The window for cyber defenders is closing. The UK AI Security Institute (AISI) has for the first time publicly measured how quickly open-weight AI models have caught up in cyber attack capabilities – and the numbers are alarming: the performance gap has shrunk from an original six to ten months to just four to seven months.
Key Facts
- GLM-5.2 and DeepSeek V4-Pro now reach the level of closed frontier models from four to seven months earlier
- In early 2025, this lag was still six to ten months – the gap is closing continuously
- Open models are significantly cheaper to operate and their security measures can be easily circumvented due to lack of external oversight
- The AISI warns of a "permanent and irreversible abuse risk" from downloadable, modifiable models
How AISI Measured It
The institute used two different testing methods to evaluate cyber capabilities:
Narrow Cyber Tasks comprise 70 specific tasks across four difficulty levels – from non-technical to expert level. They cover vulnerability research, reverse engineering, web exploitation, and cryptography. GLM-5.2 performed comparably to Opus 4.6, showing a lag of approximately four months. DeepSeek V4-Pro reached the level of Opus 4.5 from November 2025.
Cyber Ranges test autonomous capabilities in simulated networks. In the "The Last Ones" range – a 32-step attack on an enterprise network with four subnets and around 20 hosts – GLM-5.2 reached a similar level to Opus 4.5. According to AISI, a human expert would complete this task in roughly 20 hours.
The Dilemma: Benefits vs. Risk
Open models bring genuine advantages: private hosting without data flowing back to providers, adaptability, lower costs, and a reliable foundation that providers cannot discontinue. This is precisely why many enterprises find them attractive.
But the downside is substantial. Once released, safeguards can be removed, copies can be redistributed, and models can run on private systems beyond any control. The AISI speaks of a "permanent and irreversible abuse risk" – because anyone can download the weights, modify them, and operate them without oversight.
What This Means for Enterprises
The gap between open and proprietary models is closing faster than many anticipated. This poses new questions for security architectures: How do you prepare for cyber attacks when attackers' tools improve monthly? Open models are becoming cheaper and more accessible – making them more attractive to cybercriminals, but also valuable for legitimate security researchers. The balance between innovation and protection is becoming harder to maintain. Organizations need to design their defenses not just against today's known attack patterns, but flexibly enough to keep pace with rapidly advancing AI capabilities.
Sources
Editorially owned by Ideal Syka. Sources and method: Newsroom & method. Tips and corrections: ai@i6eal.de.




