AI Safety Report 2026

International AI Safety Report 2026 https://internationalaisafetyreport.org/publication/international-ai-safety-report-2026 AI Security Institute Dept. of Science, Innovation & Technology secretariat.AIStateofScience@dsit.gov.uk The second International AI Safety Report, published in February 2026, is the next iteration of the comprehensive review of latest scientific research on the capabilities and risks of general-purpose AI systems. Led by Turing Award winner Yoshua Bengio and authored by over 100 AI experts, the report is backed by over 30 countries and international organisations. It represents the largest global collaboration on AI safety to date. .... Cyberattacks Key information • General-purpose AI systems can execute or assist with several of the tasks involved in conducting cyberattacks. There is now strong evidence that criminal groups and state-sponsored attackers actively use AI in their cyber operations. However, whether AI systems have increased the overall scale and severity of cyberattacks remains uncertain because establishing causal effects is difficult. • AI systems are particularly good at discovering software vulnerabilities and writing malicious code, and now score highly in cybersecurity competitions. In one premier cyber competition, an AI agent identified 77% of vulnerabilities in real software, placing it in the top 5% of over 400 (mostly human) teams. • AI systems are automating more parts of cyberattacks, but cannot yet execute them autonomously. At least one real-world incident has involved the use of semi-autonomous cyber capabilities, with humans intervening only at critical decision points. Fully autonomous end-to-end attacks, however, have not been reported. • Since the publication of the previous Report (January 2025), the cyber capabilities of AI systems have continued to improve. Recent benchmark results show that the cyber capabilities of AI systems have improved across several domains, at least in research settings. AI companies now frequently report on attempts to misuse their systems in cyberattacks. • Technical mitigations include detecting malicious AI use and leveraging AI to improve defences, but policymakers face a dual-use dilemma. Since it can be difficult to distinguish helpful uses from harmful ones, overly aggressive safeguards such as preventing AI systems from responding to cyber-related requests can hamper defenders. General-purpose AI systems can help malicious actors conduct cyberattacks, such as data breaches, ransomware, and attacks on critical infrastructure, with greater speed, scale, and sophistication. AI systems can assist attackers by automating technical tasks, identifying software vulnerabilities, and generating malicious code, though capabilities are progressing unevenly across these tasks. This section examines the evidence on how AI systems are being used in cyber operations and the current state of AI cyber capabilities. AI systems can be used throughout cyber operations Extensive research shows that AI systems can now support attackers at several steps of the ‘cyberattack chain’ (Figure 2.5): the multi-stage process through which attackers identify targets, develop capabilities, and achieve their objectives.392 394 442 443 444 445 446 447 448 449 450 In a typical attack, adversaries first identify targets and vulnerabilities, then develop and deploy their attack capabilities, and finally maintain persistent access to achieve their objectives, such as stealing data or destroying systems. Improvements in relevant AI capabilities such as software engineering have prompted concerns that AI systems could be used to increase both the frequency and severity of cyberattacks.451 452 ....... Conclusion This Report provides a scientific assessment, guided by over 100 experts from more than 30 countries and international organisations, of general-purpose AI: a rapidly evolving and highly consequential technology. Contributors differ in their views on how quickly capabilities will improve, how severe risks may become, and the extent to which current safeguards and risk management practices will prove adequate. On core findings, though, there is a high degree of convergence. General-purpose AI capabilities are improving faster than many experts anticipated. The evidence base for several risks has grown substantially. Current risk management techniques are improving but insufficient. This Report cannot resolve all underlying uncertainties, but it can establish a common baseline and an approach for navigating them. A year of change Regular scientific assessment allows for changes to be tracked over time. Since the first International AI Safety Report was published in January 2025, multiple AI systems have solved International Mathematical Olympiad problems at gold-medal level for the first time; reports of malicious actors misusing AI systems for cyberattacks have become more frequent and detailed, and more AI developers now regularly publish details about cyber threats; and several developers released new models with additional safeguards, after being unable to rule out the possibility that they could assist novices in developing biological weapons. Policymakers face a markedly different landscape than they did a year ago. The core challenge A number of evidence gaps appear repeatedly throughout this Report. How and why general-purpose AI models acquire new capabilities and behave in certain ways is often difficult to predict, even for developers.An ‘evaluation gap’ means that benchmark results alone cannot reliably predict real-world utility or risk. Systematic data on the prevalence and severity of AI-related harms remains limited for most risks. Whether current safeguards will be sufficiently effective for more capable systems is unclear. Together, these gaps define the limits of what any current assessment can confidently claim. The fundamental challenge this Report identifies is not any single risk. It is that the overall trajectory of general-purpose AI remains deeply uncertain, even as its present impacts grow more significant. Plausible scenarios for 2030 vary dramatically: progress could plateau near current capability levels, slow, remain steady, or accelerate dramatically in ways that are difficult to anticipate. Investment commitments suggest major AI developers expect continued capability gains, but unforeseen technical limits could slow progress. The social impact of a given level of AI capabilities also depends on how and where systems are deployed, how they are used, and how different actors respond. This uncertainty reflects the difficulty of forecasting a technology whose impacts depend on unpredictable technical breakthroughs, shifting economic conditions, and varied institutional responses. The value of shared understanding The trajectory of general-purpose AI is not fixed: it will be shaped by choices made over the coming years by developers, governments, institutions, and communities. This Report is not prescriptive about what should be done. By advancing a shared, evidence-based understanding of the AI landscape, however, it helps ensure that those choices are well-informed and that key uncertainties are recognised. It also allows policymakers in different jurisdictions to act in accordance with their community’s unique values and needs while working from a common, scientific foundation. The value of this Report is not only in the findings it presents, but in the example it sets of working together to navigate shared challenges.