UK AI Safety Institute: Gap Between US and Chinese AI Cyberattack Capabilities Narrows to Four Months

Alina Collins
Published todayAbout 11 min read

The UK AI Safety Institute's latest assessment finds that Chinese open-weight AI models now trail top US frontier models in cyber-attack capability by as little as four months, down from six to ten — compressing the global window for cyber defence faster than expected.

01

What does a four-month gap actually mean?

AISI — the UK government's dedicated AI-risk evaluator — tested two capabilities: completing specific hacking tasks (vulnerability research, exploitation, cryptography) and autonomously executing end-to-end cyber attacks.
Beijing-based Zhipu AI's GLM-5.2 stood out in both. On specific tasks, it matched Anthropic's Opus 4.6 and OpenAI's GPT-5.2-Codex — models released just four months earlier.
This means → China's open-source models are closing the gap at roughly one quarter per cycle. The time defenders have to patch vulnerabilities is shrinking in lockstep.
02

Cheaper and just as capable — what is GLM-5.2's hidden edge?

In the autonomous-attack tests, GLM-5.2 consumed fewer tokens — the basic units a model processes — and ran at far lower cost than US frontier models.
In plain terms = the same level of cyber-attack capability, at a fraction of the price, which dramatically lowers the barrier to use.
This reflects a broader trend: companies from Silicon Valley to Europe are increasingly adopting Chinese open-source models to escape rising fees charged by leading US AI developers.
03

Why do open-weight models make safety agencies especially nervous?

AISI flagged the core risk: once an open-weight model is released, it cannot be recalled. Unlike closed-source models, there is no way to revoke access, iterate on safety measures, or monitor misuse after the fact.
In plain terms = a closed-source model is a gun locked in a cabinet — you can take back the key. An open-weight release hands the gun to everyone, permanently.
Georgetown University researcher Sam Bresnick warned: "We may soon live in a world where models capable of autonomously identifying code vulnerabilities are freely available to all."
04

Are America's own frontier models safe?

US frontier models have already surpassed the best human hackers in cyber-attack capability. Anthropic this year restricted access to its Mythos model because it could chain vulnerabilities faster than humans could patch them.
Earlier, Anthropic briefly paused its Fable model after US government concerns about its hacking capabilities.
This means → the safety dilemma cuts both ways. It is not just China catching up — America's own models have grown powerful enough to require self-imposed limits.
05

Moonshot AI's Kimi K3 launch — why did markets panic?

Chinese AI start-up Moonshot AI released Kimi K3 — the largest publicly disclosed Chinese AI model to date. Its benchmarks surpassed Anthropic's Claude Opus 4.8 and OpenAI's GPT 5.5 on most coding and general AI-agent tasks.
Kimi K3 still trails Anthropic's Fable model, but its launch day dragged US tech stocks lower as investors questioned AI valuation levels and the durability of America's technological lead.
This reflects a core market anxiety: if Chinese open-source models keep closing the gap at this pace, what underpins the premium valuations of US AI companies?
06

How much time do defenders have left?

AISI's conclusion is blunt: as open-source capabilities keep converging on the closed-source frontier, the time governments and enterprises have to harden their systems is draining faster.
Even if existing vulnerabilities are patched, the widespread free availability of high-capability AI systems poses a persistent threat to critical infrastructure.
In plain terms = this is not a "fix it and you're safe" problem. When attack tools are freely available and continuously evolving, defenders are permanently running behind.

Content is for reference only, not financial advice.

UK AI Safety Institute: Gap Between US and Chinese AI Cyberattack Capabilities Narrows to Four Months · nashnova