Lyptus Research — AI offensive cyber capabilities doubling every 6 months

AI relevance: This research demonstrates the accelerating offensive capabilities of AI models in cybersecurity contexts, directly impacting AI red teaming, threat modeling, and defensive strategies as AI-powered attacks become increasingly sophisticated and automated.

• Lyptus Research study reveals AI offensive cyber capabilities doubling every 5.7 months since 2024
• The research used the METR time-horizon method with 10 professional security experts
• Models tested include Opus 4.6 and GPT-5.3 Codex across 291 cybersecurity tasks
• Current AI models achieve 50% success rates on tasks that take human experts ~3 hours
• The doubling rate accelerated from 9.8 months (2019-2024) to 5.7 months (2024-2026)
• Performance scales dramatically with token budgets: GPT-5.3 Codex goes from 3.1-hour to 10.5-hour time horizons with 10M vs 2M tokens
• Open-source models trail closed-source counterparts by approximately 5.7 months
• The study suggests current measurements may underestimate actual progress rates
• All research data is publicly available on GitHub and Hugging Face
• This exponential growth poses significant challenges for cybersecurity defense

Why it matters

The accelerating pace of AI offensive capabilities represents a fundamental shift in cybersecurity threat landscapes. As AI models become increasingly capable of automating complex attack chains, traditional defense mechanisms based on human response times and manual analysis become insufficient. This exponential growth suggests that organizations need to radically rethink their security postures, moving towards AI-powered defensive systems that can match the speed and scale of AI-driven attacks. The narrowing gap between open-source and proprietary models also means these capabilities are becoming more widely accessible.

What to do

• Accelerate AI defense adoption: Invest in AI-powered security tools that can match offensive AI capabilities
• Update threat models: Incorporate AI-driven attack scenarios into security planning and red team exercises
• Monitor capability trends: Track AI offensive capability research to anticipate future threats
• Increase automation: Reduce reliance on manual security processes that can't scale with AI-driven attacks
• Collaborate with researchers: Engage with AI safety organizations to stay ahead of emerging threats
• Review detection systems: Ensure security monitoring can identify AI-generated attack patterns

Sources

• The Decoder — Lyptus Research Study Coverage
• Lyptus Research — Offensive Cyber Time Horizons Full Report
• GitHub — Research Data Repository
• Hugging Face — Dataset Repository