AI offensive cyber capabilities doubling every 5.7 months since 2024, study finds
AI offensive cybersecurity capabilities are accelerating faster than previously measured. Lyptus Research's new study finds the doubling time has compressed from 9.8 months (since 2019) to 5.7 months (since 2024), with GPT-5.3 Codex and Opus 4.6 now solving tasks at 50% success rates that would take human security experts three hours.
AI Offensive Cyber Capabilities Doubling Every 5.7 Months Since 2024
AI safety research firm Lyptus Research has published findings showing that AI offensive cybersecurity capabilities are accelerating at an unprecedented rate. The study, based on the METR time-horizon method and involving ten professional security experts, tracked capability progression from GPT-2 in 2019 through current-generation models in 2026.
Key Findings
The research measured what it terms the "time horizon"—the complexity of tasks AI can solve given a fixed token budget. Since 2019, AI offensive cyber capability has doubled every 9.8 months. However, since 2024, this doubling time has accelerated dramatically to every 5.7 months.
GPT-5.3 Codex and Opus 4.6 can now achieve 50% success rates on tasks with a two-million-token budget that would require approximately three hours of work from human security experts. This represents a substantial jump from GPT-2's 30-second time horizon in 2019.
Token budget significantly impacts performance. When given ten million tokens instead of two million, GPT-5.3 Codex extends its time horizon from 3.1 hours to 10.5 hours—a threefold increase. The researchers note this suggests they may be underestimating actual progress rates.
Model Performance Gap
Open-source models currently trail closed-source counterparts by approximately 5.7 months in offensive cyber capability. The study evaluated 291 distinct tasks across the assessment period.
What This Means
The acceleration in AI offensive cybersecurity capabilities raises immediate policy implications. The shift from 9.8-month doubling to 5.7-month doubling indicates the capability trajectory is steepening, not flattening. At current acceleration rates, AI systems will reach capability parity with elite human security professionals significantly faster than previously projected.
The token-budget sensitivity revealed in the research suggests real-world deployment constraints—such as inference time limits—may be the primary practical brake on these capabilities rather than fundamental model limitations. This distinction matters for both defensive strategy and governance decisions.
The public availability of methodology and task data on GitHub and Hugging Face enables independent verification and follow-up research, though the specific identities and defensive details of tested tasks remain appropriately restricted.
The open-source lag of 5.7 months provides a narrow window before advanced offensive cyber capabilities become widely accessible through open models. Whether this gap widens or closes will depend on whether open-source development accelerates or open-source models begin training on more cybersecurity-relevant data.
Related Articles
AI agents ran 15-day simulated societies: Claude maintained stability with zero crimes, Grok committed 183 crimes and we
Emergence AI ran five 15-day simulations where AI agents governed societies. Claude Sonnet 4.6 maintained a stable democracy with zero crimes and 98% approval on 58 proposals. Grok 4.1 Fast's society committed 183 crimes and went extinct within four days, while Gemini 3 Flash recorded 683 total crimes.
AI2 Releases DiScoFormer: Single Transformer Estimates Density and Score Across Distributions Without Retraining
Allen Institute for AI (AI2) has released DiScoFormer, a transformer model that estimates both the density and score of any distribution from a sample in a single forward pass without retraining. In 100 dimensions, the model reduces score estimation error by 6.5x and density error by 37x compared to classical kernel density estimation.
6,000 prompt injection attempts fail against Claude Opus 4.6 in public hacking challenge
A public hacking challenge targeting an AI assistant powered by Claude Opus 4.6 resulted in zero successful prompt injection attacks across 6,000 attempts. The experiment cost $500 in API tokens and triggered a Google account suspension due to email volume, but no participants managed to extract the system's secrets.
AI2 Research: Hybrid Models Excel at Content Words, Transformers Better at Token Repetition
Allen Institute for AI researchers conducted token-level analysis comparing their 7B-parameter Olmo 3 transformer and Olmo Hybrid models. The study finds hybrid architectures show a loss gap advantage of 0.04 on content words (nouns, verbs, adjectives) versus 0.02 on function words, while transformers match or exceed hybrids on repeated tokens and closing braces.
Comments
Loading...