GPT-5.5 Solved 92.4% of Offensive Cyber Tasks and Broke the Benchmark: AI Offensive Capability Is Doubling Every Six Months and the Ruler Can’t Keep Up
Lyptus Research built the hardest offensive cybersecurity evaluation available globally in December 2025. GPT-5.5 saturated all seven benchmarks at 92.4% accuracy by May 2026 — the evaluation system was declared broken. AI offensive capability doubles every 5–6 months. A 50M vs 2M token budget produces a 32-point accuracy gap on the hardest tasks. UK AISI independently confirmed rapid improvement. GPT-5.6 Sol now government-gated at launch.
Read Full Brief →Threats & Attacks
292/316 tasks. All 7 hardest benchmarks saturated. Evaluation system declared broken. 32-point accuracy gap from token budget alone. UK AISI confirmed. GPT-5.6 government-gated. Five operational implications for security teams.
Just a file copy. 11 shims trusted by every UEFI computer. BlackLotus, Bootkitty enabled. Runs before OS, before EDR, survives OS reinstall. Apply June dbx update now.
5,937 login failures = leaked heap memory. MFA bypassed. SYSTEM in minutes. Same playbook across 6 victims. Stolen tokens survive patching — terminate all sessions now.
Autonomous LLM: initial access to encryption to ransom demand. No human at keyboard. Key never stored. Ran on victim’s own stolen API keys. Old CVEs, unpatched servers.
Six-instruction race window. Root 99%. Reaches Android from Chrome’s renderer sandbox. AI found the sibling bug and missed this one. No workaround.
Normal prompt. MCP response. Sandbox binary overwritten. No click. Full machine. 50%+ Fortune 500. Cato: similar flaws in all coding agents.
Intelligence & Deep Dive
The DataWater Intelligence Brief
Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise.
