AI Agents Aren’t Fully Autonomous Hackers — Yet

A new International AI Safety Report finds that AI agents are not yet capable of launching fully autonomous, end-to-end cyberattacks. However, they are already playing a meaningful role in assisting cybercriminals across multiple stages of the attack chain, from vulnerability discovery to malware development. 

The second annual report concludes that AI systems have become significantly more effective at automating discrete elements of cyber operations over the past year. While humans remain in control of critical decisions, AI is increasingly embedding in real-world offensive activity. 

For example, the report cites Anthropic’s November 2025 disclosure that Chinese-linked actors misused its Claude Code tool to automate large portions of cyberattacks.
As a result, roughly 30 high-profile companies and government organizations were targeted. A small number of those attacks were successful, demonstrating that semi-autonomous cyber capabilities are already in use. 

Despite these advances, the authors emphasize that AI systems still struggle with long, multi-stage attack execution. Common failures include losing operational context, issuing irrelevant commands, and being unable to recover from simple errors without human intervention. As a result, fully autonomous cyberattacks have not yet been observed in the wild. 

The report cautions, however, that risk may not come from perfectly orchestrated AI campaigns, but from poorly constrained agents behaving unpredictably. As AI agents become more widely deployed, security teams must plan for misuse that emerges from automation gone wrong, not just from deliberate, state-level cyber warfare. 

Source: 

https://www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/