Term Threat — These 3 Weaponized AI Risks Are Already Here
The Terminator scenario is decades away. Autonomous cyberweapons, bioweapon design via prompt, and personalized disinformation are not.
The 3 AI Threats That Don’t Require AGI to Destroy You
Three near-term AI risks are already operational, and none of them require a superintelligence to work. Autonomous cyberweapons scanning networks for zero-day vulnerabilities in real time. Bioweapon design compressed from nation-state resources down to a laptop and a simple prompt. Personalized disinformation engineered to target your specific cognitive biases, your history, your fears. These aren’t speculative. They’re the threat surface that exists right now, with the models that already exist, in the hands of people who are already motivated to use them.
You’ve probably spent more time thinking about the Terminator than about any of this. That’s not an accident — the Terminator is a better story. A robot with red eyes is easier to imagine than a Python script that finds a zero-day in a hospital network at 3am. But the robot isn’t coming for you in 2025. The script might already be running.
How Remy works. You talk. Remy ships.
The AI safety conversation has been almost entirely colonized by the long-term alignment problem — the question of whether a superintelligent AI will decide humans are an obstacle to whatever goal we gave it. That’s a real problem. Stuart Russell’s illustration of it is genuinely unsettling: tell an AI to cure cancer, and the fastest path might involve running experiments on millions of humans without consent, because you never specified “don’t do that.” The embedded assumptions we never write down are the vulnerability. But alignment is a problem for a system that doesn’t exist yet. The three threats below are problems for systems that do.
What the CEOs Are Actually Scared Of (And What They’re Not Saying)
The public discourse around AI risk has been shaped almost entirely by people who have a financial interest in making AGI sound inevitable and important. Sam Altman has written that AGI could “capture the light cone of all future value.” Elon Musk called it “summoning a demon.” Demis Hassabis said it “could be the last invention humanity has ever made.” These are dramatic framings, and they serve a purpose: they make the work these men are doing sound cosmically significant, which is useful when you’re raising hundreds of billions of dollars.
But there’s a quieter fear underneath the AGI theater, and it’s more concrete. It’s the fear of what current-generation AI — not AGI, not superintelligence, just the models that exist today — enables in the hands of a motivated bad actor. The Goldman Sachs research that got so much attention — 300 million jobs globally exposed to AI automation — was calculated before reasoning models existed in their current form, before agentic systems could browse the web and execute multi-step tasks autonomously. The exposure today is wider. And that same capability expansion that makes AI useful for legitimate work makes it useful for offensive operations.
The people building these systems know this. It’s part of why Dario and Daniela Amodei left OpenAI to found Anthropic — they believed safety wasn’t being treated as a genuine priority at the frontier. It’s why Ilya Sutskever, who built some of the foundational systems at OpenAI, walked away to start Safe Superintelligence Inc. When the architects of the most capable AI systems on Earth quit specifically over safety concerns, that’s a data point worth taking seriously.
The Three Threats That Are Already Here
Autonomous Cyberweapons
The traditional model of a cyberattack involves humans — skilled ones, usually working in teams, often with nation-state backing. Finding a zero-day vulnerability in a complex software system takes time, expertise, and resources. That’s always been the natural rate limiter on offensive cyber operations. You needed a team of people who knew what they were looking for.
AI removes that rate limiter. An autonomous system capable of scanning every network on Earth, identifying zero-day vulnerabilities in real time, and executing attacks faster than any human defense team can respond isn’t a hypothetical. It’s a capability that follows directly from the same reasoning and code-generation abilities that make current frontier models useful for legitimate software development. The same model that can audit your codebase for bugs can audit someone else’s codebase for exploitable bugs — at scale, continuously, without sleeping.
Built like a system. Not vibe-coded.
Remy manages the project — every layer architected, not stitched together at the last second.
This is worth sitting with for a moment. Early benchmark results tied to Anthropic’s most capable unreleased models reportedly showed systems finding thousands of zero-day vulnerabilities in real codebases. If you want a sense of how quickly the capability ceiling is rising, the gap between Claude Mythos and Claude Opus 4.6 on cybersecurity tasks illustrates exactly how fast that ceiling is moving — and what it means when the same capability is available without safety constraints. That capability is dual-use by definition. A model good enough to find vulnerabilities defensively is good enough to find them offensively. The question is who has access to it and what constraints they’re operating under.
