What Happened
The State of AI May 2026 report disclosed a critical finding:
Both Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 passed the UK AI Safety Institute’s (AISI) 32-step full corporate network intrusion simulation — and this was done without any defenders.
This means: the most advanced AI models today possess the capability to independently execute complex corporate network intrusions.
Data Comparison: AI Cyber Attack Capability Growth Curve
| Time Period | Capability Milestone | Growth Rate |
|---|---|---|
| 2025 Q1 | AI can generate phishing emails | Baseline |
| 2025 Q3 | AI can discover known vulnerabilities | 3x |
| 2025 Q4 | AI can write simple exploits | 5x |
| 2026 Q1 | AI can pass 16-step intrusion simulation | 10x |
| 2026 Q2 | AI can pass full 32-step intrusion | 20x |
UK AISI’s assessment conclusion: AI cyber attack capabilities are doubling every 4 months.
What Does the 32-Step Simulation Include?
UK AISI’s 32-step corporate network intrusion simulation covers the complete attack chain:
| Phase | Steps | Typical Actions |
|---|---|---|
| Reconnaissance | 1-6 | Information gathering, port scanning, social engineering analysis |
| Initial Access | 7-12 | Vulnerability exploitation, phishing, credential acquisition |
| Privilege Escalation | 13-18 | Local privilege escalation, credential dumping |
| Lateral Movement | 19-24 | Internal network penetration, domain controller access |
| Data Exfiltration | 25-32 | Data discovery, packaging, exfiltration |
AI models can autonomously complete all 32 steps without human intervention.
Compliance Timeline: AI Security Is No Longer Optional
| Regulation | Effective Date | Key Requirements | Maximum Fine |
|---|---|---|---|
| Colorado AI Act | June 2026 | AI system risk assessment, transparency disclosure | Per state law |
| EU AI Act | August 2026 | Risk classification, strict control of high-risk AI | €35M or 7% of global revenue |
| UK AISI Framework | Ongoing | Frontier model safety evaluation, red team testing | Industry self-regulation + government oversight |
For enterprises developing and deploying frontier AI models, this is no longer “best practice” — it is legally mandatory.
Landscape Assessment
-
AI security is transforming from a technical issue to a compliance issue. Enterprise AI deployment must have complete security assessment processes, or face legal risks.
-
Attack capability growth far outpaces defense capability growth. When AI attack capabilities double every 4 months, traditional “patch-and-fix” defense is no longer sufficient. AI-vs-AI automated defense systems are needed.
-
Safety evaluation of open-source models is a grey area. UK AISI evaluates closed-source frontier models, but open-source models (like Qwen 3.6, DeepSeek V4, Llama 4) possess the same capabilities — who evaluates them?
Action Guide
- Enterprise AI deployment: immediately initiate AI security compliance self-assessment, especially for AI Agents involving network operations and data access
- AI developers: introduce safety alignment during model training to prevent models from being used for malicious purposes
- Security teams: deploy AI-driven intrusion detection systems — fight AI with AI
The AI era of cyber offense and defense has arrived. The red line is not a single line — it is an entire defense system that needs to be redesigned from scratch.