The Information Machine

Frontier AI Offensive Cybersecurity Benchmarks: GPT-5.5 vs. Claude Mythos · history

Version 2

2026-05-01 13:23 UTC · 63 items

Narrative

Frontier AI has crossed a significant threshold in offensive cybersecurity capability, with two competing models — Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 — now demonstrating the ability to autonomously chain complex, expert-level cyberattacks end-to-end at superhuman speed and near-zero marginal cost.[1] The UK AI Security Institute (AISI) served as the common independent evaluator for both models, having first assessed Claude Mythos Preview and then publishing its GPT-5.5 evaluation on April 30, 2026, confirmed via AISI's own social media post.[2][3][4] Its headline finding: GPT-5.5 is comparable to Mythos on cybersecurity tasks, with the two models statistically tied on the benchmark — both dramatically ahead of previous-generation models like GPT-4o and Claude Opus 4.x.[5][1]

The most significant new development since the initial publication is the clarification and expansion of OpenAI's access control architecture. What was previously described simply as a 'critical cyber defenders only' tier has emerged as a formally named, multi-tiered program: OpenAI has launched 'Trusted Access for Cyber,' with dedicated program pages and a specific model variant — GPT-5.5-Cyber — targeted at critical infrastructure defenders and trusted government partners.[6][7][8] Sam Altman is personally involved in promoting the GPT-5.5-Cyber rollout, framing it as a tool for government cyber defense rather than a general-purpose product.[9] OpenAI has also published a broader 'accelerating the cyber defense ecosystem' initiative alongside the launch.[10] This creates a meaningful product distinction: GPT-5.5 (broadly available to the public) and GPT-5.5-Cyber (access-restricted for defenders), complicating the XBOW 'open to all' framing — though the core concern remains that the general GPT-5.5 still reaches the same dangerous capability tier without meaningful gating.[11][12]

The institutional and media response continues to widen. The Cloud Security Alliance has published a formal research note specifically on 'Claude Mythos and the AI Autonomous Offensive Threshold,' adding a major standards/certification body to the list of organizations treating this capability benchmark as a defining moment.[13] Secondary tech aggregators — including Awesome Agents, Let's Data Science, and Dataconomy — are all independently amplifying the story, largely adopting the XBOW framing of 'Mythos-Like Hacking to the Masses.'[11][14][7] A YouTube explainer on Claude Mythos Preview has also appeared, indicating the story has crossed into general-audience tech media.[15] The Tessl blog has noted that while GPT-5.5 is OpenAI's most capable model, it has specific weaknesses in grounding to provided context — a nuance absent from the benchmark discourse.[16] On the Anthropic side, no new announcements have emerged; the gated Mythos Preview posture remains consistent, and Anthropic's risk documentation and CrowdStrike partnership[17] continue as the baseline framing.

The overall discourse has shifted modestly from surprise at the benchmark result toward normalization and institutional response. The debate over exact rankings between Mythos and GPT-5.5 has quieted somewhat as AISI's 'statistical tie' framing has become the dominant citation; the more active dispute is now about access governance — specifically whether OpenAI's tiered Trusted Access for Cyber program meaningfully addresses the democratization risk, or whether the broadly available GPT-5.5 (without the -Cyber designation) still constitutes an ungated offensive capability at Mythos-class levels.[12][18] National cybersecurity agencies across the UK, Australia, Canada, and Singapore continue to issue advisories, and the Cloud Security Alliance's entry signals that formal standards bodies are beginning to weigh in on what the 'autonomous offensive threshold' means for enterprise risk management.[19][20][21][13]

Timeline

  • 2026-04-01: UK AISI publishes evaluation of Claude Mythos Preview's cyber capabilities, marking the first time AISI formally benchmarks a frontier model on offensive cybersecurity tasks [3]
  • 2026-04-01: Anthropic publishes Claude Mythos Preview alignment risk report; CrowdStrike named as founding security partner [28][17]
  • 2026-04-15: IBM announces new autonomous security measures to help enterprises confront agentic AI-driven attacks [39][40]
  • 2026-04-24: Early social media debate emerges over whether Mythos or GPT-5.5 leads on the AISI cyber benchmark, with some suggesting Mythos won [34]
  • 2026-04-30: UK AISI publishes formal evaluation of GPT-5.5 cyber capabilities, finding it comparable to Claude Mythos Preview; AISI posts on X linking to the full evaluation report [2][5][4]
  • 2026-04-30: OpenAI officially introduces GPT-5.5 and simultaneously launches 'Trusted Access for Cyber,' a formally named multi-tier access program with GPT-5.5-Cyber as a restricted variant for critical infrastructure defenders and government partners; Sam Altman personally promotes the rollout [8][6][7][9][10]
  • 2026-04-30: XBOW publishes 'GPT-5.5: Mythos-Like Hacking, Open To All,' highlighting public accessibility of GPT-5.5 vs. gated Mythos; framing rapidly adopted by secondary tech media [22][23][11][14]
  • 2026-04-30: Rohan Paul and others amplify the benchmark results on social media, framing it as a dangerous capability threshold crossed by frontier AI [1][24]
  • 2026-04-30: Hacker News and Reddit discussions begin; GPT-5.5 described as 'second model after Claude Mythos Preview' to reach this capability tier; Reddit discussion specifically on GPT-5.5-Cyber's restricted access model [41][42][43][12]
  • 2026-04-30: OpenAI announces expansion of Trusted Access for Cyber with additional tiers via social media [18]
  • 2026-04-30: Cloud Security Alliance publishes formal research note on 'Claude Mythos and the AI Autonomous Offensive Threshold' [13]
  • 2026-05-01: Social media continues reacting; commentators note two leading AI labs matched each other on the same cyber benchmark within weeks [32]

Perspectives

UK AI Security Institute (AISI)

Neutral independent evaluator: GPT-5.5 is comparable to Claude Mythos Preview on cybersecurity benchmarks, both representing a new capability tier far ahead of prior-generation models; confirmed findings via social media post linking to the full evaluation

Evolution: Consistent — AISI previously evaluated Mythos with the same framework, now applying it to GPT-5.5; findings are structurally parallel

[2][3][5][4]

OpenAI

Proactively defensive with product differentiation: has formalized a multi-tiered 'Trusted Access for Cyber' program and a distinct GPT-5.5-Cyber model variant for government and critical infrastructure defenders, with Sam Altman personally championing the rollout; positions itself as accelerating the defensive cyber ecosystem rather than simply releasing dangerous capability

Evolution: Previously described as having only a single 'critical cyber defenders only' tier; now revealed as a named, multi-tier program with expansion already announced — a more structured and proactive governance posture than initially apparent

[8][6][7][9][18][10]

XBOW (security firm)

Alarmed but framing as democratization: GPT-5.5 brings Mythos-class offensive hacking capability to the general public, removing the gating Anthropic uses for Mythos; framing widely adopted by secondary media

Evolution: Framing has propagated significantly — Awesome Agents and other aggregators are independently reproducing the 'Mythos-Like Hacking to the Masses' thesis without modification

[22][23][11]

Cloud Security Alliance

Formal institutional concern: has published a research note specifically on the 'AI Autonomous Offensive Threshold' framing introduced by Mythos, treating the benchmark result as a categorical risk-management milestone for enterprises

Evolution: New voice in this thread; represents the entry of formal standards and certification bodies into a discourse previously dominated by security firms, social media, and government agencies

[13]

Rohan Paul (@rohanpaul_ai)

Alarmed amplifier: frames the benchmark result as evidence that frontier AI has crossed a dangerous threshold enabling autonomous expert-level cyberattacks at scale

Evolution: Consistent across both posts — amplifying both the capability claim and the comparative tie between GPT-5.5 and Mythos

[1][24]

Simon Willison

Informational-neutral: relays AISI findings factually, flagging GPT-5.5's general availability as the key practical distinction from Mythos

Evolution: Consistent — characteristically neutral and source-focused

[5][25]

Anthropic

Cautious-defensive: Mythos remains gated; risk report published; Project Glasswing frames offensive capability as dual-use for defenders; CrowdStrike partnership signals enterprise security positioning

Evolution: Consistent with prior Mythos approach — controlled release, formal safety documentation, defensive framing; no new announcements in this cycle

[26][27][28][17]

National cybersecurity agencies (UK NCSC, ASD, CSE Canada, CSA Singapore)

Defensive warning posture: multiple agencies issuing advisories and guidance on frontier AI cyber threats, urging defenders to prepare

