AI Frontier Models Achieve Near‑100% Success on Complex Cyber‑Range Attacks, Doubling Autonomous Capability Pace
What Happened — The UK AI Security Institute (AISI) reports that frontier AI models such as Claude Mythos Preview and GPT‑5.5 are completing multi‑step intrusion simulations at rates far exceeding prior forecasts, with success rates approaching 100% on the most difficult tasks. The models have halved the “time‑horizon” needed to autonomously perform sophisticated cyber operations compared with estimates from late 2024.
Why It Matters for TPRM —
- Accelerated AI capability raises the probability that threat actors will weaponize autonomous tools against third‑party ecosystems.
- Traditional security controls may be outpaced, increasing exposure for vendors that rely on legacy detection methods.
- Supply‑chain risk assessments must now factor in AI‑driven attack vectors that can bypass human‑centric defenses.
Who Is Affected — Technology SaaS providers, cloud infrastructure operators, industrial control‑system vendors, and any organization that outsources security monitoring to third‑party services.
Recommended Actions —
- Re‑evaluate vendor security questionnaires to include AI‑related threat modeling.
- Verify that partners employ AI‑aware detection (e.g., behavior‑based analytics, AI‑generated threat hunting).
- Incorporate continuous monitoring of AI‑driven attack trends into third‑party risk dashboards.
Technical Notes — The capability measurement uses “time‑horizon benchmarks” comparing AI task completion time to human experts. Models succeeded in 6‑step corporate network attacks and 7‑step industrial‑control‑system attacks, surpassing prior token‑limit constraints. No specific CVEs are cited; the risk stems from autonomous reasoning rather than known software flaws. Source: Help Net Security