The Information Machine

Frontier AI Offensive Cybersecurity Benchmarks: GPT-5.5 vs. Claude Mythos · history

Version 1

2026-05-01 04:15 UTC · 47 items

Narrative

Frontier AI has crossed a significant threshold in offensive cybersecurity capability, with two competing models — Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 — now demonstrating the ability to autonomously chain complex, expert-level cyberattacks end-to-end at superhuman speed and near-zero marginal cost.[1] The UK AI Security Institute (AISI) served as the common independent evaluator for both models, having first assessed Claude Mythos Preview and then publishing its GPT-5.5 evaluation on April 30, 2026.[2][3] Its headline finding: GPT-5.5 is comparable to Mythos on cybersecurity tasks, with the two models statistically tied on the benchmark — both dramatically ahead of previous-generation models like GPT-4o and Claude Opus 4.x.[4][1]

The reaction has been swift across both technical and policy circles. Security firm XBOW framed the development pointedly as 'Mythos-Like Hacking, Open To All,' emphasizing the critical distinction that while Anthropic's Mythos remains gated and available only to vetted researchers, GPT-5.5 is generally publicly accessible.[5][4] This democratization angle has dominated much of the commentary: GPT-5.5 becomes only the second model after Claude Mythos Preview to reach this capability tier,[6][7] but it does so without access restrictions. OpenAI has partially responded by creating a special access tier for 'critical cyber defenders only' for its most sensitive security-oriented model configuration.[8] Multiple national cybersecurity agencies — including the UK NCSC, Australia's ASD, Canada's CSE, and Singapore's CSA — have issued advisories or guidance responding to the frontier AI cyber threat landscape.[9][10][11][12]

There is active disagreement about the exact comparative ranking of the two models. Some observers claim GPT-5.5 had a slightly higher average performance than Mythos,[13] while others in the same thread asked whether GPT-5.5 Pro is outperforming Mythos outright.[14] The authoritative synthesis from Rohan Paul and the AISI findings themselves frame the result as a statistical tie within margin of error.[1][4] A Chinese-language post from April 24 suggested the benchmark actually favored Mythos,[15] indicating this framing battle predates the official AISI GPT-5.5 publication. On the Anthropic side, David Sacks publicly weighed in on Mythos,[16] and Anthropic has associated its Mythos capabilities with Project Glasswing for securing critical software[17] and published a formal alignment risk update.[18] CrowdStrike is noted as a founding member of the Anthropic Mythos frontier model security program.[19] The discourse has rapidly expanded beyond the benchmark itself into questions of governance, access control, and whether the defensive community can keep pace — with IBM announcing new autonomous security measures specifically framed as a response to frontier AI-driven cyber threats.[20][21]

Timeline

  • 2026-04-01: UK AISI publishes evaluation of Claude Mythos Preview's cyber capabilities, marking the first time AISI formally benchmarks a frontier model on offensive cybersecurity tasks [3]
  • 2026-04-01: Anthropic publishes Claude Mythos Preview alignment risk report; CrowdStrike named as founding security partner [18][19]
  • 2026-04-15: IBM announces new autonomous security measures to help enterprises confront agentic AI-driven attacks [21][20]
  • 2026-04-24: Early social media debate emerges over whether Mythos or GPT-5.5 leads on the AISI cyber benchmark, with some suggesting Mythos won [15]
  • 2026-04-30: UK AISI publishes formal evaluation of GPT-5.5 cyber capabilities, finding it comparable to Claude Mythos Preview [2][4]
  • 2026-04-30: XBOW publishes 'GPT-5.5: Mythos-Like Hacking, Open To All,' highlighting public accessibility of GPT-5.5 vs. gated Mythos [5][22]
  • 2026-04-30: Rohan Paul and others amplify the benchmark results on social media, framing it as a dangerous capability threshold crossed by frontier AI [1][16]
  • 2026-04-30: Hacker News and Reddit discussions begin; GPT-5.5 described as 'second model after Claude Mythos Preview' to reach this capability tier [31][6][7]
  • 2026-04-30: The Verge reports OpenAI created a restricted 'critical cyber defenders only' access tier for its security-oriented model configuration [8]
  • 2026-05-01: Social media continues reacting; commentators note two leading AI labs matched each other on the same cyber benchmark within weeks [27]

