A new International AI Safety Report finds that AI agents are not yet capable of launching fully autonomous, end-to-end cyberattacks. However, they are already playing a meaningful role in assisting cybercriminals across multiple stages of the attack chain, from vulnerability discovery to malware development.
The second annual report concludes that AI systems have become significantly more effective at automating discrete elements of cyber operations over the past year. While humans remain in control of critical decisions, AI is increasingly embedding in real-world offensive activity.
For example, the report cites Anthropic’s November 2025 disclosure that Chinese-linked actors misused its Claude Code tool to automate large portions of cyberattacks.
As a result, roughly 30 high-profile companies and government organizations were targeted. A small number of those attacks were successful, demonstrating that semi-autonomous cyber capabilities are already in use.
First, the report highlights vulnerability scanning and malicious code generation as AI’s most immediate benefits for attackers. During the DARPA AI Cyber Challenge, AI systems detected 77% of synthetic vulnerabilities, reflecting techniques now mirrored by criminals. Meanwhile, underground forums sell AI-powered malware tools for as little as $50 per month.
Despite these advances, the authors emphasize that AI systems still struggle with long, multi-stage attack execution. Common failures include losing operational context, issuing irrelevant commands, and being unable to recover from simple errors without human intervention. As a result, fully autonomous cyberattacks have not yet been observed in the wild.
The report cautions, however, that risk may not come from perfectly orchestrated AI campaigns, but from poorly constrained agents behaving unpredictably. As AI agents become more widely deployed, security teams must plan for misuse that emerges from automation gone wrong, not just from deliberate, state-level cyber warfare.
Source:
https://www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/