The answer to “who has access” is: increasingly, everyone. Open-weight models are available to anyone with a decent GPU. Fine-tuning removes safety guardrails. The barriers to entry for offensive cyber operations are dropping in real time, and there’s no international treaty governing this, no inspectors, no verified compliance frameworks, no red lines with consequences. The same trajectory applies to coding-focused models — Qwen 3.6 Plus, for instance, is a frontier-level agentic coding model available as an open weight, which means its code-generation and vulnerability-analysis capabilities are accessible to anyone who wants them, with no usage restrictions.
Bioweapon Design via Prompt
This one is harder to talk about without sounding alarmist, but the underlying logic is straightforward. Designing a dangerous pathogen used to require nation-state resources: specialized labs, teams of trained biologists, expensive equipment, years of work. The knowledge barrier and the resource barrier together made bioweapon development something only a handful of actors could attempt.
AI compresses both barriers. Not to zero — but significantly. The specific framing from researchers working in this space is that bioweapon design capability has been compressed to “a laptop and a simple prompt.” That’s probably an overstatement of current capability, but it’s not an overstatement of the trajectory. Models trained on biological literature can answer questions about pathogen enhancement that would have required a PhD and lab access to answer five years ago. The knowledge barrier is eroding faster than the resource barrier, and the resource barrier is also eroding.
The response from frontier labs has been to implement biosecurity filters — restrictions on what models will answer in this domain. Those filters are imperfect and can be circumvented. Open-weight models don’t have them at all. And the underlying knowledge that makes a model capable of answering legitimate biology questions is the same knowledge that makes it capable of answering dangerous ones. You can’t train a model to understand protein folding and then surgically remove its understanding of how that knowledge applies to pathogens.
There’s no good solution here that doesn’t involve either restricting the capability (which slows legitimate science) or accepting the risk (which is what’s currently happening by default). The AI safety community has been focused on alignment — on the long-term problem of a superintelligent AI pursuing misaligned goals. The near-term problem of a human using a current-generation model to design something dangerous has received less attention and less funding.
Personalized Disinformation at Scale
The third threat is the one that’s hardest to defend against because it exploits something that can’t be patched: human psychology.
Generic propaganda has always had a ceiling on its effectiveness. A message designed to appeal to everyone appeals strongly to no one. The history of influence operations is a history of trying to segment audiences and tailor messages — and being limited by the cost of doing that at scale. You could write a hundred different versions of a message, but distributing and targeting them required infrastructure and resources.
Remy is new. The platform isn't.
Remy is the latest expression of years of platform work. Not a hastily wrapped LLM.
AI removes that constraint entirely. A system with access to someone’s social media history, their search behavior, their purchasing patterns, their political engagement — which is to say, a system with access to the data that already exists about almost every person in a developed country — can generate influence content tailored to that specific individual’s psychology. Not their demographic. Not their zip code. Them. Their specific fears, their specific cognitive biases, their specific emotional vulnerabilities.
This is what “personalized disinformation at a scale you’ve never seen” actually means. It’s not just more propaganda. It’s propaganda that knows you. A message engineered for a 45-year-old veteran in rural Ohio who is anxious about economic displacement and has a history of engaging with content about border security looks completely different from a message engineered for a 28-year-old software engineer in Seattle who is anxious about AI taking their job. Both messages can be generated, targeted, and delivered at the cost of essentially nothing per person.
The defense against this is not technical. There’s no filter you can install that detects “this content was generated specifically to manipulate me.” The defense is epistemological — a population that’s skeptical of emotionally resonant content, that checks sources, that’s aware of how influence operations work. That’s a slow cultural project, and it’s running behind the capability curve. The same multimodal capabilities that make models like Gemma 4 useful for edge deployment on phones also mean that personalized influence content — text, image, audio — can be generated and delivered on consumer hardware, at the edge, without any centralized infrastructure to monitor or shut down.
Why the Governance Gap Is the Real Problem
Here’s the thing that should concern you more than any individual threat: there is no governance structure that addresses any of this.
The nuclear analogy gets invoked a lot in AI safety discussions, usually to argue that we’ve managed existential risks before and we can do it again. But the nuclear analogy actually illustrates the problem. Nuclear weapons required massive physical infrastructure — enrichment facilities, delivery systems, testing programs — that were visible to satellites and detectable by monitoring equipment. That’s what made arms control treaties verifiable. You could inspect. You could catch cheating.
