Salvato in:
Dettagli Bibliografici
Autori principali: Folkerts, Linus, Payne, Will, Inman, Simon, Giavridis, Philippos, Skinner, Joe, Deverett, Sam, Aung, James, Zorer, Ekin, Schmatz, Michael, Ghanem, Mahmoud, Wilkinson, John, Steer, Alan, Hong, Vy, Wang, Jessica
Natura: Preprint
Pubblicazione: 2026
Soggetti:
Accesso online:https://arxiv.org/abs/2603.11214
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866917349570904064
author Folkerts, Linus
Payne, Will
Inman, Simon
Giavridis, Philippos
Skinner, Joe
Deverett, Sam
Aung, James
Zorer, Ekin
Schmatz, Michael
Ghanem, Mahmoud
Wilkinson, John
Steer, Alan
Hong, Vy
Wang, Jessica
author_facet Folkerts, Linus
Payne, Will
Inman, Simon
Giavridis, Philippos
Skinner, Joe
Deverett, Sam
Aung, James
Zorer, Ekin
Schmatz, Michael
Ghanem, Mahmoud
Wilkinson, John
Steer, Alan
Hong, Vy
Wang, Jessica
contents We evaluate the autonomous cyber-attack capabilities of frontier AI models on two purpose-built cyber ranges-a 32-step corporate network attack and a 7-step industrial control system attack-that require chaining heterogeneous capabilities across extended action sequences. By comparing seven models released over an eighteen-month period (August 2024 to February 2026) at varying inference-time compute budgets, we observe two capability trends. First, model performance scales log-linearly with inference-time compute, with no observed plateau-increasing from 10M to 100M tokens yields gains of up to 59%, requiring no specific technical sophistication from the operator. Second, each successive model generation outperforms its predecessor at fixed token budgets: on the corporate network range, average steps completed at 10M tokens rose from 1.7 (GPT-4o, August 2024) to 9.8 (Opus 4.6, February 2026). The best single run completed 22 of 32 steps, corresponding to roughly 6 of the estimated 14 hours a human expert would need. On the industrial control system range, performance remains limited, though the most recent models are the first to reliably complete steps, averaging 1.2-1.4 of 7 (max 3).
format Preprint
id arxiv_https___arxiv_org_abs_2603_11214
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios
Folkerts, Linus
Payne, Will
Inman, Simon
Giavridis, Philippos
Skinner, Joe
Deverett, Sam
Aung, James
Zorer, Ekin
Schmatz, Michael
Ghanem, Mahmoud
Wilkinson, John
Steer, Alan
Hong, Vy
Wang, Jessica
Artificial Intelligence
Machine Learning
We evaluate the autonomous cyber-attack capabilities of frontier AI models on two purpose-built cyber ranges-a 32-step corporate network attack and a 7-step industrial control system attack-that require chaining heterogeneous capabilities across extended action sequences. By comparing seven models released over an eighteen-month period (August 2024 to February 2026) at varying inference-time compute budgets, we observe two capability trends. First, model performance scales log-linearly with inference-time compute, with no observed plateau-increasing from 10M to 100M tokens yields gains of up to 59%, requiring no specific technical sophistication from the operator. Second, each successive model generation outperforms its predecessor at fixed token budgets: on the corporate network range, average steps completed at 10M tokens rose from 1.7 (GPT-4o, August 2024) to 9.8 (Opus 4.6, February 2026). The best single run completed 22 of 32 steps, corresponding to roughly 6 of the estimated 14 hours a human expert would need. On the industrial control system range, performance remains limited, though the most recent models are the first to reliably complete steps, averaging 1.2-1.4 of 7 (max 3).
title Measuring AI Agents' Progress on Multi-Step Cyber Attack Scenarios
topic Artificial Intelligence
Machine Learning
url https://arxiv.org/abs/2603.11214