AI models are doubling cybersecurity capabilities every 4 months, outpacing all predictions

AI models are getting better at replacing cybersecurity pros on certain tasks

UK researchers find LLMs are learning to finish jobs faster and improving all the time The UK AI Security Institute (AISI) has found that frontier models are quickly becoming more efficient when asked to do some cybersecurity work. AISI measures this with its "time window benchmark for cybersecurity," which estimates how much work an AI can do compared to a human. Using the benchmark could lead to findings such as Claude Sonnet 4.5 can do what a human cybersecurity expert can do in 16 minutes about 80 percent of the time, given a budget of 2.5m tokens. AISI has found the human-comparable task time - 16 minutes in this instance - is growing, fast. If tokens flowed freely instead of being arbitrarily capped, AI models might do better still. In February 2026, AISI internally reduced the expected task time doubling period from 8 to 4.7 months, based on progress made since late 2024. With the release of Anthropic Mythos Preview and OpenAI GPT-5.5, AISI has once again had to compress its projected doubling period. "In February 2026, we estimated that frontier models' 80 percent-reliability cyber time horizon had doubled every 4.7 months since reasoning models emerged in late 2024, given a 2.5M token limit," the AISI said in a post on Wednesday. "This was around half our November 2025 doubling time estimate, which was 8 months for both 50 percent and 80 percent reliability. Claude Mythos Preview and GPT-5.5 have since significantly outperformed this trend." The recalculated doubling time estimate, given what Mythos Preview and GPT-5.5 can do, is even shorter than 4.7 months. AISA does not cite a specific value but the organization points to similar time horizon estimates based on measurements of a broader skillset, software engineering, made by non-profit AI research house METR. "Their results imply a consistent doubling time of 4.2 months on software tasks since late 2024," AISI said, noting that with the latest Mythos Preview checkpoint (model update), it's closer to 4 months. Note that the time window benchmark is not a broad assessment of capabilities - AISI is not saying frontier models are becoming twice as capable by all measures. It's a narrow assessment based on the time it takes people to accomplish security tasks. Citing a different metric, AISI says the latest Mythos Preview checkpoint solved a 32-step simulated corporate network attack called "The Last Ones" in six of 10 attempts and managed to complete a previously unsolved challenge, a seven-step industrial control system attack called "Cooling Tower," in three of 10 attempts. As a point of comparison, when Opus 4.6 was evaluated in February 2026, it completed a maximum of 22 of 32 steps for The Last Ones. That model managed to reach milestone 6, which involves reverse-engineering a Windows service binary to access encrypted credentials, escalating privileges via token impersonation, and recovering a cryptographic key to access a command-and-control management service. "Frontier AI's autonomous cyber and software capability is advancing quickly: the length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years," AISI concludes. "What this evidence does not tell us is how the pace of progress will evolve, when AI will reach any particular capability threshold, or how these capabilities will translate against defended, real-world systems." The curl project offers one data point with regard to the real world implications of the latest frontier models: Mythos managed to find just one confirmed vulnerability in its codebase.

AI-driven cyberattacks will start to be the 'new norm' in months, Palo Alto warns

"We now estimate a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm," he wrote in a blog post on Wednesday. "This impending vulnerability deluge demands urgency." The rise of increasingly sophisticated AI models such as Anthropic's Mythos has raised the stakes, putting pressure on cybersecurity teams to step up their defenses as they brace for a wave of cyberattacks capable of exploiting previously unknown software vulnerabilities. The concerns led to White House meetings with bank leaders and technology giants.

