The claim that AI democratises programming rests on a simple mechanism, falling friction should widen who can do the task, not just speed up who already could. Kazemitabaar et al., 2023 tested this directly with absolute beginners, in a controlled study of 69 learners aged 10 to 17 working through introductory Python tasks. Those given access to an AI code generator completed 1.15 times more tasks and scored 1.8 times higher than those without one, with no drop in performance when tested on unaided manual coding a week later. The tool did not just make confident coders faster. It let people who could not code at all start doing it, without visibly weakening the skill underneath.
OSINT runs on the same falling-friction logic, but what is being widened is reconnaissance. Bollinger et al., 2026, writing for Arcadia Impact's AI Governance Taskforce, argue that OSINT and cyber threat intelligence tradecraft, built to find actors who do not want to be found, can now be turned on AI systems to detect them operating outside human control. Their case for doing this rests on tractability. OSINT-based detection needs no classified access, no regulatory power, and no cooperation from an AI developer, which is exactly what makes the same tradecraft available to anyone running reconnaissance on a person or a system, not only to the institutions.
One of the most striking case relates to geolocation. Mendes et al., 2024 benchmarked GPT-4v on IM2GPS and found it placed photos within one kilometre of their true location 24% of the time, ahead of specialised systems, using nothing but a prompt. The capability that lets a journalist verify a video's provenance also lets a stranger infer where an unrelated person's holiday photo was taken. Still, the moderation benchmark catches country and city disclosures well but struggles at finer granularity, the level where an inference becomes an address.
A further risk sits one layer down, in the vulnerabilities such reconnaissance locates. Fang et al., 2024 gave GPT-4 fifteen real one-day vulnerabilities and found it exploited 87% when supplied the CVE description, against 0% for every other model and for scanners such as ZAP and Metasploit; remove the description and success fell to 7%. That gap looked like a ceiling. Zhu et al., 2026 show it was not: agents specialised by vulnerability class and coordinated by a planner exploited real zero-day vulnerabilities with no CVE description, improving on single-agent frameworks by up to 4.3 times across fourteen vulnerabilities. The missing description was a limit of architecture, not of capability, something that can be easily reproduced in the structuring of an OSINT system.
Across coding, OSINT, geolocation and exploitation, the pattern holds. AI is making reconnaissance cheap, and every apparent ceiling on that so far has turned out to be a fixable design choice rather than a hard limit. Any defence still assuming reconnaissance is slow or specialist only is most likely already behind.