According to Ethan Mollick on Twitter, an independent extension of METR’s time-horizon analysis applied to offensive cybersecurity finds a 5.7-month capability doubling time, with frontier models achieving 50% success on tasks that take human experts 10.5 hours. As reported by Ethan Mollick, this mirrors METR’s published timelines and uses real human expert timing data, indicating rapid progress in automated vulnerability discovery and exploitation. According to Ethan Mollick, these findings imply accelerating ROI for red teaming, SOC automation, and pentest augmentation tools, while raising urgent needs for defensive AI investments such as automated patch prioritization and continuous adversarial simulation. As reported by Ethan Mollick, vendors can productize model-in-the-loop workflows for exploit development triage, while enterprises should update risk models and procurement to account for sub-year model capability doubling.

According to @galnagli, Wiz has launched the Wiz Red Agent, an AI-powered attacker that reasons like a world-class pentester to continuously find vulnerabilities across an organization’s entire attack surface; as reported by the original tweet on X, the agent emulates human red team workflows to identify exploitable paths at scale, signaling a shift from periodic assessments to continuous AI-driven security testing. According to the announcement by Nagli on X, the business impact includes faster time-to-detection, reduced reliance on manual pentests for routine coverage, and potential cost savings by automating discovery and triage, creating opportunities for managed security providers to offer always-on offensive testing services.