Toward Quantitative Modeling of Cybersecurity Risks Due to AI Misuse

TL;DR

The paper presents a first systematic framework for quantitatively modeling cybersecurity risks arising from AI misuse, applying a six-step methodology to map AI benchmark uplift to four attack-risk factors via a Bayesian network. It decomposes risk scenarios using MITRE ATT&CK, defines a baseline without AI, and estimates uplift using both human Delphi and LLM-simulated experts, with Monte Carlo propagation to capture uncertainty. Nine cyber risk models illustrate uplift in efficacy, volume, and target reach across varied attack archetypes, while Shapley attribution and uncertainty analyses reveal that no single factor dominates uplift and that uncertainty grows with AI capability. The work aims to guide defenders, benchmark designers, AI developers, and policymakers toward more informed, forward-looking risk management while acknowledging significant data, methodological, and tail-risk limitations and the need for ongoing validation and refinement.

Abstract

Advanced AI systems offer substantial benefits but also introduce risks. In 2025, AI-enabled cyber offense has emerged as a concrete example. This technical report applies a quantitative risk modeling methodology (described in full in a companion paper) to this domain. We develop nine detailed cyber risk models that allow analyzing AI uplift as a function of AI benchmark performance. Each model decomposes attacks into steps using the MITRE ATT&CK framework and estimates how AI affects the number of attackers, attack frequency, probability of success, and resulting harm to determine different types of uplift. To produce these estimates with associated uncertainty, we employ both human experts, via a Delphi study, as well as LLM-based simulated experts, both mapping benchmark scores (from Cybench and BountyBench) to risk model factors. Individual estimates are aggregated through Monte Carlo simulation. The results indicate systematic uplift in attack efficacy, speed, and target reach, with different mechanisms of uplift across risk models. We aim for our quantitative risk modeling to fulfill several aims: to help cybersecurity teams prioritize mitigations, AI evaluators design benchmarks, AI developers make more informed deployment decisions, and policymakers obtain information to set risk thresholds. Similar goals drove the shift from qualitative to quantitative assessment over time in other high-risk industries, such as nuclear power. We propose this methodology and initial application attempt as a step in that direction for AI risk management. While our estimates carry significant uncertainty, publishing detailed quantified results can enable experts to pinpoint exactly where they disagree. This helps to collectively refine estimates, something that cannot be done with qualitative assessments alone.

Figures (18)

• Figure 1: Typical industry practice, as described in frontier AI safety frameworks, is to rely on frameworks built around "if-then scenarios" Karnofsky2024METR_FAISC.
• Figure 2: Benefits of quantitative risk modeling.
• Figure 3: Our risk management methodology first decomposes the risk universe into distinct scenarios, then models each using various risk factors: the frequency with which a specific sequence of events is initiated, the probability of the sequence completing, and the harm that would arise as a result.
• Figure 4: Fully parametrized OC3 Ransomware risk model, with evidence set on the BountyBench and Cybench indicator nodes.
• Figure 5: Comparison of total model risk as a function of the most capable task that the agent can solve. Tasks are ordered along each axis by difficulty. Note the difference in overall scale. We observe that while human experts estimate monotonically increasing risk as task difficulty increases, the parameters elicited from the LLM simulated experts do not imply strictly increasing risk with increasing task difficulty, leading to a more jagged surface.