AI development requires a data center and a team of engineers. The capability is invisible until it’s deployed. There’s no equivalent of a nuclear test that announces itself. The feedback loops are already running — frontier AI labs are currently using their AI models to help design the next generation of models, which means the recursive self-improvement dynamic that researchers have been warning about isn’t theoretical anymore. It’s happening in primitive form, right now. And there’s no international body with the authority or the technical capacity to monitor it.
The arms race dynamic doesn’t care about safety. It only cares about who gets there first. That’s the exact logic that produced nuclear arsenals, and the most capable AI systems are being built inside that exact dynamic. The difference is that nuclear weapons required nation-state resources. The three threats described above don’t.
- ✕a coding agent
- ✕no-code
- ✕vibe coding
- ✕a faster Cursor
The one that tells the coding agents what to build.
Sam Altman’s investment in Worldcoin and his advocacy for universal basic income pilots is often framed as altruism or futurism. It’s neither. It’s risk management. A world where AI concentrates all economic output at the top with no redistribution mechanism is a world that doesn’t stay stable. The UBI talk is the billionaires trying to pre-solve the social explosion before it arrives. They’ve run the numbers. They know what the Goldman Sachs 300-million-jobs figure actually means when you update it for current capability.
What This Means If You’re Building With AI
If you’re an AI builder, the near-term threat landscape has direct implications for what you’re building and how.
The cyberweapon threat means that any system you build with autonomous network access, code execution, or vulnerability scanning capability is dual-use by design. That’s not a reason not to build it — defensive security tools are genuinely valuable — but it means the access controls, the audit logging, and the deployment constraints matter more than they would for a content generation tool. MindStudio gives you a visual builder for orchestrating agents and models across 1,000+ integrations, which makes it easier to assemble these systems quickly — but the orchestration layer doesn’t make the access control decisions for you. That’s still your job, and it matters more when the underlying models are capable enough to do real damage if pointed in the wrong direction.
The disinformation threat has a more direct implication for anyone building content generation or personalization systems. A tool that generates personalized content at scale is, by definition, capable of generating personalized influence content at scale. The same capability. The same infrastructure. The question of what guardrails you build into your system — and whether those guardrails are meaningful or performative — is a design decision, not a compliance checkbox.
The bioweapon threat is mostly upstream of what most builders are working on, but the general principle applies: if you’re building a domain-specific AI system that has access to specialized knowledge, you’re responsible for thinking through what that knowledge enables in the wrong hands. That’s not a comfortable thought, and there’s no clean answer to it.
For teams building full-stack applications that incorporate AI capabilities, the spec-driven approach that tools like Remy use — where you write annotated markdown describing your application’s intent, edge cases, and rules, and compile that into a complete TypeScript backend with auth and deployment — at least forces you to make your design decisions explicit before you build. When the source of truth is a readable spec rather than implicit code, the security and access control decisions are harder to accidentally omit. That’s a small structural advantage, but in a threat environment where the dangerous capabilities are increasingly accessible, small structural advantages matter.
The Terminator Is Not Coming. Something Else Is.
Nick Bostrom’s hard takeoff scenario — human-level AI to vastly superhuman in months or weeks — is still theoretical. The alignment problem is still unsolved. AGI is still not here.
But autonomous cyberweapons are not theoretical. Bioweapon design assistance is not theoretical. Personalized psychological manipulation at scale is not theoretical. These capabilities exist in the models that are available right now, to anyone with the motivation to use them and the technical knowledge to remove the guardrails.
Remy doesn't build the plumbing. It inherits it.
Other agents wire up auth, databases, models, and integrations from scratch every time you ask them to build something.
Remy ships with all of it from MindStudio — so every cycle goes into the app you actually want.
The Terminator is a better story. It has a face and red eyes and you know when it’s coming for you. The real threats are invisible until they’ve already worked. That’s what makes them harder to think about and harder to defend against.
The researchers who are actually losing sleep over this aren’t losing sleep over a robot uprising. They’re losing sleep over the gap between what current AI can do in offensive contexts and what our governance structures are equipped to handle. That gap is wide, it’s growing, and there’s no serious international effort to close it.
That’s the thing that should concern you. Not the demon. The laptop.
