New AI Models Show Advanced Cybersecurity Capabilities in UK Safety Tests
Similar Articles
AI Models Accelerate Bug Discovery Across Major Software Systems
OpenAI Rolls Out Less Restricted GPT-5.5-Cyber to Vetted Security Defenders
AI Firms Brief Congress on Advanced Cybersecurity Models and Risks
U.S. Cyber Command to Deploy Top AI Models for Cyber Operations
CISA Lacks Access to Anthropic's Security AI Model as Other Agencies Use It for Testing
The UK's AI Security Institute (AISI) has released new evaluations showing that the latest frontier models from OpenAI and Anthropic have demonstrated unprecedented capabilities in cybersecurity tasks. GPT-5.5 and Anthropic's Mythos Preview achieved significant pass rates on expert-level challenges and succeeded in complex simulated attack scenarios for the first time. The results come as Anthropic has restricted the initial release of its Mythos Preview model to critical industry partners due to cybersecurity concerns.
Facts First
- GPT-5.5 and Mythos Preview succeeded in a complex 32-step attack simulation where no previous model had passed even once.
- On expert-level cybersecurity challenges, GPT-5.5 passed 71.4% while Mythos Preview achieved a 68.6% pass rate.
- Anthropic restricted Mythos Preview's initial release to 'critical industry partners' due to cybersecurity threat concerns.
- Both models failed a critical 'Cooling Tower' simulation designed to test disruption of industrial control software.
- The AISI has tested various models since 2023 using 95 different Capture the Flag challenges.
What Happened
The UK's AI Security Institute (AISI) evaluated the recently launched GPT-5.5 from OpenAI and Anthropic's Mythos Preview model last month. The tests used 95 different Capture the Flag challenges covering cybersecurity tasks like reverse engineering, web exploitation, and cryptography. On the highest-level 'Expert' tasks, GPT-5.5 passed an average of 71.4 percent, while Mythos Preview achieved a 68.6 percent pass rate. In a specific test, GPT-5.5 built a disassembler to decode a Rust binary in 10 minutes and 22 seconds without human assistance, costing $1.73 in API calls. The AISI also uses a test range called 'The Last Ones' (TLO) to simulate a 32-step data extraction attack on a corporate network. GPT-5.5 succeeded in 3 out of 10 attempts on this test, and Mythos Preview succeeded in 2 out of 10 attempts. No previous model had succeeded at the TLO test even once prior to these results. Both models failed the AISI's 'Cooling Tower' simulation, which tests an attempted disruption of control software for a power plant; every previously tested AI model has also failed this simulation.
Why this Matters to You
The advanced capabilities demonstrated by these models mean the cybersecurity landscape is likely to evolve rapidly. For you, this could translate to more sophisticated automated cyber threats that existing defenses may struggle to counter. Conversely, these same powerful tools may soon be deployed by security professionals to bolster your digital protections, potentially making critical services and personal data more secure. The restricted release of the Mythos Preview model suggests developers are taking a cautious approach, which may help mitigate immediate risks from these powerful new tools falling into the wrong hands.
What's Next
The AISI's ongoing testing will likely evaluate more models against its established benchmarks. Other AI developers may follow Anthropic's lead in implementing controlled release strategies for powerful new models. The industry and regulators are now tasked with developing frameworks and safeguards that can keep pace with these rapidly advancing capabilities, particularly for high-stakes applications like industrial control systems where the models have so far failed safety tests.