AISI: GPT-5.5 matches Anthropic Mythos on offensive cyber tasks
TL;DR: The UK AI Safety Institute has published its evaluation of an early checkpoint of OpenAI’s GPT-5.5 and concluded it reaches a similar offensive-cyber level to Anthropic’s Claude Mythos Preview. GPT-5.5 hit a 71.4% pass rate on AISI’s Expert-tier cyber tasks (Mythos Preview: 68.6%; GPT-5.4: 52.4%; Opus 4.7: 48.6%) and completed AISI’s 32-step “The Last Ones” corporate-network attack range end-to-end in 2 of 10 attempts — making it the second model ever to do so. Mythos was the first, at 3 of 10. AISI estimates a human expert would need around 20 hours to complete the full chain.
A trend, not a single breakthrough
In April, AISI’s Mythos result raised the question of whether one developer had pulled ahead on offensive cyber, or whether a frontier-wide capability shift was underway. GPT-5.5 settles that. Two models, from different developers, now reach broadly the same level on AISI’s narrow cyber tasks and on its end-to-end attack range. AISI frames the implication directly: if cyber-offensive skill is emerging as a by-product of general improvements in long-horizon autonomy, reasoning and coding, “we should expect further increases in cyber capability from models in the near future, potentially in quick succession.”
AISI also red-teamed the safeguard layer. A six-hour effort by expert red-teamers found a universal jailbreak that elicited violative cyber content across all queries OpenAI provided, including in multi-turn agentic settings. OpenAI updated the safeguard stack in response, but a configuration issue in the version supplied to AISI meant the institute could not verify the final fix.
Looking forward
Today’s evaluation lands as government publishes its annual Cyber Security Breaches Survey showing 43% of UK businesses suffered a cyber breach in the past year. The Cyber Security and Resilience Bill is in flight, and £90m of new cyber-resilience funding has been announced. AISI’s argument is that defenders, not just attackers, gain access to these capabilities through programmes like Trusted Access — and that a second-mover model trend gives UK security teams a window to deploy frontier coding and reasoning to harden their own estates. Expect AISI’s next eval drop, on a future model or further-extended range, to test whether “Cooling Tower” — the 7-step industrial-control-system range no model has yet solved — falls next.