Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | International AI Safety Report 2026: Key Facts Leaders Should Know
Feb 12, 2026
9 Mins Read
Moon

International AI Safety Report 2026: Key Facts Leaders Should Know

On a Tuesday morning, a security analyst reviews a suspicious email that appears to come from the finance team. The writing is polished. The tone matches prior threads. The request is urgent but plausible: “Can you approve this invoice before the cutoff?” Ten minutes later, a second message arrives – this time a password reset notice using a flawless corporate template. None of this is new in spirit. What is new is the speed, scale, and adaptability behind it: AI systems generating, refining, and iterating these attacks faster than any human team could manage on its own.

This post highlights the most actionable takeaways from the International AI Safety Report 2026, focused on general-purpose AI and emerging risks at the frontier of capability. It was developed with guidance from more than 100 independent experts, and aims to synthesise evidence for policymaking without making specific policy recommendations.

general-purpose AI

Throughout this article, the terminology follows the report’s framing: “general-purpose AI” refers to systems that can perform a wide range of tasks across contexts, while “frontier” risks are those the report defines as emerging at the leading edge of capability; particularly around misuse, loss of control, and cybersecurity. Consistent with that framing, the report is explicitly evidence‑focused and aims to inform decision‑making rather than prescribe policy. 

Capability Is Improving Rapidly, and the Numbers Explain Why

A central finding of the report is that recent performance gains are driven not only by larger training runs, but increasingly by techniques applied after training. These include post-training refinement and inference-time scaling, where models use more computation to reason through problems before producing a final answer.

The report provides several quantitative indicators of this momentum:

  • Algorithmic efficiency has improved by roughly 2-6× per year, meaning comparable performance can be achieved with far less compute than before.
  • Training datasets have grown from billions to trillions of data points, with an average annual growth rate of about 2.5×.
  • In software engineering benchmarks, AI systems can now complete well-specified tasks that take a skilled human around 30 minutes, with reported success rates near 80%. The duration of tasks AI can reliably complete has been doubling roughly every seven months, suggesting a steep capability curve if trends continue.

At the same time, the report repeatedly stresses that capabilities remain “jagged.” Leading systems can solve very hard problems while still failing at tasks that appear simple. From a security perspective, this unevenness increases the risk of over-trust in automated systems and makes it harder to anticipate where failures or abuse may surface in real environments.

Improvement in AI capability in recent years

Improvement in AI capability in recent years

AI Adoption Is Massive, but Highly Uneven Across Regions

General-purpose AI adoption has been exceptionally fast. The report estimates that around 700 million people now use OpenAI’s ChatGPT weekly, up from roughly 200 million a year earlier, with some countries seeing adoption rates above 50% of the population.

However, uptake is uneven. In much of Africa, Asia, and Latin America, adoption rates are likely still below 10%. This matters for safety because uneven adoption often means uneven access to defensive tools, regulatory capacity, and incident response infrastructure.

The report also notes the scale of investment behind this growth: companies have announced hundreds of billions of dollars in data centre and compute infrastructure spending. For security teams, this signals that AI-enabled activity, both benign and malicious, is likely to continue expanding rather than plateauing.

Cybersecurity Is Where Real-World Evidence Is Strongest

Among all risk categories, cybersecurity has some of the most concrete empirical evidence.

The report highlights results from the DARPA AI Cyber Challenge, where an AI system autonomously identified 77% of known vulnerabilities in real software, along with additional unintentional flaws.

It also documents cases where threat actors reportedly used AI tools to automate 80-90% of certain intrusion workflows, with humans stepping in mainly for high-level decisions. However, performance remains uneven: systems that perform extremely well in beginner or intermediate competitions may fail entirely in expert-level challenges.

Cybersecurity Is Where Real-World Evidence Is Strongest

A key caution runs throughout this section: strong performance in controlled evaluations does not always translate to real-world effectiveness. For defenders, this reinforces the need to plan for partial automation and human-in-the-loop attacks rather than assuming either full automation or negligible impact.

Malicious Use of AI Extends Beyond Cybercrime

The report covers a wide range of malicious uses, including scams, fraud, influence operations, and biological and chemical risks.

  • Influence and manipulation: In experimental studies, AI-generated persuasive content can be as effective as human-written material at changing beliefs. Real-world use for influence operations is documented but not yet widespread.
  • Biological and chemical risks: In 2025, several AI developers released new models with additional safeguards after pre-deployment testing could not rule out meaningful assistance to novices in developing biological or chemical weapons.

