Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain

Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain

Single Prompt Enables ChatGPT to Execute Full Cyber-Attack Chain

https://www.infosecurity-magazine.com/news/chatgpt55-to-execute-full/

Publish Date: 2026-07-16 09:30:00

Source Domain: www.infosecurity-magazine.com

A single prompt is enough to encourage OpenAI’s ChatGPT-5.5 large language model (LLM) to conduct full-scale offensive cyber-attacks, complete with the ability to gain domain-level access to a network in under 40 minutes, according to tests conducted by cybersecurity researchers.

Threat researchers at Cato Networks said they set out to test how far an agentic attack could go when a frontier model was given a single high-level objective, the offensive, and enough autonomy to execute the attack path.

A paper published on July 15 by the cybersecurity firm detailed how this experiment was performed in a controlled Active Directory environment, designed to look like that of a typical enterprise.  

The result was that following a single prompt, the agent was able to plan and execute the entire attack lifecycle. This included reconnaissance, exploitation, internal discovery, privilege escalation, lateral movement and exfiltration activities.

Read More: What Fronter AI Models Like Mythos and GPT-Cyber Mean for Modern Cybersecurity

Cato Networks conducted the research to examine how AI tools could be exploited at a time when threat actors are increasingly incorporating AI into offensive cyber operations.

This includes attempts to jailbreak publicly available AI models that are protected by built-in safety guardrails.

Cato Networks focused on GPT-5.5 rather than the cybersecurity focused GPT-5.5-Cyber.

“While both GPT-5.5 and GPT-5.5-Cyber were evaluated during the research, the later scenarios focused on GPT-5.5 to better reflect the publicly available frontier models accessible to most attackers at the time of the study,” Cato Networks explained in a blog post.

The specific prompts used to direct the model have not been revealed, likely as a cybersecurity measure to prevent malicious actors from repeating the experiment.

The Agentic Attacker in Action

Cato Networks tested six different scenarios and found that the agentic AI was highly adept at…

Source