Archive for Cato

Researchers finds ChatGPT-5.5 completed full simulated cyberattack chain

Posted in Commentary with tags on July 17, 2026 by itnerd

A new report from Cato Networks found that OpenAI’s ChatGPT-5.5 successfully completed a full, multi-stage simulated cyberattack against a corporate network without human intervention. According to the report, ChatGPT-5.5 is the first publicly available AI model Cato tested to autonomously execute the entire attack chain in a controlled environment.

The model completed the 32-step attack in two of 10 attempts, carrying out reconnaissance, privilege escalation, lateral movement and data exfiltration.

Cato said the testing was conducted in a controlled environment designed to evaluate AI cyber capabilities rather than real-world systems.

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

“I’ve been using LLMs to complete complex offensive security challenges for over a year. The capability has been here.

“Cato’s “agentic attacker” is a full offensive stack, an agent platform, MCP-enabled tooling, and structured operational guidance, with GPT-5.5 as the reasoning layer. Their own researchers say the improvements across six scenarios came from better harness engineering while the model stayed the same.

“Two out of ten is the full-chain success rate with the agent handling planning and execution autonomously after a single prompt. A human operator stepping in at a handful of critical decision points in that 32-step chain would push that rate much higher. When I run LLM-driven offensive workflows, the model rarely fails on the individual steps. It fails on choosing which step to take next. That’s exactly the kind of error a practitioner fixes in seconds.

“Organizations should be preparing for continuous automated offensive pressure. An attacker running these workflows around the clock doesn’t need a high success rate when they have unlimited attempts. Each new model generation lowers the expertise needed to build an effective harness, and a black market for prebuilt offensive stacks is coming. Less-skilled operators will buy attack capabilities that required years of training a short time ago.”

What organizations need to do is to prepare themselves for LLM’s to attack them. The failure to not do so means that they will get pwned at some point.