AI is Transforming the Internet
into a Dark Forest

The UK AI Security Institute's first Frontier AI Trends Report documents a rapid acceleration in AI cyber capability: the best models now complete apprentice-level cyber attack tasks 50% of the time, up from under 9% in late 2023. In 2025, AISI tested the first-ever model able to complete expert-level attack tasks that typically require 10+ years of human experience. The duration of cyber attack tasks AI can complete unassisted is doubling roughly every eight months — from under ten minutes in early 2023 to over an hour by mid-2025.

Anthropic's Claude Code Security, powered by Opus 4.6, reads and reasons about codebases like a senior security researcher—tracing data flows, understanding component interactions, surfacing complex logic vulnerabilities that pattern-matching tools miss entirely. In internal testing on open-source software running across enterprise systems and critical infrastructure, it found vulnerabilities that had gone undetected for decades. Markets reacted immediately: CrowdStrike −8%, Cloudflare −8.1%, Zscaler −5.5%, Okta −9.2%.

Stanford's ARTEMIS AI agent outperformed 9 of 10 professional penetration testers in a live enterprise environment, discovering vulnerabilities with 82% accuracy. At $18/hour vs $60/hour for humans, AI hackers are now "dangerously close" to matching—and beating—human capabilities.

AI systems can automatically generate working exploits for newly published CVEs in just 10-15 minutes at ~$1 per exploit, compressing the traditional patch window from weeks to minutes. All generated exploits are publicly available on their research database.

Security researcher Sean Heelan used OpenAI's o3 model to discover CVE-2025-37899, a remote zero-day use-after-free vulnerability in the Linux kernel's SMB implementation (ksmbd)—with no scaffolding, no agentic frameworks, just the o3 API.

For the first time in a decade, automated traffic surpassed human activity (51% vs 49%). Bad bots now account for 37% of all internet traffic, up from 32% the year before. AI is lowering the barrier to entry—simple bot attacks grew from 40% to 45%, while 44% of advanced bot traffic targets APIs. Account takeover attacks increased by 40%, with AI-powered bots becoming more evasive and intelligent than ever.

Google's Project Zero and DeepMind collaboration discovered the first real-world exploitable vulnerability (stack buffer underflow in SQLite) using an AI agent—before it appeared in an official release.

UIUC research shows GPT-4 can autonomously exploit 87% of real-world one-day vulnerabilities when given CVE descriptions, compared to 0% for other models and open-source scanners like ZAP and Metasploit.

Cloudflare accused Perplexity AI of using "stealth crawling" techniques to bypass robots.txt directives, accessing content from websites that explicitly disallow AI scraping.

Reddit filed a lawsuit against Anthropic, alleging the company used automated bots to scrape Reddit user data without consent to train Claude, violating terms of service and user privacy.

Research revealed that OpenAI's models may have "memorized" copyrighted content during training, raising serious legal and ethical questions about AI training data sources and consent.