AI-driven cyber risks surge across key attack scenarios

The expanding misuse of advanced artificial intelligence in cyberattacks is accelerating far faster than governments, companies and security teams are prepared for, according to a major new study that maps in detail how AI systems are likely to reshape the scale and impact of digital crime.  

The study, titled “Toward Quantitative Modeling of Cybersecurity Risks Due to AI Misuse,” introduces the first structured quantitative approach designed to measure how AI capabilities convert into real-world cyber harm. The authors apply the model to nine cyber-offense scenarios, demonstrating how AI can increase the number of attackers, the volume of attacks, the probability of success, and the resulting damage. The findings show systematic uplift across nearly all models, offering what researchers call a crucial early warning for policymakers and industry.

Quantifying risk: A shift away from threshold-based Aassessment

For years, AI safety frameworks have relied on threshold-triggered evaluations. If a frontier model demonstrates a particular dangerous capability, it triggers certain mitigations. But the study argues this approach cannot measure the magnitude of risk, the interaction of multiple capabilities or the real path from capability to harm. Without quantification, organizations cannot determine whether mitigations are sufficient or targeted at the right threats.

The technical report replaces this legacy approach with a step-by-step quantitative risk model. Each cyberattack scenario is broken into components: the number of threat actors active in the domain, how often attacks are attempted, the likelihood each attack step succeeds and the typical damage inflicted when an attempt results in compromise. The researchers map AI influence onto these components to measure uplift. This structured decomposition is built to reveal where AI creates the largest increases in risk and why certain scenarios are especially sensitive to capability gains.

The methodology incorporates the MITRE ATT&CK framework as the backbone for analyzing adversary behavior. It traces each scenario through reconnaissance, initial access, execution, persistence, exfiltration, and impact, assigning probabilities and quantities that reflect current attacker operations. Baseline conditions are determined using real-world cybercrime data, expert input and historical trends.

To model AI-enabled uplift, the study identifies key indicators linked to AI performance. These include benchmark scores from Cybench and BountyBench, which measure offensive cybersecurity skill across AI systems. The authors then design mappings between these indicators and the changes they trigger in attacker ability, volume of attacks, and harm potential. As AI capability rises, the model projects increased impact driven by automation, faster reconnaissance, reduced attacker skill requirements and expanded target reach.

This transition from qualitative to quantitative assessment marks a turning point. Rather than assuming all dangerous AI capabilities pose equal threat, the model shows where risk rises sharply, where it scales gradually and where traditional expertise still acts as a limiting factor.

Dual evaluation: Human experts and LLM-simulated experts reveal divergent risk patterns

The study introduces another innovation: risk estimation using both human cybersecurity experts and simulated experts built from large language models. Human experts participate in a Delphi-style process, offering estimates in two rounds with structured discussion to refine their reasoning. Their estimates include confidence intervals, variability measures and rationales for uncertainty.

Alongside these participants, the researchers test LLM personas trained to replicate domain-specific expertise. These personas include roles such as malware analyst, vulnerability researcher and threat intelligence officer. They are used to generate uplift estimates at scale, addressing one of the biggest challenges in risk modeling: the scarcity of qualified experts to evaluate complex, emerging AI threats.

The results reveal both alignment and divergence. On probability-based risk factors, such as the chance of a malware delivery step succeeding, LLM estimators closely match human judgment. On quantity-based risk factors, like the expected number of attacks per actor or the number of actors likely to use AI, the model finds greater disagreement. LLM estimators consistently predict lower uplift than humans, especially as tasks increase in difficulty.

An important finding is that human experts express significantly higher uncertainty than LLM personas. For higher-capability AI systems, humans widen their uncertainty bounds, recognizing that real-world conditions are volatile and influenced by unpredictable adversary behavior. LLM estimators, by contrast, remain more confident but do not fully capture the unpredictable dynamics of attacker adaptation. As a result, humans tend to generate higher total risk estimates, especially in scenarios where attacker motivation, creativity or resource coordination plays a central role.

The researchers point up that LLM-simulated expert judgment should not replace human evaluations, but it can scale the modeling process, allowing many more scenarios to be analyzed. Human review remains essential for validating and adjusting LLM-produced values.

Findings signal rising AI-driven cyber risk across multiple sttack scenarios

The report’s quantitative results show increasing risk across seven of the nine scenarios studied, with uplift driven by expanded attacker numbers, increased attempt volume and heightened probability of success. Even at current AI capability levels, attackers benefit from faster exploitation chains, more accurate targeting, automated reconnaissance, improved payload generation and reduced need for specialized technical skill.

The models also identify notable asymmetries. Some categories of attack, such as extortion-driven scenarios, show less uplift because outcomes depend heavily on victim behavior rather than attacker capability. Others, including ransomware and infrastructure disruption, exhibit strong uplift due to automation and improved technical execution.

A recurring pattern across scenarios is the role of task difficulty. As attack chains require more complex reasoning or multi-step coordination, human experts predict greater uplift variance, suggesting that AI assistance may dramatically affect attacker performance once models exceed certain capability thresholds. In these high-difficulty conditions, LLM estimators diverge more noticeably from human perspectives, often underestimating uplift or its effects on total risk.

The study’s uncertainty analysis highlights three major drivers of risk variability: total estimated harm, variance in key uplift factors and divergences between human and LLM estimates. This transparency aims to encourage debate and refinement of the model, enabling future iterations to incorporate improved data and a larger expert base.

The researchers stress that the numerical values included in the report should not be used directly for operational decision-making. Instead, they provide a starting point to build more robust estimates and prioritize areas where AI may rapidly accelerate cybercrime. The framework also exposes where industry lacks adequate benchmarks, calling for the creation of new measures that better capture real-world adversarial capability.

The study proposes several major applications for its methodology. Cybersecurity teams can use it to prioritize mitigation strategies by identifying attack chains with steep uplift curves. AI developers can integrate risk estimates into deployment considerations, focusing on safety features where uplift is most significant. Policymakers can use risk projections to set thresholds for model release, assess national security implications and determine when regulatory intervention is warranted.

The report also draws parallels to industries such as nuclear power, where quantitative risk modeling became the backbone of high-stakes safety governance. The authors argue that AI safety must follow a similar path if societies are to manage frontier risks effectively. Qualitative assessments, they note, are too coarse to guide long-term policy or timely defensive action.