Months, Not Years: How Frontier AI Is Compressing the Cybersecurity Timeline

The most important strategic change in cyber is no longer simply that AI helps attackers and defenders alike; it is that frontier models are compressing the timeline on which both sides must act. In June 2026, the Five Eyes cyber agencies warned that frontier AI is shrinking the interval between vulnerability discovery and exploitation and that leaders should now think in terms of months, not years.

The evidence so far suggests a nuanced picture. In 2024 and early 2025, official and industry reporting still found that threat actors were mostly using generative AI for reconnaissance, scripting, translation, and content generation rather than for wholly novel cyber tradecraft. By 2025 2026, however, academic benchmarks and field reporting showed sharper gains in spear phishing, exploit development, and multi step cyber range performance, even if end to end autonomous compromise remains uneven and model reliability is still imperfect.

The deeper problem is that bypass capacity remains narrow. Only Saudi Arabia and the UAE possess operational crude pipelines able to reroute some exports outside the Strait, and even then the available capacity is limited relative to normal flows. LNG is more vulnerable still, because there are effectively no alternative routes for Qatari and Emirati volumes. In practical terms, that means the world still lacks a clean workaround for Hormuz. Resilience exists, but it is partial, slow and expensive.

For security leaders, the implication is straightforward: the decisive variable is no longer just model capability, but organisational speed. Procurement, patching, identity, segmentation, incident rehearsal, and AI assurance all have to move onto a much tighter operational tempo. NATO’s AI strategy, NATO’s cyber defence posture, and NIST’s AI risk management work all point in the same direction: adopt AI faster, but only with testing, traceability, clear accountability, and defence in depth built in from the start.

The strongest official signal has come from the Five Eyes cyber agencies. Their June 2026 statement argues that AI is accelerating the speed, scale, and sophistication of cyber threats, shrinking the window between discovery and exploitation, and turning cyber resilience into a board level business issue rather than a purely technical one.

That warning did not emerge from nowhere. In January 2025, Google’s Threat Intelligence Group reported that state backed actors were already using Gemini for target reconnaissance, vulnerability research, malicious scripting, payload development support, translation, and influence operations. At that point, Google’s core conclusion was that AI mostly increased productivity and volume rather than creating genuinely new capabilities.

A 2025 Google DeepMind authored framework makes the same distinction more analytically: AI can create “capability uplift”, “throughput uplift”, and new risks from autonomous systems, but the most immediate effect is often the collapse of cost and time barriers across specific attack phases.

The analytical point matters. Frontier AI does not suddenly make every attacker elite; instead, it reduces the time, labour, and expertise needed for tasks that once served as bottlenecks. RAND’s Andrew Lohn reaches a similarly careful conclusion: AI is likely to affect some parts of the cyber offence defence balance strongly, others weakly, and a few not at all.

How frontier AI accelerates offensive cyber operations

The clearest offensive effect is compression of the labour to output ratio. Models are particularly well suited to reconnaissance, target profiling, code explanation, exploit adaptation, phishing personalisation, and rapid iteration across many candidates. Google’s 2025 misuse review found precisely that pattern in the wild: actors used AI across multiple phases of the attack lifecycle, but mainly to move faster and at higher volume.

Phishing is the best documented example. A 2024 human subject study found that fully AI automated spear phishing emails achieved a 54% click through rate, matching human experts and dramatically outperforming a generic control set; the authors also estimated that AI could increase phishing profitability by up to 50 times for large audiences.

The second major effect is faster vulnerability to exploit conversion. A 2025 Google DeepMind led framework warned that the key cyber risk from frontier AI is a sharp reduction in the cost of stages that historically required scarce expertise, including vulnerability research and sophisticated social engineering. By 2026, ExploitGym showed frontier models producing working exploits for a non trivial share of 898 real world benchmark instances, including environments with widely used protections still enabled. AgentCyberRange further suggested that frontier systems can now perform parts of realistic multi host intrusion workflows in open cyber ranges, with success rates improving when more concrete hints are available.

The implication is not that fully autonomous offensive AI is already routine. It is that more of the attack chain is becoming compressible. Once recon, phishing, exploit drafting, and post compromise scripting all speed up at the same time, the defender’s response window narrows even if absolute autonomy remains partial.

Illustrative case studies from 2024 to 2026

In early 2024, Microsoft and OpenAI publicly said Iranian, North Korean, Russian, and Chinese actors were beginning to use generative AI for offensive cyber and influence tasks. OpenAI separately reported disrupting five covert influence operations using its tools for content generation, persona construction, and multilingual output; exact operational indicators were not publicly specified.

By January 2025, Google GTIG’s review of Gemini misuse offered a more granular picture: Iranian APT actors were the heaviest users; Chinese and North Korean actors used the tool for reconnaissance, scripting, lateral movement research, privilege escalation research, and evasion support; Russian activity was more limited in the observed period. In July 2025, Okta reported that attackers were using Vercel’s v0 tool to generate realistic phishing sites in around 30 seconds, with at least one fake Okta login page identified; Okta said confirmed credential harvesting was unspecified at the time of reporting.

In 2026, the official tone changed. The Five Eyes agencies explicitly warned that the timeline had compressed to months. Academic benchmarking tightened the case: ExploitGym found non trivial exploit success on real vulnerabilities, while AgentCyberRange demonstrated emerging capability in more realistic intrusion environments. Taken together, these cases suggest a progression from AI as a productivity aid for existing tradecraft to AI as a force multiplier that erodes multiple bottlenecks at once.

Defensive and operational responses

The immediate defensive answer is not “more AI” in the abstract; it is faster, better governed security operations. The Five Eyes statement emphasises reducing attack surface, accelerating patching, dealing with legacy systems, hardening identity and access controls, and rehearsing incident response before a breach occurs. NATO’s AI strategy adds requirements that are easy to overlook in procurement enthusiasm: lawfulness, human responsibility and accountability, explainability, traceability, reliability, and lifecycle testing.

There is also growing evidence that properly bounded AI can help defenders materially. A 2025 randomised controlled trial of Microsoft’s phishing triage agent found up to 6.5 times as many true positives per analyst minute and as much as a 77% improvement in verdict accuracy, suggesting that queue prioritisation and analyst attention management can produce immediate operational gains. NIST’s AI RMF and its 2026 critical infrastructure profile work point to the same design principle: organisations should adopt AI enabled capabilities, but only within explicit risk management processes for trustworthy deployment.

Policy and procurement implications

For governments and large enterprises, the core procurement implication is that annual buying cycles now collide with quarterly threat shifts. Security teams need acquisition models that support continuous evaluation, rapid pilot to deployment paths, and recurring red team assessment rather than one off compliance checks. NATO’s AI strategy explicitly calls for accelerating and mainstreaming AI adoption while preserving accountability, explainability, traceability, and lifecycle assurance; NATO’s cyber defence posture likewise stresses resilience, training, shared situational awareness, and rapid support mechanisms.

Procurement also needs a higher assurance bar. That means contracting for measurable outcomes: patch latency, detection speed, analyst efficiency, false positive tolerance, model update governance, audit logging, fallback procedures, and the ability to operate under partial AI failure. NIST’s AI RMF and its critical infrastructure work provide a practical direction of travel here, but public metrics on the “right” compression threshold or maximum acceptable patch window remain unspecified and will vary by sector.