AI’s Hacking Skills Are Approaching an ‘Inflection Point’ | AI models are getting so good at finding vulnerabilities that some experts say the tech industry might need to rethink how software is built.

“Dawn Song, a computer scientist at UC Berkeley who specializes in both AI and security, says recent advances in AI have produced models that are better at finding flaws. Simulated reasoning, which involves splitting problems into constituent pieces, and agentic AI, like searching the web or installing and running software tools, have amped up models’ cyber abilities.

“The cyber security capabilities of frontier models have increased drastically in the last few months,” she says. “This is an inflection point.”

Last year, Song cocreated a benchmark called CyberGym to determine how well large language models find vulnerabilities in large open-source software projects. CyberGym includes 1,507 known vulnerabilities found in 188 projects.

In July 2025, Anthropic’s Claude Sonnet 4 was able to find about 20 percent of the vulnerabilities in the benchmark. By October 2025, a new model, Claude Sonnet 4.5, was able to identify 30 percent. “AI agents are able to find zero-days, and at very low cost,” Song says.”