Two independent studies have found that the latest frontier AI models have dramatically outpaced previous expectations for autonomous cybersecurity performance, raising new concerns about how quickly artificial intelligence is evolving in offensive cyber capabilities.
Research from the United Kingdom’s AI Security Institute (AISI) and cybersecurity firm Palo Alto Networks shows that models such as Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 have exceeded long-standing performance growth trends used to measure AI-driven cyber autonomy.
AI Cyber Capability Growth Outpaces Forecasts
The AISI reported that frontier AI systems have now surpassed a previously observed “doubling trend” in which models became capable of completing increasingly complex cyber tasks in roughly five-month intervals.
That pace itself had already accelerated from earlier estimates, but the newest evaluations suggest even faster improvement, with the latest models exceeding expected performance thresholds by a significant margin.
Researchers said it is still unclear whether this represents a temporary spike in capability or a structural shift in how rapidly AI systems are advancing.
Frontier Models Complete Complex Cyber Attack Simulations
The findings are based on structured cyber-range simulations designed to test how effectively AI systems can carry out multi-stage attack scenarios against controlled enterprise environments.
Claude Mythos Preview became the first model to successfully complete both of the institute’s most advanced test environments. In one scenario involving a 32-step simulated attack chain, the model succeeded in multiple attempts. It also solved another previously unsolved scenario that required advanced multi-stage reasoning and exploitation planning.
OpenAI’s GPT-5.5 demonstrated similar capability, successfully completing one of the most complex simulated attack environments tested by the institute.
Security Researchers Observe Near Real-Time Vulnerability Discovery
Palo Alto Networks independently confirmed similar results through its own testing programs, reporting that modern AI systems are now capable of identifying software vulnerabilities and converting them into exploit paths at unprecedented speed.
The company noted that AI-assisted scanning across more than 130 software products uncovered dozens of vulnerabilities, significantly increasing the number of issues identified compared to traditional manual analysis.
These findings suggest that AI systems are becoming increasingly effective at automating tasks traditionally performed by skilled penetration testers and security researchers.
A Rapid Acceleration in AI “Cyber Time Horizons”
The AISI uses a measurement called the “cyber time horizon,” which estimates how long a task takes a human expert compared to an AI system’s ability to complete it autonomously.
According to the institute, this capability has been doubling at an accelerating rate since late 2024. Recent results indicate that task completion performance is now improving on the scale of months rather than years, with some estimates suggesting a doubling period of around four months.
Researchers cautioned that while the trend is consistent across multiple models and methodologies, no single benchmark can fully capture real-world capability.
Implications for Cybersecurity Defenses
Cybersecurity firms are already adapting to the implications of increasingly autonomous AI systems. Palo Alto Networks outlined several priorities for organizations, including faster vulnerability remediation, reduced attack surface exposure, and expanded use of AI-driven detection tools.
Security experts warn that as AI systems become more capable of automating complex cyber operations, attackers may also gain the ability to conduct faster and more scalable intrusions.
This raises the risk that future cyberattacks could unfold in near real time, reducing the window defenders have to respond.
Need for Stronger Evaluation and Oversight
The AI Security Institute said it is expanding its testing frameworks to better evaluate next-generation models, including more complex cyber ranges and real-world defense scenarios.
Researchers emphasized that current benchmarks may no longer be sufficient to measure the full scope of frontier AI capabilities, particularly as systems begin to demonstrate advanced reasoning across multi-step cyber operations.
Conclusion
The latest findings suggest that AI-driven cybersecurity capabilities are advancing at a pace faster than many researchers anticipated. While the full implications remain uncertain, the results point to a rapidly shifting landscape where both attackers and defenders may increasingly rely on autonomous AI systems.
As capability gaps continue to narrow, cybersecurity experts say the focus must shift toward resilience, rapid response, and continuous monitoring to keep pace with machine-speed cyber operations.