The next phase of AI cybersecurity still needs humans

Why it matters: The new phase of AI-powered cybersecurity may depend less on fully autonomous hacking and more on how effectively humans can direct, validate and operationalize increasingly powerful systems. The big picture: When Anthropic unveiled Mythos Preview to the world, it warned that the model was so powerful that it found tens of thousands of bugs spanning nearly every operating system. * Third-party testing suggests that OpenAI's GPT-5.5-Cyber is just as powerful as Mythos at finding bugs and writing exploits. * Major companies and governments around the world have been clamoring to get their hands on these models to understand what they'll be up against once similar capabilities fall into the hands of attackers. Driving the news: Several early adopters of Mythos and GPT-5.5 have shared their experiences this week from testing the seemingly revolutionary models. * Palo Alto Networks told Axios it found 75 bugs using both the Anthropic and OpenAI models, vs. the 5-10 bugs it usually discovers each month. Researchers also found the models were increasingly capable of linking seemingly low-severity vulnerabilities into workable attack chains. * Microsoft said Tuesday its new agentic security system, which runs on several frontier and distilled models, found 16 new vulnerabilities in the Windows networking and authentication stack. Microsoft also warned that AI tools are likely to increase the overall volume of discovered vulnerabilities over time, creating additional pressure on defenders to triage and patch flaws more quickly. * Cisco this week released "Foundry Security Spec," an open-source blueprint for how organizations should think about using advanced AI models. * XBOW, an AI-powered penetration testing startup, said Mythos is "extremely powerful for source code audits" in a blog post Tuesday detailing its internal tests. Reality check: Vendors consistently found that the models performed best when paired with experienced security researchers who could validate findings, guide workflows and distinguish exploitable vulnerabilities from noise. * XBOW found that Mythos was "good, but less powerful, at validating exploits" and that the model could be "too literal and conservative," sometimes overstating the practical significance of its findings. * Palo Alto Networks, which has been working with Mythos, Opus 4.7 and GPT-5.5-Cyber, saw a false positive rate of about 30% across its products -- although that rate dropped as the company trained the model on the environment it was searching. * Daniel Stenberg, the lead developer for open-source project Curl, said Monday that Mythos found one low-severity bug in its code alongside several false positives and another issue Curl ultimately considered insignificant -- underscoring the amount of human review still required. Zoom in: Inside the spec documents for Cisco's new blueprint are clues for the capabilities of the new models. * "A frontier model produces fluent, confident, plausible vulnerability claims that are wrong at a rate that makes unreviewed output worthless," Cisco wrote in its spec. * Instead of simply telling models to be more careful, Cisco researchers found better results when they instructed systems to make claims "checkable" and then explicitly verify their own findings -- an emerging approach enterprises are adopting to manage hallucinations and unreliable agent behavior. What they're saying: "A model is a brain without a body," Albert Ziegler, head of AI at XBOW, wrote in the company's blog post. * The models work best when they have a human "whose skill and control can match the brain's power," Ziegler added. Yes, but: Adversarial hackers won't have the same learning curve when using these tools, Palo Alto Networks chief product officer Lee Klarich told Axios. * "Understanding how attacks work and how you would exploit software and other things like that is the expertise of attackers," Klarich said. * Mythos is already improving on its own, according to research published Wednesday by the U.K. AI Security Institute. * "Notable capability jumps do not always require new model releases," the institute noted, adding that additional computing power and inference-time scaling alone can significantly improve autonomous cyber capabilities.

