Anthropic's Claude models, particularly Opus and Sonnet variants, account for roughly one-fifth of all AI-assisted cybersecurity operations globally, according to a new analysis of real penetration testing data. The finding comes from the Cybersecurity AI (CAI) Dataset, a 14-month corpus of 230,935 actual hacking trajectories assembled by Alias Robotics and published as a peer-reviewed study. The data reveals a critical infrastructure concentration risk: security professionals worldwide are funneling sensitive operational context into a handful of commercial cloud APIs, raising questions about data sovereignty and organizational confidentiality.

Why Should Security Teams Care About This Data Concentration?

The CAI Dataset captures genuine human-machine interactions from live penetration testing engagements across 123 countries, totaling 18.07 terabytes of production-grade security telemetry. Rather than synthetic or web-scraped text, this corpus documents real terminal sessions, failed exploit attempts, raw operating system outputs, and the exact prompts security operators typed into AI assistants. The data reveals a structural dilemma: to work efficiently, red teams and defensive security experts rely on AI speed and reasoning, but doing so means uploading sensitive information like environment variables, API keys, network inventories, and active session logs to external servers they don't control.

The concentration of this work is striking. Anthropic's Claude family (Opus 4.x, Sonnet 4.x, and Claude 3.7 series) processed 7.34 million calls across the dataset, representing 20.79 percent of all AI-assisted security operations tracked. OpenAI's models (GPT-5.x, GPT-4o, and o3-mini) accounted for 20 percent, or 7.06 million calls. Together, these two providers handled roughly 40 percent of the world's documented offensive and defensive AI-driven security work.

What Are the Real Security Risks of This Dependency?

The dataset documents four primary pathways through which sensitive context leaks into AI prompts, often unintentionally. Security operators paste environment files containing functional API keys for commercial services, intercept raw HTTP requests with active authorization tokens, reference bug bounty platform identifiers, and extract HTML payloads containing embedded API keys from target websites. While these incidents represent a small fraction of total sessions, the sheer volume of data flowing through centralized APIs creates what researchers describe as a "single failure surface".

A breach, outage, or politically motivated repurposing of these cloud services could cascade into nation-scale and enterprise-scale disruption. The dataset includes analysis of 4,532 unique vulnerability identifiers (CVE numbers) that security teams used AI to identify and exploit. The most frequently targeted vulnerabilities were not exotic zero-day exploits, but rather legacy, unpatched systems still running in corporate environments. The top three included a Kubernetes kubelet information disclosure flaw (47,904 mentions), an Oracle WebLogic XML deserialization vulnerability (20,163 mentions), and an Apache HTTP server path traversal flaw (16,270 mentions).

How to Reduce Dependency on Centralized AI Security Tools

• Deploy Private Fine-Tuned Models: Organizations can train specialized AI models on their own infrastructure using datasets like CAI, avoiding the need to upload sensitive operational context to third-party cloud APIs. This requires investment in internal compute resources but eliminates external data exposure.
• Implement Data Abstraction Layers: Security teams can use middleware that strips sensitive identifiers, API keys, and live session data before sending prompts to commercial AI services, reducing the risk of accidental credential exposure in cloud logs.
• Adopt Sovereign AI Frameworks: Europe-focused initiatives like the CAI Dataset provide training data aligned with GDPR and NIS2 (Network and Information Security Directive 2) compliance, enabling organizations to build and fine-tune models within strict data residency boundaries.

Alias Robotics, the organization behind the CAI Dataset, framed the initiative as a direct response to geopolitical concentration risk. The dataset comprises 230,935 captured session logs, 26.02 million individual prompts from security operators, and interactions across 4,187 unique AI model identifiers targeting 23,147 distinct domains. Notably, 85.7 percent of the unique contributors originate from European IP ranges, making the dataset an ideal foundation for training defensive models under strict European data governance standards.

The research demonstrates that the actual bottleneck for specialized cybersecurity AI is not the size of the base model, but rather the scarcity of real expert trajectories. Security operators have evolved their interaction patterns significantly; average prompt length has grown from roughly 150 characters in early command-line interfaces to a stable range of 400 to 1,300 characters in recent months. Operators no longer type isolated single-line commands; they now append massive deployment briefs containing full network pivot states or active terminal session resumptions, providing richer context for AI reasoning.

The CAI Dataset stores each trajectory record not as raw text, but as a structured, typed array of tool invocations, system responses, and behavioral self-corrections. This architecture enables supervised fine-tuning and reinforcement learning with verifiable rewards, allowing organizations to train models directly within their own trust boundaries without exposing sensitive operational data to external parties. The study also documents mitigation strategies to prevent trained agents from overfitting to specific environments, ensuring that models generalize across different security tools and infrastructure setups.

For enterprises and government agencies evaluating their AI security strategy, the CAI Dataset findings underscore a critical trade-off: speed and capability versus confidentiality and sovereignty. As security operations increasingly rely on AI assistants, organizations must weigh the convenience of cloud-based models against the risk of concentrating sensitive operational context in the hands of a small number of commercial providers.

" }