UK AISI Tests Show Mythos Sets Itself Apart on Multi-Step Attack Chaining
TL;DR: The UK AI Security Institute has published an initial evaluation of Anthropic’s Mythos Preview, concluding the model broadly matches GPT-5.4 and Opus 4.6 on single cybersecurity tasks but clearly outperforms them when chaining a 32-step simulated attack across a corporate network. The finding reframes the Mythos debate as a question about sustained operations rather than raw capability.
What the Benchmarks Actually Showed
AISI has run frontier models through Capture the Flag challenges since early 2023, when GPT-3.5 Turbo struggled on even the lowest-difficulty Apprentice tasks. Mythos now completes more than 85 percent of the same tasks — technically a new high, though recent releases including GPT-5.4, Anthropic’s own Opus 4.6 and OpenAI’s Codex 5.3 sit within 5 to 10 percentage points. On that evidence alone, the institute notes, Mythos does not look different enough to warrant Anthropic’s unusual limited release.
The Result That Matters
The distinction emerged in “The Last Ones”, a test range simulating a 32-step data-extraction attack requiring operations across multiple hosts and network segments. AISI estimates this kind of intrusion would take a trained human operator around 20 hours. Models that can complete it autonomously represent a different order of operational risk to enterprise networks than those that only excel at isolated tasks.
Independent Verification Matters
The evaluation lands at the right moment. Last week’s Anthropic release was quickly followed by Bank of England Governor Andrew Bailey naming Mythos as a cybersecurity concern for financial regulators, Trump administration officials asking major banks to trial it, and OpenAI announcing GPT-5.4-Cyber with a pointedly less alarmed public message. Vendor claims about dangerous capability invite scepticism; independent public testing from AISI changes the conversation because it neither matches Anthropic’s marketing posture nor dismisses it.
Looking Forward
For UK boards and chief information security officers, AISI’s methodology is the most useful export. A capability bar based on end-to-end attack operations, not cherry-picked benchmarks, gives procurement and risk teams a clearer question to ask vendors: can your model complete TLO-style chained operations, and under what access controls? Expect this framing to surface in Financial Conduct Authority and National Cyber Security Centre guidance in the coming months, and in the cyber assurance conversations that UK regulated firms are about to have with every frontier-model provider.