AI is becoming more capable at a core cybersecurity task: finding weaknesses before humans have publicly documented them. The shift is visible in tools built for defense, but the same progress creates a harder question for security teams: what happens when models can also help attackers move faster?
A discovery that surprised the builders
Vlad Ionescu and Ariel Herbert-Voss, cofounders of the cybersecurity startup RunSybil, saw an unusual alert from their AI tool, Sybil, last November. Sybil is designed to scan computer systems for problems that hackers might use, including an unpatched server or a misconfigured database.
In this case, Sybil identified a problem in a customer’s deployment of federated GraphQL. GraphQL is a language used to specify how data is accessed over the web through application programming interfaces, or APIs. The issue meant that confidential information was being exposed by mistake.
The alert stood out because it was not a simple missing patch or obvious configuration error. According to RunSybil, recognizing the problem required understanding several different systems and how those systems worked together.
RunSybil says it later found the same problem in other GraphQL deployments before it had been made public. Herbert-Voss described the moment this way: “We scoured the internet, and it didn’t exist,” and added, “Discovering it was a reasoning step in terms of models’ capabilities—a step change.”
Why reasoning changes the risk
The significance is not only that an AI system found a vulnerability. It is that the system appeared to connect technical details across multiple layers well enough to identify an issue that was not already easy to look up.
That matters because modern cybersecurity often depends on this kind of reasoning. Many serious flaws are not isolated mistakes. They emerge from the way systems, APIs, databases, deployments, and assumptions interact.
As AI models improve, their ability to spot zero-day bugs and other vulnerabilities may grow with them. The defensive benefit is clear: security teams could find and fix more problems earlier. The offensive risk is just as clear: the same intelligence can be pointed toward exploitation.
Dawn Song, a computer scientist at UC Berkeley who specializes in both AI and security, says recent advances have made models stronger at finding flaws. She points to simulated reasoning, where problems are broken into smaller pieces, and agentic AI, where models can do things such as search the web or install and run software tools.
“The cyber security capabilities of frontier models have increased drastically in the last few months,” she says. “This is an inflection point.”
Benchmarks show fast progress
Last year, Song cocreated CyberGym, a benchmark for testing how well large language models can find vulnerabilities in large open-source software projects. CyberGym includes 1,507 known vulnerabilities found in 188 projects.
The benchmark results described by Song show a sharp increase over a short period. In July 2025, Anthropic’s Claude Sonnet 4 found about 20 percent of the vulnerabilities in CyberGym. By October 2025, Claude Sonnet 4.5 identified 30 percent.
Those numbers do not mean AI can replace cybersecurity experts. They do show that model capability is moving quickly in a task that has direct security consequences.
Song summarized the concern plainly: “AI agents are able to find zero-days, and at very low cost.”
Defense may need AI before attackers benefit
The source of the concern is also the source of a possible response. If AI can find vulnerabilities, defenders may need to use it more aggressively to secure systems before those weaknesses are exploited.
Song says the trend creates a need for new countermeasures. One approach is for frontier AI companies to share models with security researchers before launch. That would give researchers time to use the models to find bugs and secure systems before broader release.
Another idea is to change how software is built. Song says her lab has shown that AI can be used to generate code that is more secure than what most programmers use today. She describes this as a secure-by-design approach and says, “In the long run we think this secure-by-design approach will really help defenders.”
These responses point to a practical shift in cybersecurity strategy. Security teams may need to treat AI not just as a tool to monitor, but as a tool to deploy on the defensive side. The challenge is timing: defenders must benefit from these capabilities before offensive users do.
The near-term concern
The RunSybil team warns that the near-term advantage may not automatically go to defenders. AI models can generate code and take actions on a computer. Herbert-Voss notes that those are also two activities central to hacking.
“AI can generate actions on a computer and generate code, and those are two things that hackers do,” Herbert-Voss says. “If those capabilities accelerate, that means offensive security actions will also accelerate.”
That is the core issue now facing the security field. Better AI may help find and fix vulnerabilities earlier, but it may also reduce the effort required to discover and act on weaknesses. The same progress that makes AI useful for scanning systems, testing code, and identifying hidden flaws can also increase the speed of attacks.
The question is no longer whether AI can contribute to cybersecurity work. The evidence in the source suggests it already can. The harder question is whether defenders can organize around that capability quickly enough to keep the advantage.