Perspectives

UK AI Security Institute (AISI)

Neutral independent evaluator: GPT-5.5 is comparable to Claude Mythos Preview on cybersecurity benchmarks, both representing a new capability tier far ahead of prior-generation models

Evolution: Consistent — AISI previously evaluated Mythos with the same framework, now applying it to GPT-5.5; findings are structurally parallel

[2][3][4]

XBOW (security firm)

Alarmed but framing as democratization: GPT-5.5 brings Mythos-class offensive hacking capability to the general public, removing the gating Anthropic uses for Mythos

Evolution: New voice in this thread; framing is distinctive for emphasizing access parity over raw capability parity

[5][22]

Rohan Paul (@rohanpaul_ai)

Alarmed amplifier: frames the benchmark result as evidence that frontier AI has crossed a dangerous threshold enabling autonomous expert-level cyberattacks at scale

Evolution: Consistent across both posts — amplifying both the capability claim and the comparative tie between GPT-5.5 and Mythos

[1][16]

Simon Willison

Informational-neutral: relays AISI findings factually, flagging GPT-5.5's general availability as the key practical distinction from Mythos

Evolution: First entry into this thread; characteristically neutral and source-focused

[4][23]

OpenAI

Regulatory-aware: has created a restricted access tier ('critical cyber defenders only') for its most sensitive security model, signaling awareness of misuse risk even as GPT-5.5 remains broadly available

Evolution: Responsive posture — the restricted tier suggests OpenAI is navigating the tension between public access and responsible deployment

[8][24]

Anthropic

Cautious-defensive: Mythos remains gated; risk report published; Project Glasswing frames offensive capability as dual-use for defenders; CrowdStrike partnership signals enterprise security positioning

Evolution: Consistent with prior Mythos approach — controlled release, formal safety documentation, defensive framing

[25][17][18][19]

National cybersecurity agencies (UK NCSC, ASD, CSE Canada, CSA Singapore)

Defensive warning posture: multiple agencies issuing advisories and guidance on frontier AI cyber threats, urging defenders to prepare

Evolution: Coordinated response emerging across allied governments; signals this benchmark moment is being tracked at the policy level

[9][10][11][12]

Social media commentators (@scaling01, @traderclawAI, @abuchanlife, @deredleritt3r)

Mixed: some say models are tied, others claim GPT-5.5 edged ahead; overall tone is surprised that two major labs converged on the same capability level within weeks

Evolution: Debate active and ongoing; no consensus on exact ranking

[26][14][27][13][15]

Tensions

  • Exact ranking remains disputed: AISI and most commentators describe GPT-5.5 and Mythos as statistically tied, but some observers claim GPT-5.5 had a slightly higher average score, and earlier discussion suggested Mythos was ahead — raising questions about benchmark methodology and cherry-picking [1][14][15][13][26]
  • Access democratization vs. capability parity: Mythos is gated to vetted researchers while GPT-5.5 is publicly available, meaning equal benchmark scores have very different real-world threat implications — the 'open to all' framing is contested by OpenAI's partial restriction via its 'cyber defenders only' tier [4][5][8][22]
  • Whether benchmark performance translates to real-world offensive uplift: critics question whether controlled benchmark tasks reflect actual end-to-end attack capability against hardened production systems, or whether the framing overstates risk [28][29][30]
  • Regulatory and governance gap: multiple national agencies are issuing advisories but no coordinated international framework exists for controlling access to models that cross this capability threshold — Anthropic's voluntary gating of Mythos contrasts with OpenAI's broader release, and the appropriate policy response is unresolved [9][10][11][12][8][17]

