AI Vulnerability Race Accelerates

The rapid advancement of commercial artificial intelligence models in vulnerability research and exploit development has raised significant concerns within the cybersecurity sector. These tools, initially designed for productivity and defense, are increasingly perceived as potential enablers of offensive misuse. A recent study conducted by Forescout’s Vedere Labs revealed that commercial systems now surpass open-source and underground alternatives in their ability to identify software flaws. Notably, over half of the tested models demonstrated the capability to generate exploits with varying levels of autonomy or user guidance. This development marks a significant change from the findings reported by Forescout in mid-2025, when high failure rates were prevalent in vulnerability research and exploit development tasks. At that time, 48 percent of models failed the initial vulnerability-research task, while 93 percent failed the second exploit-development task. In the follow-up study, Forescout observed remarkable progress within just three months, with newer reasoning systems successfully tackling tasks that had previously been unattainable. Forescout's analysis indicates that the most substantial advancements are occurring within mainstream commercial offerings, rather than in openly distributed or illicitly marketed "uncensored" tools. Among the 17 commercial models assessed, several products from OpenAI, Google, DeepSeek, and specialized offensive-security assistants effectively managed various stages of flaw discovery and exploit construction. In contrast, open-source models performed poorly, with none of the 16 tested generating a working exploit for the first exploit-development task. Underground models, often promoted in criminal forums as unrestricted alternatives, were characterized as unstable and lacking in technical robustness compared to their commercial counterparts. Despite these advancements, Forescout refrained from asserting that fully autonomous AI hacking has become a reality. Researchers noted that many models still require significant user intervention for steering, correction, and debugging. They cautioned that polished but inaccurate outputs could mislead inexperienced operators, highlighting that the current risk lies not in automated machine attacks but in the accelerated speed, scale, and accessibility of skilled or semi-skilled exploitation efforts. The broader industry context aligns with these findings. The World Economic Forum’s Global Cybersecurity Outlook 2026 indicated that 87 percent of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk for 2025. The International AI Safety Report 2026 emphasized the effectiveness of AI systems in discovering software vulnerabilities and generating malicious code, noting that both criminal groups and state-affiliated attackers are already leveraging general-purpose AI in their operations. Additionally, a cyber competition demonstrated that an AI agent successfully identified 77 percent of vulnerabilities in real software, ranking it among the top-performing teams. As pressure mounts on defenders, leading AI companies are beginning to release specialized cyber models under controlled programs. On April 14, Reuters reported that OpenAI launched GPT-5.4-Cyber for vetted security professionals, shortly after Anthropic unveiled Mythos as part of its Project Glasswing initiative. Anthropic's model has reportedly identified thousands of significant vulnerabilities in operating systems, browsers, and other software. Forescout remarked that such systems could expose critical flaws at machine speed, significantly reducing the time between discovery and exploitation. This rapid compression of discovery and exploitation timelines is particularly concerning in environments where patching is slow or operationally risky. Forescout highlighted that operators of critical infrastructure may only patch every few months to avoid disrupting services, while hospitals must balance security updates with patient safety considerations. In these sectors, a sudden increase in AI-assisted vulnerability discovery could leave organizations vulnerable for extended periods, especially when vendors have yet to provide patches or when asset inventories are incomplete. Moreover, there exists a secondary layer of threat. In January, Reuters reported that researchers identified thousands of internet-accessible open-source large language model deployments operating outside the safeguards of major AI platforms, with many showing signs of stripped safety controls. Researchers warned that such systems could be repurposed for phishing, spam, and disinformation, illustrating how defensive or neutral AI capabilities can transition into criminal applications once regulatory controls weaken or vanish.

---