On May 4, 2026, Air Street Capital published State of AI: May 2026, the monthly companion to its annual report. The headline finding: the UK AI Security Institute now estimates frontier cyber-offence capability is doubling every four months. Two frontier models — Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 — both cleared AISI's 32-step end-to-end cyber-attack range in a single month, with Mythos first and GPT-5.5 following three weeks later.
The report frames the next AISI cyber-range solve, expected inside Q3, as a forcing function for policy. Whether the result is published or restricted will signal how labs and governments handle dual-use capability in the agentic era. Air Street also notes that frontier labs have effectively become infrastructure companies: OpenAI closed $122B at an $852B valuation anchored by Amazon, Nvidia, SoftBank, and Microsoft, while Anthropic took an additional $40B from Google, $5B from Amazon, and chip deals with Google and Broadcom reportedly worth hundreds of billions.
The China section is sharper than past editions. Three Chinese labs — Z.ai, Moonshot, and DeepSeek — cleared SWE-Bench Pro between 56 and 58 in April, putting open-weights coding from China within a point of the US frontier. The report says the 'six-to-nine-months-behind' framing no longer works for agentic coding. Portfolio notes flag Profluent's $2.25B Lilly partnership for large-gene insertion therapeutics and Sereact's $110M Series B for warehouse robotics.
Takeaway for learners — the speed of capability growth is now measurable, not anecdotal. A four-month doubling on cyber-offence means a model that fails a benchmark today is plausibly the model that passes it before the next academic semester ends. If you're studying AI safety, evaluations, or policy, the AISI cyber-range and SWE-Bench Pro are the two scoreboards worth watching first — they're where the dual-use questions get decided in public.