AI-enabled cyberattacks and offensive cyber operations
The system is used to create malware, discover/exploit vulnerabilities, or automate and scale cyberattacks (and the deployer may be a target).
- Risk family
- Model & system behaviour
- MIT domain
- 4. Malicious Actors & Misuse
- MIT subdomain
- 4.2 > Cyberattacks, weapon development or use, and mass harm
- AI type
- GPAI, Agentic
- Scope
- Both
- Source standard
- MIT AI Risk Repository v4
Provenance
24 source framework citation keys
Framework crosswalk
Every framework item mapped to this risk. Items marked partial overlap only in part; definitions appear on hover where the source licence permits.
- A.11 ISO/IEC 23894 Annex A A.11
- A.9.4 ISO/IEC 42001 Annex A A.9.4
Expanded into this risk’s technique sub-risks.
- AISubtech-15.1.1 Cybersecurity and Hacking: Malware / Exploits
- AISubtech-15.1.2 Cybersecurity and Hacking: Cyber Abuse
- GENAI.9 Information Security
Sub-risks (1)
Technique-level decompositions of this risk, each anchored to the MITRE ATLAS technique it derives from.
The model is driven to dynamically generate malicious commands or code used to attack systems.
More in Model & system behaviour
Part of the Deployer AI Risk Register, an open-source resource developed by MindXO. Version 1.0, 3 July 2026. Derived from the MIT AI Risk Repository (V4, December 2025) under CC BY 4.0; an independent derivative work, not endorsed by or affiliated with MIT. Sub-risk decomposition references MITRE ATLAS™ v5.6.0 (© 2021-2026 The MITRE Corporation, reproduced and distributed with permission). ISO/IEC and EU AI Act references are by number only. License: CC BY 4.0. Full attribution and licensing.