AI Hacking Doubles Every 5.7 Months: New ChatGPT Study

Three landmark studies landed this week, and together they paint one of the strangest pictures in modern economic history: AI is doubling its cyberattack capability every 5.7 months, a Harvard/INSEAD experiment found AI-native startups earn 1.9x more revenue with 39.5% less capital — yet 69 top economists project AI will add just 1 percentage point to GDP by 2030. All three findings come from rigorous research. The contradiction between them may define how companies compete, how networks get attacked, and how governments write policy for the rest of this decade.

The 5.7-Month Countdown to the Next Level of AI Hacking

Lyptus Research built one of the most detailed AI security benchmarks ever assembled. They created a dataset of 291 real cyberattack tasks — each calibrated by 10 professional offensive security researchers (ethical hackers paid to legally break into systems to find vulnerabilities) for how long a human expert would take to complete them. They then tested every major AI model released since 2019 across seven industry benchmarks: CyBashBench, NL2Bash, InterCode CTF, NYUCTF, CyBench, CVEBench, and CyberGym.

The results reveal a clear and alarming curve.

From GPT-2 to GPT-5.3: A Seven-Year Arms Race in Seven Sentences

Averaged across all frontier models since 2019, AI cyberattack capability has been doubling every 9.8 months. But since 2024, that doubling time has compressed sharply to 5.7 months. Today's best models — specifically GPT-5.3 Codex and Opus 4.6 (Anthropic's frontier model, the company behind Claude) — now achieve a 50% success rate on tasks that take a professional human security expert 3.2 hours. That's roughly half a full working day of specialized, paid offensive security work, completed automatically by a chatbot.

The gap between open and closed models is equally telling. GLM-5, one of the most capable open-weight (freely downloadable and runnable on your own hardware) models from Chinese AI lab Zhipu AI, trails the best closed-source models by exactly 5.7 months — the same number as the current doubling time. In plain terms: what GPT-5.3 can do today, a free, locally-run model will likely be able to do by late 2026.

“The best current models achieve 50% success on tasks that take human experts 3.2h, roughly half a working day of professional offensive security work.”

— Lyptus Research, Offensive Cybersecurity Time Horizons

The dual-use problem — the fact that the same AI that helps students write essays can be turned toward finding software vulnerabilities — is real and accelerating faster than most security teams have planned for. As Jack Clark noted in Import AI 452: “AI that can perform biology research can also perform biological weapon research. AI that can help you learn about high-energy physics can also help you with high-energy physics for weapons development.”

The Startup That Needed $220,000 Less Funding

While Lyptus was measuring how fast AI breaks things, INSEAD and Harvard Business School were measuring how fast AI builds them. Their field experiment (a real-world test with real companies and real revenue, not a simulation) tracked 515 high-growth startups through a 3-month AI accelerator program. Half received deep AI integration training plus $25,000 in API credits and direct model access. The other half were the control group — similar founders, similar startups, no AI training.

After just 90 days, the performance gap was stark:

• Revenue: AI-trained startups generated 1.9x higher revenue than the control group
• Task completion: They finished 12% more tasks in the same timeframe
• Customer acquisition: 18% more likely to land paying customers (an 11 percentage-point absolute increase)
• Capital efficiency: They needed $220,000 less funding — a 39.5% reduction in capital requirements
• New AI applications discovered: They found 2.7 additional use cases for AI within their own business — a 44% increase over the control group

That last bullet is arguably the most important insight in the whole study. The AI-trained founders didn't just use AI more — they discovered entirely new places to deploy it. The research team concluded that the real bottleneck to AI's business value isn't the technology itself. It's the organizational ability to map AI to the right places in your production process.

“In just a few hours I was able to produce what previously cost $1,000 from an outsourced dev team.”

— Startup founder, INSEAD/HBS AI accelerator cohort

The founders who went deepest into AI integration didn't merely cut costs — they discovered a structural advantage. Once they found 2.7 additional use cases per firm, each one compounded. By month three, the gap wasn't just efficiency; it was architecture.

Rising Tide, Not a Crashing Wave — MIT's Quiet Warning

MIT's contribution to this research week analyzed the automation question from a different angle. Instead of studying specific industries or job categories, researchers built a catalog of 3,000 distinct labor tasks drawn from O-NET (a U.S. government database that classifies every task performed across hundreds of different professions) and gathered 17,000 worker evaluations on how automatable each task currently is. The result is the most granular map of AI-vs-human work overlap ever published.

