Cisco exposes alarming errors hidden inside AI security incident reports

Published: 22 May 2026
cisco-ai-report
Image by Cybernews.

Amid the furor over Anthropic’s Claude Mythos AI and other tools that are supposedly able to solve cybersecurity issues, major US cybersecurity company Cisco decided to test the technology’s ability to write a detailed technical report. The results aren’t great, to say the least.

As per Nate Pors, a senior incident commander on the Cisco Talos Incident Response team, this was a tabletop security incident response exercise aimed at testing AI’s ability to write an accurate report.

Last month, both Anthropic and OpenAI released new cybersec-focused AI models designed to autonomously find flaws and bugs in software. Mythos and GPT-5.4-Cyber are marketed as capable of detecting thousands of severe vulnerabilities.

ADVERTISEMENT

So far, so good. However, finding those flaws is not the same as enabling defenders to fix them. As Cisco’s test shows, cyber pros should tread extremely carefully and double-check any report an AI model sends their way.

Reports look great, but really aren’t

According to Cisco, the test found that even though most organizations are already seeing “tangible value from investment in AI,” early adopters quickly encounter limitations when attempting to generate long-form, technical content.

cisco-maximum-severity-vulnerability
Image by Cybernews.

“When given raw notes and asked to create technical reports, large language models such as ChatGPT, Claude, and Gemini generated polished-looking results that often contained significant inaccuracies, unusual conclusions, and inconsistent writing styles,” Pors wrote in the blog post.

The large language models make these mistakes because, as a brilliant book, “The AI Con” explains, they’re actually just “fancy autocomplete systems” spewing out educated guesses.

Cisco admits: “Various types of inconsistencies in AI output frequently diminish the efficiency gains that AI reporting processes promise to deliver. At their core, most inconsistencies stem from the probability-driven nature of LLMs.”

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT

Indeed, these models generate output by predicting the next token, typically a word or sub-word, in a sequence, based on model weights and training data.

Errors could be extremely costly

There are four ways the LLMs mess up cybersecurity reports, according to Pors:

  • They use different data for each query, making it “difficult to rely on an LLM for repeatable, standardized research outcomes.”
  • They reach different conclusions from the same data, for instance, suggesting a full organization-wide password reset in one instance and a targeted reset in another. It’s just bad advice, especially since the model “often defaults to whichever recommendation it generates first.”
  • Since LLMs generate content token by token, they can create documents with different formatting and structures each time. This is problematic for “professional environments where standardized layouts, such as consistent executive summaries or recommendation sections, are essential for quality control.”
  • Finally, any AI model can simply discard data after a “context window” hits its limit, so its output might potentially lose critical initial information. Besides, “context pollution” is sure to cause the model to produce unpredictable or blended results.

Obviously, all these issues could be solved in theory, for instance, by giving an LLM “granular, single-task instruction” that focuses on “a specific, small portion of the report,” Cisco says.

Then again, the process would take a long time, so the efficiency gains would vanish. Why use an AI model when a human professional can complete the task and produce a much better technical report?

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

The problem, of course, is that in the world of cybersecurity and serious cyber incidents, any errors could be extremely costly to a company attempting to stave off a threat and clean up its systems.

“[Human report authors] must edit, understand, and take ownership of every word of the final report,” Cisco warns in the blog, adding that recommendations generated by the LLMs were “duplicative, irrelevant, or not actionable.”

One recent incident of overrelying on AI is especially telling. A Linux user, suspecting something was wrong on their machine, turned to OpenAI’s Codex agent to investigate and remediate the issue.

However, the agent failed to fully respond to the incident, obscured active threats, and complicated the investigation.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked