An AI agent developed by Stanford researchers outperformed professional human hackers in a 16-hour cybersecurity test, uncovering vulnerabilities across thousands of devices while costing just $18 per hour—far less than the six-figure salaries of human experts. The AI, named ARTEMIS, was tested on Stanford’s public and private computer science networks, which include around 8,000 devices such as servers, workstations, and smart systems. The study, led by researchers Justin Lin, Eliot Jones, and Donovan Jasper, found that ARTEMIS placed second among 10 human penetration testers. Over a 10-hour window, the AI identified nine valid security flaws with an 82% success rate in submitting confirmed vulnerabilities—outperforming nine of the 10 human participants. Notably, it discovered weaknesses that human testers missed, including a flaw on an older server that was inaccessible due to browser incompatibility. ARTEMIS bypassed the issue by using command-line tools, a method human testers could not employ. What set ARTEMIS apart was its ability to run multiple sub-agents simultaneously. Whenever it detected a potentially significant finding during a scan, it automatically launched additional AI components to investigate in parallel. This allowed it to explore several attack paths at once, a task that human hackers must perform sequentially, limiting their speed and scope. The agent’s cost efficiency is striking. Running ARTEMIS costs about $18 per hour, compared to the average annual salary of $125,000 for a professional penetration tester. A more advanced version of the agent costs $59 per hour—still significantly less than hiring top-tier human experts. However, the AI is not without limitations. It struggled with tasks requiring interaction with graphical user interfaces, such as clicking through web pages, which caused it to miss a critical vulnerability. It also generated more false alarms, sometimes mistaking routine network traffic for signs of a successful breach. The researchers noted that ARTEMIS excels in environments with code-based input and output, where it can parse and act on data more effectively than humans. The study highlights a growing trend: AI is making cyberattacks more accessible and powerful. In recent months, malicious actors have increasingly used generative AI to enhance their operations. In September, a North Korean hacking group used ChatGPT to create fake military IDs for phishing campaigns. A report from Anthropic in August revealed that North Korean operatives used the Claude AI model to secure remote jobs at U.S. Fortune 500 tech companies, gaining access to internal systems. The same report also documented a Chinese threat actor using Claude to launch cyberattacks on Vietnamese government, agricultural, and telecom networks. Yuval Fernbach, CTO of machine learning operations at JFrog, told Business Insider in April that the number of AI-powered attacks is rising rapidly. He warned that hackers are now using AI to extract sensitive data, disrupt systems, and manipulate software tools—posing a serious threat to digital security. As AI agents like ARTEMIS grow more capable, the cybersecurity landscape is shifting. While these tools offer powerful new defenses, they also raise urgent concerns about how easily they can be weaponized by malicious actors.