Quantify AI-enabled cyber capability uplift for non-expert actors through comparative behavioral studies

We need empirical data quantifying whether and how frontier AI models enable individuals with limited cybersecurity expertise to successfully conduct malicious cyber activities that would otherwise be beyond their capabilities. Current risk assessments rely heavily on theoretical analysis rather than behavioral evidence. This research must design rigorous experiments comparing attack success rates, sophistication, and speed between AI-assisted and non-AI-assisted conditions across a representative sample of cyber attack types and threat actor skill levels.

AI systems have demonstrated increasing proficiency at coding, vulnerability analysis, and security-relevant tasks. Theoretical concerns exist that these capabilities could lower barriers to entry for cybercrime and cyber attacks. However, limited empirical research exists measuring real capability uplift for non-expert actors. Prior work includes: RAND's 2023 study on AI-assisted cybersecurity tasks showing mixed results; academic red-teaming exercises demonstrating AI models can assist with exploit development; anecdotal reports of AI-generated phishing and malware. The UK AISI and US AISI both identify cyber misuse as a priority risk area requiring better measurement frameworks. Key open questions include whether AI primarily accelerates existing capabilities versus enabling entirely new attack classes, and what skill threshold is required for effective AI assistance. This research connects to broader questions about AI democratization of advanced capabilities and the offense-defense balance in cybersecurity.

IN SCOPE: Behavioral experiments with human participants representing non-expert threat actors; task batteries covering reconnaissance, exploitation, social engineering, malware development, and defense evasion; comparison between frontier LLM access versus internet-only access; quantitative and qualitative analysis of capability uplift; assessment of potential model-level mitigations. OUT OF SCOPE: Advanced persistent threat (APT) or nation-state actor capabilities; zero-day vulnerability discovery; attacks on specific production systems; actual deployment of malicious capabilities; highly specialized attack types requiring deep domain expertise even with AI; automated AI agent attacks without human direction. CONSTRAINTS: Must comply with ethical research standards and IRB approval; requires sandboxed testing environments; limited to publicly available or research-access AI models; participants must remain anonymous; no creation of real-world harmful artifacts.

Required: Research methodology and experimental design experience, cybersecurity fundamentals (network security, common attack vectors, vulnerability assessment), familiarity with AI capabilities and limitations, human subjects research ethics/IRB processes. Helpful: Prior experience with behavioral studies, statistical analysis (R/Python), sandboxed security testing environments, prompt engineering with LLMs.