Anthropic Claude Mythos Becomes First AI to Master Full Battery of UK Cyberattack Simulations

In a milestone that has fundamentally recalibrated the global understanding of artificial intelligence risks, Anthropic’s new Claude Mythos Preview has become the first AI model to successfully complete the full battery of cyberattack simulations conducted by the United Kingdom’s AI Safety Institute.[1] The achievement marks a watershed moment for the industry, as the model demonstrated an unprecedented ability to autonomously navigate complex, multi-stage digital intrusions that were previously thought to be years beyond the reach of machine intelligence. According to data released by the institute, Mythos not only mastered individual technical tasks but also proved capable of chaining together dozens of discrete steps to compromise a simulated corporate network from start to finish. This leap in capability has arrived alongside a dramatic revision of safety forecasts, as the AI Security Institute has been forced to shorten its estimated doubling rate for AI cyber capabilities twice in recent months—initially from eight months down to 4.7 months, and now acknowledging that Mythos has shattered even that accelerated trajectory.[1]

The core of the evaluation centered on a highly sophisticated simulation known as The Last Ones, a 32-step corporate network attack chain that replicates a real-world breach from initial reconnaissance through to full data exfiltration.[2] While previous frontier models struggled to move past the midpoint of such an engagement, Claude Mythos Preview successfully completed the entire chain in multiple attempts.[3][4] The AI Security Institute estimated that a human expert would typically require approximately 20 hours of focused work to complete the same sequence of tasks.[5] Furthermore, Mythos achieved another first by cracking the Cooling Tower simulation, a high-difficulty exercise involving industrial control systems that had never been solved by an AI model before. While OpenAI’s GPT-5.5 also demonstrated significant progress—becoming the second model to solve the 32-step corporate network attack—it did not match the consistency or the breadth of success across all of the institute’s specialized ranges that Mythos achieved.

This rapid advancement has profound implications for the speed of vulnerability discovery and exploitation.[6] Logan Graham, Anthropic’s head of red teaming, provided a sobering context for the model’s proficiency, noting that Mythos can identify tens of thousands of vulnerabilities across every major operating system and web browser.[7] In internal testing, the model uncovered critical flaws in systems as diverse as the Linux kernel, the Firefox browser, and even the famously security-hardened OpenBSD.[7] Perhaps more startling was the ease with which these vulnerabilities were weaponized. Graham reported that engineers with no formal background in cybersecurity were able to use Mythos to generate working, remote-code execution exploits overnight.[8] The model's ability to chain multiple vulnerabilities together—such as bypassing memory protections and escaping sandboxes in a single automated flow—suggests that the traditional "time-to-exploit" window for zero-day vulnerabilities is collapsing from weeks or months to just hours.

The emergence of such capabilities has sparked a significant shift in how frontier AI labs approach deployment. Citing the unprecedented risks to national security and global infrastructure, Anthropic has opted against a general release of Claude Mythos Preview. Instead, the company launched Project Glasswing, an industry consortium designed to provide limited, vetted access to the model for defensive purposes.[9] Partners in this initiative include major financial institutions like JPMorgan Chase, as well as technology giants such as Microsoft, Cisco, and CrowdStrike. This gated approach stands in contrast to the broader release strategies seen with earlier models, reflecting a growing consensus that the offensive potential of AI has reached a level where traditional safeguards may be insufficient. The AI Security Institute’s findings suggest that while these models are not yet "digital nuclear weapons," they represent a step change that allows for the automation of high-level hacking at an industrial scale, potentially flipping the economic advantage from defenders to attackers.

The economic reality of this shift is already coming into focus. Estimates suggest that an autonomous network intrusion that would cost tens of thousands of dollars in human labor can now be executed for a fraction of that cost in API credits.[10] While a full, successful end-to-end breach using Mythos might currently cost between $22,000 and $45,000 when accounting for multiple failed attempts, these costs are expected to plummet as the technology matures and inference becomes more efficient. The AI Security Institute noted that performance on these cyber tasks continues to scale with increased compute, and there is no evidence of a plateau in sight. This puts immense pressure on Chief Information Security Officers and government agencies to move toward AI-driven defensive frameworks. Standard security practices, such as monthly patching cycles and human-led threat hunting, are increasingly seen as inadequate against an adversary that can discover and exploit a new vulnerability in minutes.

As the industry grapples with these findings, the focus is turning toward the "jagged frontier" of AI progress—where a model can perform expert-level tasks in one moment and fail at basic logic in another. However, the consistent success of Mythos in the UK’s simulations suggests that the "jaggedness" is smoothing out in the domain of software engineering and cybersecurity. The fact that the model could recover an entire instruction set from a raw, stripped binary and build its own disassembler from scratch indicates a level of genuine domain expertise and reasoning that surpasses simple pattern matching. This development has led to calls for new international standards in model testing and the creation of "active" cyber ranges where AI models can be tested against live, adaptive human and AI defenders to better understand their real-world impact.

The broader geopolitical consequences are equally significant. Washington has reportedly taken notice of the AISI results, with agencies like the NSA already utilizing these frontier models to probe weaknesses in government software.[7] The discovery of a 16-year-old bug in widely used video processing software—which had been scanned millions of times by traditional automated tools without success until Mythos found it—illustrates the scale of the "technical debt" that AI is now capable of collecting. This has accelerated discussions regarding mandatory safety reviews for any model that crosses certain capability thresholds, particularly in the realm of autonomous offensive cyber operations. The UK’s proactive stance through its AI Security Institute has set a global precedent for how governments might monitor the "doubling rate" of these capabilities to ensure that regulatory frameworks do not fall too far behind the technology.

Looking toward the near future, the consensus among researchers is that the current state of the art is merely a baseline. Despite the shockwaves caused by the recent simulation results, Logan Graham’s warning that Mythos will likely look "dumb" within a year highlights the terrifyingly steep curve of progress. If the doubling rate continues to hover around four to five months, the next generation of models could potentially automate the entire lifecycle of cyber warfare, from the discovery of unknown vulnerabilities to the large-scale coordination of global botnets. For the AI industry, the success of Claude Mythos is both a technical triumph and a clarion call for a new era of security-first development. The challenge now lies in ensuring that the defensive applications of such powerful models can stay ahead of those who would use them to compromise the digital foundations of modern society.