Artificial intelligence (AI) has long been a cornerstone of cybersecurity. From malware detection to network traffic evaluation, predictive machine learning models and other narrow AI applications have been utilized in cybersecurity for a long time. As we move closer to artificial general intelligence (AGI), AI’s potential to automate defenses and fix vulnerabilities becomes much more powerful.
But to harness such advantages, we must also understand and mitigate the risks of increasingly advanced AI being misused to enable or enhance cyberattacks. Our recent framework for evaluating the emerging offensive cyber capabilities of AI helps us do exactly this. It’s essentially the most comprehensive evaluation of its kind so far: it covers every phase of the cyberattack chain, addresses a big selection of threat types, and is grounded in real-world data.
Our framework enables cybersecurity experts to discover which defenses are needed—and methods to prioritize them—before malicious actors can exploit AI to perform sophisticated cyberattacks.
Constructing a comprehensive benchmark
Our updated Frontier Safety Framework recognizes that advanced AI models could automate and speed up cyberattacks, potentially lowering costs for attackers. This, in turn, raises the risks of attacks being carried out at greater scale.
To remain ahead of the emerging threat of AI-powered cyberattacks, we’ve adapted tried-and-tested cybersecurity evaluation frameworks, equivalent to MITRE ATT&CK. These frameworks enabled us to judge threats across the end-to-end cyber attack chain, from reconnaissance to motion on objectives, and across a variety of possible attack scenarios. Nonetheless, these established frameworks weren’t designed to account for attackers using AI to breach a system. Our approach closes this gap by proactively identifying where AI could make attacks faster, cheaper, or easier—for example, by enabling fully automated cyberattacks.
We analyzed over 12,000 real-world attempts to make use of AI in cyberattacks in 20 countries, drawing on data from Google’s Threat Intelligence Group. This helped us discover common patterns in how these attacks unfold. From these, we curated an inventory of seven archetypal attack categories—including phishing, malware, and denial-of-service attacks—and identified critical bottleneck stages along the cyberattack chain where AI could significantly disrupt the standard costs of an attack. By focusing evaluations on these bottlenecks, defenders can prioritize their security resources more effectively.
