Ad
Skip to content
Subscribe Now
AI in practice
Copy the url to clipboard Share this article Go to comment section

New Claude Mythos becomes the first AI model to clear all cyberattack simulations from Britain's AI safety agency

Matthias Bastian
Matthias Bastian View the LinkedIn Profile of Matthias Bastian
May 14, 2026
Image description
GPT-Image-2 prompted by THE DECODER

Frontier AI models are gaining cyber capabilities faster than anyone expected. The UK's AI Security Institute (AISI) has revised its estimates upward twice in just a few months.

In November 2025, the agency estimated that cyber capabilities were doubling every eight months. By February 2026, it had revised that figure to 4.7 months. Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have now "substantially exceeded" even that accelerated timeline, according to AISI. Whether this represents a new trend or a one-time jump remains unclear.

Line chart showing AISI cybersecurity time horizons on a log scale. The x-axis shows model release dates from early 2025 to late 2026, the y-axis shows 80% reliability time horizons ranging from 6 minutes to 4 days. Two trend lines illustrate previous estimates: a gray dashed line for the November 2025 estimate of roughly 8-month doubling, and a red dashed line for the pre-Mythos frontier trend of roughly 4.7-month doubling. Older models like o1 and Claude 3.7 Sonnet cluster near the bottom left. The newest models - Mythos Preview and GPT-5.5 - break sharply upward from both trend lines, with wide uncertainty distributions indicating they have saturated the test suite.
AI cyber capabilities are growing far faster than predicted. The latest models (Mythos Preview, GPT-5.5) have saturated AISI's test environment and deviate sharply from prior trends. The performance leap is so large that reliable forecasting becomes uncertain. | Image: AISI

Mythos Preview is the first model to clear both AISI cyber ranges

The biggest gains showed up in AISI's cyber ranges, complex attack simulations designed to test real-world hacking ability. One range simulates a 32-step attack on a corporate network that human experts would need about 20 hours to complete, according to AISI. The latest Mythos Preview checkpoint finished the full attack in 6 out of 10 attempts. This checkpoint was also rolled out to partners. The previously tested Mythos version managed it in only 3 out of 10.

Line chart tracking completed steps on AISI's "The Last Ones" cyberattack simulation. The x-axis shows cumulative token usage on a logarithmic scale up to 100 million. The y-axis shows completed attack steps from 0 to 32, with milestones labeled from M1 (initial reconnaissance) through M9 (full network takeover). Older models like GPT-4o flatten out early. The curves for the newest models - Mythos Preview and GPT-5.5-Cyber - climb steeply past 1 million tokens. Two dashed lines show best attempts that reach the maximum of 32 steps at milestone M9.
Progress of AI models on AISI's "The Last Ones" cyberattack simulation. Newer models like Mythos Preview and GPT-5.5-Cyber complete significantly more attack phases per token budget than their predecessors. In their best attempts, they even reach the final escalation stage, 9—full network takeover. | Image: AISI

The model also solved "Cooling Tower," a simulation of an industrial control system, in 3 out of 10 attempts. No other model had ever passed this simulation, including the earlier Mythos version.

"The direction of travel is clear: cyber capabilities are advancing rapidly, and recent models represent a meaningful step up from what came before," AISI wrote. The agency is already building harder evaluations with active defenses to keep pace with the technology.

XBOW confirms source code analysis strength but sees limits

Offensive security firm XBOW independently tested Mythos Preview with a team of ten experts. The model is "a major advance" and shows "token-for-token" an "unprecedented precision" in vulnerability detection, the company said. Compared to Anthropic's Opus 4.6, Mythos Preview cut false negatives by 42 percent. With additional source code access, that reduction hit 55 percent.

Bar chart comparing AI models on vulnerability detection odds. The y-axis shows the ratio of successful finds to misses, scaled from 0 to 12.5. Mythos Preview (Anthropic) leads with a score near 11, far ahead of GPT-5.5 (OpenAI) at roughly 7.5. Earlier models including Opus 4.5, Opus 4.6, Gemini 3.1 Pro, and GPT-5.4 trail significantly, scoring between 2 and 5.
Comparison of AI models on vulnerability detection. Mythos Preview (Anthropic) dominates the field, offering significantly higher odds of finding vulnerabilities than the strongest competitor, GPT-5.5 (OpenAI). | Image: XBOW

Mythos Preview's biggest strength is source code analysis, according to XBOW. "This was the first instance of a theme that would surface again and again: Mythos Preview is impressive at writing code, but even more impressive at reading it," the report states. The model even found vulnerabilities in Chromium's V8 sandbox, an area where previous models had produced nothing but false positives.

