AI Governance Library

Toward Risk Thresholds for AI-Enabled Cyber Threats

AI is increasingly being used to augment and automate cyber operations… raising urgent questions about when AI systems introduce unacceptable cyber risk, and how risk thresholds should be identified before harms materialize at scale.
Jakub Szarmach
3 min read
Toward Risk Thresholds for AI-Enabled Cyber Threats
Toward Risk Thresholds for AI-Enabled Cyber Threats
Toward Risk Thresholds for AI-Enabled Cyber Threats.pdf
1021 KB
download-circle

⚡ Quick Summary

This paper tackles a core governance problem: how to define when AI-driven cyber risk becomes unacceptable. Current approaches—mostly from frontier AI companies—rely on vague, capability-based thresholds that are hard to measure, inconsistent, and poorly tied to real-world harm. The authors argue that this is insufficient in a world where AI is rapidly lowering the skill barrier for cyberattacks and enabling autonomous, scalable operations.

To fix this, they propose a probabilistic, evidence-based framework using Bayesian networks. Instead of binary “safe vs unsafe” thresholds, risk is modeled as a dynamic system of interacting variables (capabilities, attacker behavior, defenses, impact). The paper demonstrates this through a phishing case study, showing how qualitative insights can be translated into measurable, updateable risk indicators. The goal is not a single threshold, but a repeatable methodology for operationalizing AI risk governance.

🧩 What’s Covered

The paper starts by mapping the current landscape of AI cyber risk thresholds, primarily drawn from frontier AI safety frameworks (OpenAI, Anthropic, DeepMind, Meta). These frameworks show convergence around key “threshold elements” such as automation of multi-stage attacks, zero-day discovery, and enabling low-skilled attackers . However, the authors identify major flaws: overreliance on capability benchmarks, vague language (“meaningful increase”), lack of baselines, and deterministic cutoffs that ignore uncertainty .

A central critique is that capabilities ≠ risk. The same capability may be benign or catastrophic depending on context, access, and defenses . Current thresholds also overfocus on extreme, low-probability scenarios while missing incremental shifts that could reshape the offense–defense balance.

To address this, the authors propose Bayesian networks (BNs) as a modeling approach. These probabilistic graphs represent relationships between variables (e.g., AI capability → attack success → economic harm), allowing integration of diverse evidence and continuous updates as conditions change . Unlike static thresholds, BNs enable tracking how close a system is to crossing a risk boundary.

The methodology includes:

  • Decomposing high-level risks into measurable variables
  • Linking them through probabilistic dependencies
  • Feeding in data from benchmarks, red teaming, and real-world evidence
  • Updating risk estimates over time

The phishing case study illustrates this concretely. On pages 31–32, a Bayesian network breaks down social engineering risk into nodes like “AI linguistic mastery,” “lure credibility,” and “defense detection rate,” which jointly determine outcomes like whether an employee opens a malicious email . This shows how vague concepts become quantifiable signals.

Finally, the paper emphasizes that thresholds must connect to actionable decisions—such as restricting deployment or increasing mitigations—and align with emerging regulatory frameworks (EU AI Act, NIST RMF) .

💡 Why it matters?

This work reframes AI risk governance from static compliance to dynamic monitoring. Instead of asking “Does this model cross a threshold?”, it asks “How likely is it to cause harm under real conditions?”—a much more realistic framing for complex systems.

It also highlights a critical shift: AI is not just introducing new threats but reshaping attacker economics and accessibility. When low-skilled actors can execute advanced attacks, traditional assumptions about threat models break down.

For policymakers and labs, the key value is methodological: it provides a path toward measurable, defensible, and auditable risk thresholds, which are essential for regulation, safety commitments, and deployment decisions.

❓ What’s Missing

The framework is conceptually strong but still early-stage. It lacks:

  • Real-world validated Bayesian models at scale
  • Standardized datasets for populating probabilities
  • Clear guidance on governance integration (who sets thresholds, how enforced)
  • Empirical benchmarks linking model capability → real-world cyber impact

Additionally, while phishing is a useful example, more complex domains (e.g., autonomous exploitation or supply chain attacks) are not deeply operationalized.

👥 Best For

AI safety researchers
Cybersecurity strategists
Policy makers and regulators
Frontier AI labs working on risk frameworks
Technical governance and risk modeling teams

📄 Source Details

UC Berkeley – Center for Long-Term Cybersecurity (CLTC)
White Paper (January 2026)

📝 Thanks to

Krystal Jackson, Deepika Raman, Jessica Newman, Nada Madkour, Charlotte Yuan, Evan R. Murphy

Research Whitepaper
About the author
Jakub Szarmach

Jakub Szarmach

Read next

Advancing a Global Framework for AI Safety and Governance for the Well-being of Humanity

Open Problems in Frontier AI Risk Management

Model Risk Management in the Age of AI

Insuring Emerging Risks from AI

Defense Against the AI Dark Arts: Threat Assessment and Coalition Defense

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.