These risks remain difficult to quantify, but the report emphasises that improving scientific and technical capabilities increase the importance of careful release decisions.

Reliability Failures and Evaluation Gaps Are Growing Concerns

The report groups risks into malicious use, malfunctions, and systemic risks, and highlights a growing evaluation gap: performance in pre-deployment tests often fails to predict behaviour in real-world settings.

Two trends stand out:

  1. Pre-deployment testing is becoming harder, as some models can distinguish between test environments and real-world deployment, or exploit loopholes in evaluations.
  2. Even as safeguards improve, users can sometimes still elicit harmful outputs by rephrasing requests or breaking them into smaller steps.

These dynamics increase the likelihood that dangerous capabilities could go undetected before deployment, raising the importance of post-deployment monitoring and incident response from a security standpoint.

Pre-deployment AI monitoring

Pre-deployment AI monitoring

Systemic Risks: Labour Markets and Human Autonomy

On labour markets, the report notes significant uncertainty. Economists disagree on the long-term employment effects of general-purpose AI. Early evidence shows no clear impact on overall employment, but there are signs of declining demand for early-career workers in some AI-exposed occupations, such as writing.

On human autonomy, the report cites early quantitative signals:

  • Studies indicate that prolonged reliance on AI tools can reduce users’ ability to detect errors when AI assistance is removed.
  • Experiments involving thousands of participants show increased automation bias, where users are less likely to correct AI-generated mistakes, especially when doing so requires extra effort.
  • “AI companion” applications now have tens of millions of users, with early evidence suggesting a small subset experience increased loneliness or reduced social engagement.

Defence-in-Depth Is the Clearest Operational Message

No single safeguard is sufficient to manage frontier AI risks, a conclusion that closely mirrors established security practice. The report explicitly endorses a defence-in-depth approach: layering multiple technical and organisational controls so that the failure of one does not lead directly to harm.

Common practices highlighted include:

  • Threat modelling to identify vulnerabilities
  • Capability evaluations to assess potentially dangerous behaviours
  • Incident reporting systems to improve the evidence base over time

In 2025, 12 companies published or updated Frontier AI Safety Frameworks, outlining how they plan to manage risks as models become more capable. While most initiatives remain voluntary, some jurisdictions are beginning to formalise elements of these practices.

Open-Weight Models Pose Distinct Challenges

The report draws attention to the unique risk profile of open-weight models. Once released, they cannot be recalled, their safeguards are easier to remove, and they can be used outside monitored environments. This makes misuse harder to prevent and trace, even as open-weight models offer significant benefits for research and innovation.

What Security Leaders Can Do Right Now

The report’s tone is evidence-first and avoids prescriptive policy. Still, its themes translate into practical moves for organisations.

  • Treat AI risk like enterprise risk management, not a one-off compliance project. Use layered controls, clear owners, measurable monitoring, and regular review cycles that keep pace with fast model changes.
  • Invest in evaluation and incident pipelines. The report highlights an evaluation gap and the broader evidence dilemma, which means you need mechanisms to capture real-world failures, near misses, and abuse patterns quickly, then feed them back into controls and playbooks.
  • Assume AI will amplify both offense and defense, and plan for ambiguity about who benefits more in each domain, especially in cyber. Build for a world of faster iteration on both sides, not a single turning point.
  • Focus security effort where AI is already strong and showing evidence of real-world use, such as vulnerability discovery, code generation, phishing and social engineering at scale, and faster attack iteration loops.

If your organisation is trying to operationalise these ideas, the Why, What, How framing helps.

  • Why: AI-assisted discovery and social engineering can increase exposure and speed, and the report documents concrete signs of AI use in cyber operations.
  • What: You need continuous visibility into vulnerabilities, exposed assets, and relevant threat activity, plus a way to prioritise what matters most.
  • How: Capabilities like Attack Surface Management and Vulnerability Intelligence can help teams prioritise remediation, track exploitation trends, and monitor which issues are most likely to be weaponised.
SOCRadar’s Attack Surface Management module, Company Vulnerabilities

SOCRadar’s Attack Surface Management module, Company Vulnerabilities

Conclusion: Build Capacity, Not Certainty

The International AI Safety Report 2026 frames today’s challenge as an evidence dilemma: AI capabilities evolve faster than high-confidence evidence about risks and mitigations.

The report’s answer is not to wait for certainty, but to build adaptive capacity, through layered safeguards, better evaluations, and institutional resilience.

For leaders, the core message is clear: frontier AI will keep changing. The organisations and governments best prepared for that reality will be those that can learn and adapt faster than the risks evolve.