Generative AI is no longer used solely to develop malware: it also fuels their execution.
In November 2025, Google offered an analysis on this topic. It provided several examples, including a VBScript dropper that leveraged the Gemini API to help obfuscate its code.
The analysis is echoed in the 2026 International AI Safety Report. It is the “official” precursor to the AI Summit scheduled to be held in India from February 16 to 20. Like last year’s report, it provides a snapshot of the scientific understanding of general-purpose AI from a safety perspective. Among the experts involved on the French side are Jonathan Collas, industry and digital advisor at the SGDSN, and Gaël Varoquaux (Inria), project lead for the Scikit-learn consortium.
For this edition, the definition of “emerging risks” has been narrowed. They are now those “that emerge at the edge of AI capabilities.” In other words, to better position themselves as a complement to initiatives such as the UN’s AI scientific panel.
AI more persuasive, but influence “not demonstrated at scale”
Since last year, so-called reasoning systems have proliferated. They have benefited performance especially in mathematics, coding, and the sciences. On training methods, the report highlights distillation, citing the example of DeepSeek-R1, whose chain-of-thoughts fed DeepSeek-V3.
There have also been advances in the content generated by AI. Broadly, it has become harder to detect. To illustrate, the report cites, among others, observations by researchers at UC San Diego on a Turing test with GPT-4o. In 77% of cases, participants judged a text to be human-originated when it was in fact created by the LLM.
Another UC Berkeley study looked at voice cloning. In 80% of cases, participants mistook the AI for the original speaker.
Another UC Berkeley study, another angle: the AI’s persuasive capabilities. They can be more effective than humans at times. The evidence in this regard “has piled up” in recent months, the report notes, and it provides a concise summary. While focusing on negative effects (notably political propaganda), it also notes potentially positive effects, such as the reduction in belief in conspiracy theories.
The effectiveness of AI-generated content compared with human-created content, however, has not been demonstrated at scale, we’re told. This may be explained by distribution costs and by the balancing effect that exposure to opposing viewpoints can have in real-world conditions.
Cybersecurity: not yet a do‑it‑all AI, even if vulnerability detection is established
On the cyber front, the difficulty in establishing cause-and-effect relationships complicates the estimation of AI’s role in the severity and scale of attacks.
LLMs are nonetheless highly capable at discovering vulnerabilities. In this regard, mention is made of the latest DARPA AI Cyber Challenge. In that competition, an autonomous system climbed high in the rankings by uncovering 77% of the flaws.
Despite these advances, no fully autonomous attack has yet been reported. At least one incident came close. It involved Anthropic’s services. They themselves reported it in November 2025, noting that the attacker had automated, via this route, 80 to 90% of the work, with humans intervening only for critical decisions.
More generally, the report urges not to overstate AI’s current potential. Not least because most assessments cover isolated competencies; not end-to-end attacks. So far, available tools have mainly accelerated or scaled up existing methods.
Situational awareness does not equate to loss of control
As for the malfunctions and the risks they imply, the report offers a mixed bag.
References to several studies remind us that models have demonstrated situational awareness—a capability to detect the environment in which they operate. This can lead to different behavior in an evaluation scenario than in the real world. It can also lead to artificially degraded performance to avoid deployment restrictions, or to deliberately circumvent safeguards to achieve an objective, while denying it afterward.
However, the risk of long-term loss of control remains low, due to a lack of capabilities to sustain autonomous operation over time.
Indeed, this duration has lengthened in a few disciplines, starting with coding. But a single grain of sand can derail the machine, as illustrated by a university study focused on perturbing language–vision systems via a pop-up.
The automation bias is amplifying
Regarding AI’s impact on the labor market, the report cites studies in Denmark and the United States that did not demonstrate a strong correlation. It also notes several studies concluding a decline in demand for junior profiles.
The amplification of the “automation bias” is clearer. Already evident with non-AI automated systems, the phenomenon persists with LLMs. The report cites two studies supporting this. One shows users of writing-assistance tools tending to adopt the viewpoint suggested by the model. The other highlights the mental-shortcut process: on an assisted annotation task, participants corrected AI-suggested errors less often when additional effort was required.
