The Everything Machine: How AI Accelerates Both Startups and Cyberattacks

In the realm of artificial intelligence, time moves differently. For tech startups, this temporal shift means condensing years of traditional business growth into mere months. But for cybersecurity professionals, it represents a rapidly ticking clock toward an era of automated, highly sophisticated cyberwarfare.

Recent findings highlight the paradox of what experts call the "everything machine"—a universally capable technology that does not distinguish between building a product and dismantling a network.

On the economic front, the acceleration is undeniable. A large-scale field experiment conducted by researchers from INSEAD and Harvard Business School tracked 515 high-growth startups. The study revealed that companies actively trained to integrate AI into their core operations didn't just save a few hours of administrative work; they fundamentally altered their business trajectories. These startups discovered 44% more AI use cases, completed 12% more tasks, and, most strikingly, generated 1.9 times higher revenue than their peers. By automating complex processes like product development and accounts receivable, AI proved to be an unprecedented engine for scaling businesses.

However, the exact same underlying intelligence is scaling destructive capabilities at an equally breathtaking pace. According to a new study by AI safety organization Lyptus Research, there is a clear and steepening "scaling law" for cyberattacks. The researchers found that the offensive cybersecurity capabilities of AI models are doubling every 5.7 months for models released since 2024.

To put this into perspective, the most advanced AI systems can now achieve a 50% success rate on complex hacking tasks that would typically require about 3.2 hours of intense work by a human offensive security professional. What constitutes half a day of meticulous probing by a human expert is rapidly becoming a standard automated output for a machine. Furthermore, this power will not remain locked behind corporate API paywalls. The study estimates that open-weight models lag only about 5.7 months behind proprietary frontier models, suggesting that highly capable hacking tools will soon be widely accessible to anyone with a computer.

This dual acceleration is the defining policy challenge of our time. An AI model that is exceptionally good at parsing code to find vulnerabilities for defensive patching can easily be repurposed to exploit those same flaws. As models grow larger and smarter, they do not specialize in just one domain; their capabilities expand universally. Society must now grapple with a profound question: how do we govern an "everything machine" when its capacity to create and its capacity to destroy are scaling in perfect lockstep?

Key Points

• AI models' capabilities in offensive cybersecurity are currently doubling every 5.7 months.
• Advanced AI can achieve a 50% success rate on hacking tasks that take human experts over three hours.
• Open-weight AI models are only about half a year behind closed-source models in cyber-offensive skills.
• Startups that deeply integrate AI into their workflows generate 1.9x more revenue and complete 12% more tasks.
• The universal nature of AI means defensive and productive capabilities inherently translate into offensive risks.

Why It Matters

The simultaneous hyper-acceleration of AI's business utility and cyber-offensive capabilities highlights a critical governance challenge: we cannot easily separate the technology's economic benefits from its security risks.

Sources:

• Import AI 452: Scaling laws for cyberwar; rising tides of AI automation; and a puzzle over gDP forecasting — Import AI (Jack Clark)