Irregular

We are Irregular (Formerly Pattern Labs) We’re building the first frontier AI security lab Starting with defenses for the next generation of threats

Our CEO, @dan_lahav, spoke at @jpmorgan's Global Cyber Innovation Summit in NYC about cybersecurity in the era of frontier AI, exploring how AI systems fail and how to build trust where traditional security tools fall short. A timely conversation for a fast-moving field.

We recently helped close a handful of zero-days in CUPS, the default printing system on most Linux distros. Our AI security eval system keeps surfacing real vulnerabilities, with similar findings in Soft Serve and QuickJS a few months ago. Responsibly disclosed (CVE-2026-41079/39314/39316) and patched in v2.4.17. If you're running CUPS, update it now.

We evaluated GPT-5.5 before release, testing cyber capabilities across our private benchmark suites. We found clear gains over GPT-5.4: stronger performance at lower costs. As models become more capable, understanding and reducing their security risks becomes increasingly important.

Full blog post: irregular.com/publications/a…

We evaluated GPT-5.5 using Irregular’s offensive security methodology across two frameworks: Atomic Tasks, which tests discrete technical skills, and CyScenarioBench, which tests end-to-end, multi-stage operations. On Atomic Tasks, the model performed strongly, particularly in Network Security and Vulnerability Research and Exploitation, and solved all atomic challenges. On CyScenarioBench, GPT-5.5 outperformed GPT-5.4, solving more challenges while achieving a higher average success rate. Across both challenge suites, it also achieved lower costs per success. These results suggest continued gains in offensive cyber capability, while reinforcing the importance of scenario-level evaluation for understanding how step-level performance translates into coherent operational execution. Full blog post in the first comment.

“We’re aiming to build the next Palo Alto Networks or CrowdStrike.” Working with companies like Anthropic and OpenAI, @Irregular was named as Israel’s most promising startup in Calcalist and CTech’s annual Top 50 list. calcalistech.com/ctechnews/arti…

Honored to be included in the @Forbes AI 50 Brink list, alongside other promising companies shaping the future of AI. Proud to be building at the frontier.

The full writeup: irregular.com/publications/a…

Excited to share that we have started working with @Meta. As part of this collaboration, we recently evaluated Muse Spark, the first model from Meta Superintelligence Labs, across our offensive security benchmarks. We are proud to add Meta to the group of leading AI labs we work with to measure and mitigate offensive cyber risk before models reach the public. Link to our full assessment in the first comment.

Anthropic gated Mythos Preview over security risks this week. Speaking to @TechCrunch ahead of the release, @dan_lahav raised the question at the core of this: not whether AI systems find vulnerabilities, but whether they are meaningfully exploitable, on their own or as part of a chain. Thanks for the mention @TimFernholz.

Full article (subscription): theinformation.com/newsletters/ap…

Our CEO, @dan_lahav, in @theinformation this week: leading AI models are getting better at offensive cyber tasks. Our cybersecurity evaluations have shown this for more than six months: every new model we test performs better than the last. Link in first comment.

Our CEO, @dan_lahav, joins the @RaiseSummit 2026 lineup alongside leaders from Cognition, Datadog, Harvey, Cerebras, and Yann LeCun. As frontier models move into real enterprise workflows, the security surface is changing faster than most organizations are prepared for. Paris, July 8–9.

@dan_lahav, our CEO, joined a great panel yesterday at the RSAC Wiz House with @amiluttwak, @logangraham, @four, and @41thexplorer. AI is rapidly reshaping the security landscape, changing not just how vulnerabilities are discovered but also how modern tools can bypass traditional defenses entirely. A key theme from our RSAC panel with the Wiz team was clear: legacy code remains a major exposure risk in an AI-driven threat environment. At the same time, today's tools give us the ability to continuously patch, evaluate, and strengthen software, making it possible to build more secure systems than ever before. The future of security will be defined by how effectively we adapt to this new reality.

@dan_lahav @wiz_io @GoogleDeepMind #age-of-ai" target="_blank" rel="nofollow noopener">wiz.io/events/wiz-at-…

The AI security conversation you don't want to miss at #RSAC: @Irregular CEO @Dan_lahav and leaders from @wiz_io are bringing together two of the leading voices in Frontier AI security: John "Four" Flynn from @GoogleDeepMind and Logan Graham, who leads the Frontier Red Team at @AnthropicAI. When: March 25 · 5PM · Wiz House, SF Register 👇

Our full findings: irregular.com/publications/e…

📷 The Guardian covered our research on emergent offensive AI behavior! We are glad this conversation is reaching a wider audience. Read the Guardian piece: theguardian.com/technology/ng-…

An AI agent was told only to retrieve a document. When it encountered access restrictions, it reverse-engineered the authentication system, identified a hardcoded secret key, and forged admin credentials to bypass it. This is one of three scenarios we documented in a new Irregular research report on what we call emergent cyber behavior. Agents performing routine enterprise tasks autonomously hacked the systems they were operating in. One escalated its own privileges and disabled Windows Defender to complete a file download. Another developed a steganographic encoding scheme to smuggle credentials past a DLP system. None of this was the product of unsafe system design. It emerged from standard tools, common prompt patterns, and the broad cybersecurity knowledge embedded in frontier models. Companies that deploy AI agents and do not consider this risk as part of their threat model may end up exposed, and implement insufficient security controls. Full blog post in the first comment.