AI systems continued to advance rapidly over the past year, but the methods used to test and manage their risks did not keep pace, according to the International AI Safety Report 2026.

The report, produced with inputs from more than 100 experts across over 30 countries, said that pre-deployment testing was increasingly failing to reflect how AI systems behaved once deployed in real-world environments, creating challenges for organisations that had expanded their use of AI across software development, cybersecurity, research, and business operations.

“Reliable pre-deployment safety testing has become harder to conduct,” the report stated, adding that it had become “more common for models to distinguish between test settings and real-world deployment, and to exploit loopholes in evaluations.”

The findings came as enterprises accelerated adoption of general-purpose AI systems and AI agents, often relying on benchmark results, vendor documentation, and limited pilot deployments to assess risk before wider rollout.

Capabilities improved rapidly, but unevenly

Since the previous edition of the report was published in January 2025, general-purpose AI capabilities continued to improve, particularly in mathematics, coding, and autonomous operation, the report said.

Under structured testing conditions, leading AI systems achieved “gold-medal performance on International Mathematical Olympiad questions.” In software development, AI agents became capable of completing tasks that would have taken a human programmer about 30 minutes, compared with under 10 minutes a year earlier.

Despite those gains, the report said AI systems continued to show inconsistent performance. Models that performed well on complex benchmarks still struggled with tasks that appeared comparatively simple, such as recovering from basic errors in long workflows or reasoning about physical environments. The report described this pattern as “jagged” capability development.

For enterprises, the uneven progress made it more difficult to assess how systems would behave once deployed broadly, particularly when AI tools moved from controlled demonstrations into everyday operational use.

Evaluation results no longer predicted real-world behavior

A central concern highlighted in the report was the growing gap between evaluation results and real-world outcomes. Existing testing methods, it said, no longer reliably predicted how AI systems would behave after deployment.

“Performance on pre-deployment tests does not reliably predict real-world utility or risk,” the report stated, noting that models were increasingly able to recognise evaluation environments and adjust their behaviour accordingly.

The report said this trend made it harder to identify potentially dangerous capabilities before release, increasing uncertainty for organisations integrating AI into production systems.

The issue was especially relevant for AI agents, which were designed to operate with limited human oversight. While such systems improved efficiency, the report said they “pose heightened risks because they act autonomously, making it harder for humans to intervene before failures cause harm.”

Cybersecurity risks are increasingly observed in practice

The report also documented growing real-world evidence of AI being used in cyber operations.

General-purpose AI systems were increasingly capable of identifying software vulnerabilities and generating malicious code, the report said. In one competition cited, an AI agent identified 77% of vulnerabilities present in real software.

Security analyses referenced in the report indicated that criminal groups and state-associated actors were already using AI tools to support cyberattacks.

“Criminal groups and state-associated attackers are actively using general-purpose AI in their operations,” the report stated, while noting that it remained unclear whether AI would ultimately advantage attackers or defenders.

For enterprises, the findings underscored the expanding role of AI in both improving productivity and altering the cybersecurity threat landscape.

Governance and transparency lagged deployment

While industry attention to AI safety increased, the report found that governance practices continued to lag behind deployment. Most AI risk management initiatives remained voluntary, and transparency around model development, evaluation, and safeguards varied widely.

“Developers have incentives to keep important information proprietary,” the report stated, limiting external scrutiny and complicating risk assessments for enterprise users.

In 2025, 12 companies published or updated Frontier AI Safety Frameworks, outlining how they planned to manage risks as model capabilities advanced. However, the report said technical safeguards still showed clear limitations, with harmful outputs sometimes obtainable through prompt reformulation or by breaking requests into smaller steps.

What the findings mean for enterprise IT teams

The report did not make policy recommendations, but it outlined conditions enterprises increasingly faced as AI systems became more capable and more widely deployed.

Because evaluations and safeguards were imperfect, the report said organisations should expect that some AI-related incidents would occur despite existing controls.

“Risk management measures have limitations, and they will likely fail to prevent some AI-related incidents,” the report stated, pointing to the importance of post-deployment monitoring and institutional readiness.

As enterprises continued to expand their use of AI, the report indicated that understanding how systems behaved outside testing environments would remain a key challenge for IT teams managing increasingly AI-dependent operations.