The UK government’s AI Security Institute has released an evaluation of Anthropic's Mythos Preview AI model, confirming its strong performance in multistep cyber infiltration challenges. Mythos became the first model to fully complete a demanding 32-step network attack simulation known as 'The Last Ones.' The institute cautions that real-world defenses may limit such automated threats.
Anthropic last week limited the initial release of its Mythos Preview model to a select group of critical industry partners, citing its advanced computer security capabilities. The UK’s AI Security Institute (AISI) conducted independent tests using Capture the Flag challenges designed to assess AI cyberattack potential. These evaluations, ongoing since early 2023, show Mythos completing over 85 percent of apprentice-level tasks, similar to recent models like GPT-5.4, Opus 4.6, and Codex 5.3. AISI said the model matches competitors on individual tasks but stands out in chaining them for complex operations. Anthropic’s model succeeded in fully solving 'The Last Ones' (TLO), a 32-step data extraction attack simulating 20 hours of human effort across multiple hosts. It completed the challenge from start to finish in 3 out of 10 attempts and averaged 22 steps, far exceeding Claude 4.6's 16-step average. AISI noted this suggests Mythos can autonomously target small, weakly defended enterprise systems where initial network access is gained. Mythos struggled with the 'Cooling Tower' test, a seven-step power plant control disruption scenario. The institute highlighted that tests used a 100 million token budget and lack real-world active defenders or detection mechanisms. AISI warned that well-defended systems may resist such attacks, urging AI use in strengthening protections as models advance.