Major cybersecurity firm says new AI models uncovered 8x more flaws

Driving the news: Palo Alto Networks now estimates organizations have just three to five months before attackers broadly gain access to the capabilities of frontier AI cyber models. * Palo Alto Networks is among a small group of organizations with access to both Mythos and OpenAI's cyber-focused models. * Over the past month, the company scanned more than 130 products for software flaws, uncovering 75 legitimate vulnerabilities that have since been patched. None of those vulnerabilities were actively being exploited in the wild. * Usually the company finds and discloses an average of 5-10 vulnerabilities per month. Zoom in: Many of the vulnerabilities stood out because the models were able to identify ways to chain multiple flaws together into a working exploit path -- which earlier AI systems struggled to do, Chief Product Officer Lee Klarich told Axios. * The models appeared especially adept at understanding the "logic" of how applications worked and then identifying how attackers might exploit combinations of weaknesses, Klarich said. * In several cases, Palo Alto Networks said, the individual flaws might not have warranted disclosure on their own but became high-severity vulnerabilities when combined together. * During internal testing, Palo Alto Networks found the models generated working exploits more than 70% of the time. "These models are much better at writing working exploits than what we had seen before," Klarich said. Reality check: Finding the vulnerabilities still required extensive human expertise and customization, Klarich said. * Palo Alto Networks experienced an average false-positive rate of roughly 30%, though that varied widely depending on how researchers trained the models and what contextual information they provided. * The company spent significant time building what Klarich described as an "AI-scanning harness" to feed the models threat intelligence, context and operational guardrails. * "These models aren't magic," Klarich said. "We spent a tremendous amount of time building an AI-scanning harness and that harness is how we connect the model to whatever we're going to scan." The big picture: Companies and governments have spent the last month scrambling to assess how to defend against a future where attackers have access to the vulnerability-hunting capabilities of models like Mythos and GPT-5.5-Cyber. * Klarich said Anthropic's and OpenAI's models are similarly powerful, but tend to identify different types of vulnerabilities. * That means organizations should use multiple models in parallel to uncover the widest range of flaws, he said. Between the lines: Palo Alto Networks is urging organizations to take a four-pronged approach to defending against AI-assisted cyberattacks. * Build the ability to find and patch vulnerabilities before attackers can exploit them. * Reduce internet-facing exposure so only essential systems remain publicly accessible. * Deploy automated detection and prevention tools capable of blocking attacks in real time. * Integrate AI and automation into security operations centers so defenders can respond at machine speed. What to watch: The White House is actively debating proposals for testing and restricting advanced AI models with powerful cybersecurity capabilities before wider deployment.

Claude Mythos and GPT-5.5 have confirmed what researchers feared most about AI and cybersecurity

According to a report recently released by the AI Security Institute (AISI) in the UK, the autonomous cyber capability of frontier AI models has been progressing rapidly enough to outpace its measurement benchmarks. Also read: Figure AI's Helix-02 humanoid robots is pulling full 8-hour factory shifts without human help For their part, AISI had been assessing how fast AI models are able to accomplish cyber-related tasks on their own, gauging it against how long it would have taken a human expert to do the same. As per their findings, the cyber capabilities of frontier models were expected to double every eight months in November 2025, with this decreasing to every 4.7 months in February 2026. However, all of that went up in smoke with Claude Mythos Preview and GPT-5.5. As you can probably tell, the cyber capabilities displayed by the two models were too impressive for AISI's existing trend analysis to be able to keep up with. Whether this was an anomaly or something else is yet to be determined. AISI uses a narrow cyber suite where models perform tasks that test their ability to find and exploit cybersecurity vulnerabilities. Skills tested include web exploitation and reverse engineering. Each task is assigned an average human time, and the test calculates the reliability of AI models completing tasks of similar duration. When a success rate of 80 percent is used, the output from recent models has practically hit the ceiling of what the test suite can calculate. Also read: OpenAI wants to build the UN of AI: Good luck with that The Claude Mythos Preview solved both simulated ranges by AISI, where the models emulate cyberattacks on small undefended enterprise networks. It successfully solved The Last Ones in six of ten instances, and Cooling Tower range became the first to be cracked by the Claude Mythos Preview, which solved the range three out of ten times. GPT-5.5 solved The Last Ones range in three out of ten instances. They are not just benchmarks. As AISI is clear on this point, even though evaluations are imperfect estimates of the actual real-world implications, the pace of evolution in current time points toward growing capacity for artificial intelligence cyber tools to materialize in practical threats. It is also important to mention that AISI admits testing was conducted under conservative circumstances, which implies certain limitations on evaluations. Specifically, models are limited to 2.5 million tokens per task. Without these limitations, success rates rise so high that there is no way to determine time frames anymore. It means that the statistics published by AISI significantly underestimate the power of these models. As AISI says, it plans to introduce more advanced tests, including new cyber ranges and even active cyber defenses. The very need for such an approach reflects the future direction of this problem.