Still, XBOW's evaluation also exposed the limits of that strength. Access to a running system is often more important than access to source code, since many vulnerabilities only emerge from configuration, dependencies, or the interaction between individually secure components.

Even on benchmarks where the vulnerability existed purely in code, removing live system access hurt performance more than removing source code access. Mythos Preview reads code exceptionally well but still depends on interacting with live systems to reach its full potential.

Capable but expensive: costs put the lead in perspective

XBOW raises a question that matters given the sharp rise in AI model pricing: Is the performance worth the cost? Anthropic has announced that Mythos Preview could cost five times as much as an Opus model.

When normalized by estimated operating costs, Mythos Preview "isn't terribly inefficient, at least if you desire high accuracy, but it’s not best-in-class on our benchmarks either," XBOW writes. The alternative would be giving a GPT-5.5-powered agent more time. Often, that delivers equivalent or better results at a lower cost.

"The better option depends on the use case; often, it’s the latter," XBOW writes. The company recommends deploying a "cadre of models" rather than betting on a single one.

Table showing Mythos Preview benchmark performance across seven categories. Detection tasks - Web benchmarks, denormalization vulnerabilities, and V8 Sandbox - are rated "Excellent" or "Good" in green. Judgment tasks show weaker results: Trace Mining is rated "Good" in blue, Threat Model is "Fair" in yellow, and Command Safety is "Mediocre" in orange. A notes column provides brief explanations for each rating, such as "Technically right, practically wrong" for Command Safety and "The only successful model so far" for V8 Sandbox.
Mythos Preview delivers excellent results on pure vulnerability detection tasks (e.g., web, V8 sandbox) but shows weaknesses on more complex judgment tasks, where it scores only "Mediocre" or "Fair" in some categories. | Image: XBOW

Anthropic: "Within a year, Mythos will probably look quite dumb"

Logan Graham, who leads red-teaming around Project Glasswing at Anthropic, put the results in context: Glasswing partners used Mythos Preview to find "many thousands of (estimated) high + critical severity vulnerabilities" in just a few weeks, "sometimes double what they'd normally find in a year."

But Graham stressed this isn't about hyping a single model. "Within a year, Mythos will probably look quite dumb (relative to other new models)."

The real message, he said, is preparing for a world where models are "better, faster, cheaper, and more creative than some of the best human experts at dual use capabilities." Other providers could release openly available or unsecured models at Mythos-level performance.

Cybersecurity is becoming even more political

Anthropic introduced Claude Mythos in early April and restricted access to roughly 50 companies, officially for safety reasons. Some critics called the restrictions overblown or dismissed them as a PR move.

The truth is probably somewhere in between: Claude Mythos may not be an unprecedented outlier, but it is the first publicly announced model of its kind with significantly advanced cyber capabilities that go well beyond what was previously known.

That creates pressure to act across the software industry and in politics alike. The US government is closely examining Claude Mythos and already testing the model, while Anthropic is blocking access for China and apparently the EU as well. OpenAI at least reached out to the EU to discuss early access to GPT-5.5-Cyber. Either way, the situation shows how deeply the European Union depends on the goodwill of major US tech companies, largely because comparable European products don't exist.

AI News Without the Hype – Curated by Humans

Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive "AI Radar" frontier report six times a year, full archive access, and access to our comment section.

Read on for the full picture.
Subscribe for hype-free coverage.

  • Access to all THE DECODER articles.
  • Read without distractions – no Google ads.
  • Access to comments and community discussions.
  • Weekly AI newsletter.
  • 6 times a year: “AI Radar” – deep dives on key AI topics.
  • Up to 25 % off on KI Pro online events.
  • Access to our full ten-year archive.
  • Get the latest AI news from The Decoder.
Subscribe to The Decoder