Sources

  1. [1] Frontier AI can now autonomously chain complex, expert-level cyber attacks end-to-end, at superhuman speed and near-zero… — Rohan Paul Twitter (2026-04-30)
  2. [2] Our evaluation of OpenAI's GPT-5.5 cyber capabilities | AISI Work — reactive:frontier-ai-cyber-capabilities
  3. [3] Our evaluation of Claude Mythos Preview's cyber capabilities — reactive:frontier-ai-cyber-capabilities
  4. [4] Our evaluation of OpenAI's GPT-5.5 cyber capabilities — Simon Willison (2026-04-30)
  5. [5] XBOW - GPT-5.5: Mythos-Like Hacking, Open To All — reactive:frontier-ai-cyber-capabilities
  6. [6] GPT-5.5 becomes the second model after Claude Mythos Preview to ... — reactive:frontier-ai-cyber-capabilities
  7. [7] GPT-5.5 becomes the second model after Claude Mythos Preview to ... — reactive:frontier-ai-cyber-capabilities
  8. [8] OpenAI's new security model is for 'critical cyber defenders' only — reactive:frontier-ai-cyber-capabilities
  9. [9] Why cyber defenders need to be ready for frontier AI | National Cyber Security Centre — reactive:frontier-ai-cyber-capabilities
  10. [10] Frontier AI models and their impact on cyber security | Cyber.gov.au — reactive:frontier-ai-cyber-capabilities
  11. [11] Frontier artificial intelligence - Canadian Centre for Cyber Security — reactive:frontier-ai-cyber-capabilities
  12. [12] Advisory on Risks associated with Frontier AI Models | Cyber Security Agency of Singapore — reactive:frontier-ai-cyber-capabilities
  13. [13] GPT-5.5 had a slightly higher average performance than Mythos on ... — reactive:frontier-ai-cyber-capabilities
  14. [14] @scaling01 So on this benchmark, it would suggest GPT 5.5 Cyber and GPT 5.5 Pro might be outperforming Mythos, correct? — reactive:frontier-ai-cyber-capabilities (2026-04-30)
  15. [15] 从这张Benchmark看,不是 GPT-5.5 赢了。 — reactive:frontier-ai-cyber-capabilities (2026-04-24)
  16. [16] David Sacks demystifying Anthropic's Mythos 👀 https://t.co/zQ0AbkuBGb https://t.co/jKM7Q4BfU4 — Rohan Paul Twitter (2026-04-30)
  17. [17] Project Glasswing: Securing critical software for the AI era - Anthropic — reactive:frontier-ai-cyber-capabilities
  18. [18] [PDF] Alignment Risk Update: Claude Mythos Preview - Anthropic — reactive:frontier-ai-cyber-capabilities
  19. [19] Anthropic Claude Mythos Preview - CrowdStrike — reactive:frontier-ai-cyber-capabilities
  20. [20] IBM Introduces Autonomous Security to Counter Frontier AI-Driven Cyber Threats — reactive:frontier-ai-cyber-capabilities
  21. [21] IBM Announces New Cybersecurity Measures to Help Enterprises ... — reactive:frontier-ai-cyber-capabilities
  22. [22] “Mythos-like hacking, open to all”: Industry reacts to OpenAI's GPT 5.5 — reactive:frontier-ai-cyber-capabilities
  23. [23] Our evaluation of OpenAI's GPT-5.5 cyber capabilities — reactive:frontier-ai-cyber-capabilities
  24. [24] GPT-5.5 System Card - Deployment Safety Hub - OpenAI — reactive:frontier-ai-cyber-capabilities
  25. [25] Assessing Claude Mythos Preview's cybersecurity capabilities — reactive:frontier-ai-cyber-capabilities
  26. [26] GPT-5.5 is on par with Claude Mythos — reactive:frontier-ai-cyber-capabilities
  27. [27] GPT-5.5 just matched Claude Mythos on the same cyber benchmark .... two models, two companies, weeks apart. — reactive:frontier-ai-cyber-capabilities (2026-05-01)
  28. [28] Anthropic's Mythos Claims Questioned by Cybersecurity Insider — reactive:frontier-ai-cyber-capabilities
  29. [29] What is Mythos and why are experts worried about Anthropic's AI ... — reactive:frontier-ai-cyber-capabilities
  30. [30] This is just one eval, but it's an important one — reactive:frontier-ai-cyber-capabilities
  31. [31] GPT-5.5: Mythos-Like Hacking, Open to All | Hacker News — reactive:frontier-ai-cyber-capabilities