TL;DR:

• Jade Leung, chief technology officer of the UK’s AI Security Institute and the Prime Minister’s AI adviser, says AISI’s red team has “found vulnerabilities in every single system we have tested” — including Anthropic’s Claude Mythos model.
• The institute, set up under Rishi Sunak in 2023 and now staffed by around 250 people, is the only public or private body trusted by Anthropic to run independent evaluations of Mythos before wider release.
• Leung warns agentic AI autonomy is doubling “every couple of months”, meaning systems capable of two-month unsupervised task execution could emerge within the current Parliament — faster than governance infrastructure is being built.

Leung’s disclosure sits alongside this week’s MI5 warnings to UK energy, water and communications firms about Mythos, and together they draw a sharper picture of what AISI actually does. It is not a regulator and it is not a policy shop — it is a technical evaluator with roughly 100 engineers who stress-test production-track frontier models before release, and whose findings inform both the security services and commercial vendors that allow access.

Red-team findings are driving supply-side change

The “every system tested” framing is important context for recent Anthropic, OpenAI and Google model release patterns. Anthropic’s decision earlier this month to slow Mythos general availability followed AISI testing that reportedly found the model capable of identifying and exploiting vulnerabilities across “every major operating system and every major web browser” on user direction. That is the evaluation now feeding NCSC guidance, insurer policy language, and the FCA’s AI Live Testing cohort design. Where UK business planning is concerned, AISI’s findings have become the upstream signal — far more so than any single vendor’s published safety case.

The forward problem: capability is outrunning oversight

Leung’s agentic-autonomy projection — two-month unsupervised operation within Parliament — is the piece UK businesses have least prepared for. Current AI governance frameworks, including ICO guidance, FCA model-risk expectations and Ofcom’s illegal-content rules, assume a human-in-the-loop cadence measured in minutes to hours. Systems that can run week-long workflows independently change the control surface entirely. Leung’s own framing — “governments are not famous for moving fast” — is an unusually candid admission from a government adviser, and it suggests AISI’s output is racing to stay ahead of its own policy constraints. The Economist’s characterisation of AISI as “one of the world’s fanciest smoke alarms” draws a cheap line, but the question it raises is legitimate: an evaluator without enforcement power depends entirely on the consenting vendors and the responsive governments around it.

Looking forward

For UK organisations, the immediate takeaway is less about AISI itself and more about the cadence of red-team disclosures. Expect further public findings from Mythos-generation testing through Q3 2026, each likely to move insurer coverage language, CISO procurement shortlists, and sector-regulator positions. The ungoverned space — where model autonomy outpaces approval workflows — is where UK deployers will feel the squeeze first.