Their core finding: AI is not arriving as a “crashing wave” that suddenly destroys specific jobs. It's arriving as a “rising tide” — improving gradually and simultaneously across a huge range of tasks, across many jobs, at once.

The year-over-year numbers reveal the pace:

• 2024-Q2: Best AI models hit 50% success on tasks taking 3–4 hours for a skilled human
• 2025-Q3: That same 50% threshold now covers tasks requiring a full week of human work
• At 70% success: AI moved from 1-minute tasks to 1-hour tasks in the same 12-month window
• By 2029: 80–95% success rates projected across most text-based labor tasks at “minimally sufficient quality” (output good enough for most business use cases, though not necessarily perfect)

The “rising tide” metaphor carries a practical implication: organizations don't wake up one morning to find an entire department replaced overnight. Instead, task by task, week by week, AI gets good enough at more things — and companies already experimenting gain a compounding edge over those waiting to act.

The $1 Trillion GDP Paradox: Everyone Expects Progress, Nobody Expects Change

Here is where the data becomes genuinely puzzling. The Forecasting Research Institute surveyed four distinct groups between October 2025 and February 2026:

• 69 economists specializing in growth, labor, and technology
• 52 AI industry experts (people actively building these systems)
• 38 superforecasters (professional prediction specialists with verified track records)
• 401 general public respondents

The consensus across all four groups: expect moderate-to-rapid AI progress — but only about 1 percentage point of additional GDP (Gross Domestic Product, the total economic output of a country) growth by 2030. With a current GDP baseline of 2.4% growth, that's a modest 40% boost. Far below the transformational shift the startup productivity data and cyberattack acceleration would seem to imply. Only 14% of economists assigned meaningful probability to a major short-term spike in growth or wealth inequality.

The researchers suggest the explanation is the “mapping problem.” Technological capability and economic adoption run on different clocks. Even if AI can do the work of a skilled developer, accountant, or analyst today, organizations take years to restructure workflows, retrain workers, and reorganize around new productivity baselines. The bottleneck isn't the code. It's the org chart.

“Our results suggest that the bottleneck is not the technology — it is the managerial challenge of discovering where the technology creates value within a firm's production process.”

— INSEAD/Harvard Business School research team

The paradox resolves if you accept that AI progress and AI deployment are two very different things — and that economic statistics only capture the second one. The next competitive battleground may not be which companies have access to the best AI models, but which ones can map those models into their workflows the fastest.

Three Practical Moves for Right Now

The research trifecta points to concrete actions for different types of readers:

For Founders and Business Owners

The INSEAD study found that AI-trained founders discovered 44% more use cases by actually committing to integration — not just using AI casually but auditing their entire workflow for where AI could replace outsourced work, speed up repetitive tasks, or eliminate bottlenecks. A practical first step: list your 10 most recurring tasks and honestly test whether AI handles each one at 80%+ quality today. The ones it does are your first wins. The ones it doesn't are your 2027 wins. Use our AI automation setup guide to build your task-mapping framework step by step.

For Security and IT Teams

The Lyptus data means attackers with access to frontier AI models — ChatGPT, Claude, and their successors — are getting materially better at finding vulnerabilities every six months. The 5.7-month doubling time means a “human-expert-only” attack from late 2025 could be a commodity automated attack by mid-2026. Security teams should run their own AI penetration tests before attackers do:

# Practical self-assessment: test what frontier AI already knows about your stack
# Ask a model like ChatGPT or Claude to review:
#   - Potential weaknesses in your authentication flow
#   - Common vulnerabilities in your specific tech stack
#   - Known CVEs (public vulnerability reports) for your dependencies
# This is not hacking — it is understanding what attackers
# already have access to via the same public models.

For Everyone Else

MIT's rising tide is actually reassuring for individuals willing to move gradually. You don't need one dramatic career pivot. Pick the most repetitive, text-based part of your current job and spend one hour this week testing AI on it. The rising tide lifts those who are already in the water.

Related Content — Set Up AI Automation | AI Automation Guides | Latest AI News