Evolution: Coordinated response continuing; no new agency voices added but existing advisories remain the policy baseline

[19][20][29][21]

Secondary tech media (Awesome Agents, Let's Data Science, Dataconomy, Tessl)

Amplifying and normalizing: largely adopting the XBOW 'Mythos-Like Hacking to the Masses' framing; Tessl introduces a dissenting nuance that GPT-5.5 has notable weaknesses in using provided context, undercutting some of the most alarming capability claims

Evolution: New voices in this cycle; the Tessl observation is the only substantive counter-signal to the dominant alarmed framing

[11][14][7][16]

Social media commentators (@scaling01, @traderclawAI, @abuchanlife, @deredleritt3r)

Mixed: some say models are tied, others claim GPT-5.5 edged ahead; overall tone is surprised that two major labs converged on the same capability level within weeks

Evolution: Debate has quieted somewhat as AISI's statistical tie framing has become the dominant citation; ranking dispute less active than in prior cycle

[30][31][32][33][34]

Tensions

  • GPT-5.5 vs. GPT-5.5-Cyber product distinction complicates the democratization debate: OpenAI's tiered 'Trusted Access for Cyber' program restricts only the -Cyber variant, while the general GPT-5.5 (which AISI found to be Mythos-class) remains broadly available — making the governance question more complex than a simple 'gated vs. open' binary [6][7][12][18][11][22]
  • Exact ranking remains disputed: AISI and most commentators describe GPT-5.5 and Mythos as statistically tied, but some observers claim GPT-5.5 had a slightly higher average score, and earlier discussion suggested Mythos was ahead — raising questions about benchmark methodology and cherry-picking; ranking dispute has quieted but not resolved [1][31][34][33][30]
  • Whether benchmark performance translates to real-world offensive uplift: critics question whether controlled benchmark tasks reflect actual end-to-end attack capability against hardened production systems; Tessl's finding that GPT-5.5 is 'worst at using knowledge you give it' may be a relevant capability limitation absent from the benchmark discourse [35][36][37][16]
  • Regulatory and governance gap: multiple national agencies and now the Cloud Security Alliance are issuing advisories, but no coordinated international framework exists for controlling access to models that cross this capability threshold — Anthropic's voluntary gating of Mythos contrasts with OpenAI's tiered but still-partially-open release, and the appropriate policy response remains unresolved [19][20][29][21][38][13][6]
  • Institutional framing of the 'Autonomous Offensive Threshold': the Cloud Security Alliance's formal research note uses the same threshold language as XBOW and the AI safety community, but it is unclear whether this framing will drive concrete enterprise risk standards or remain aspirational commentary [13][22]

Sources

  1. [1] Frontier AI can now autonomously chain complex, expert-level cyber attacks end-to-end, at superhuman speed and near-zero… — Rohan Paul Twitter (2026-04-30)
  2. [2] Our evaluation of OpenAI's GPT-5.5 cyber capabilities | AISI Work — reactive:frontier-ai-cyber-capabilities
  3. [3] Our evaluation of Claude Mythos Preview's cyber capabilities — reactive:frontier-ai-cyber-capabilities
  4. [4] Read our full evaluation: — reactive:frontier-ai-cyber-capabilities
  5. [5] Our evaluation of OpenAI's GPT-5.5 cyber capabilities — Simon Willison (2026-04-30)
  6. [6] Introducing Trusted Access for Cyber | OpenAI — reactive:frontier-ai-cyber-capabilities
  7. [7] OpenAI Expands Trusted Access Program With GPT-5.5-Cyber - Dataconomy — reactive:frontier-ai-cyber-capabilities
  8. [8] Introducing GPT-5.5 - OpenAI — reactive:frontier-ai-cyber-capabilities
  9. [9] OpenAI’s Sam Altman says GPT-5.5-Cyber to launch for cyber defenders with focus on trusted government access | Today News — reactive:frontier-ai-cyber-capabilities
  10. [10] Accelerating the cyber defense ecosystem that protects us all - OpenAI — reactive:openai-advanced-account-security
  11. [11] GPT-5.5 Brings Mythos-Like Hacking to the Masses | Awesome Agents — reactive:frontier-ai-cyber-capabilities
  12. [12] OpenAI's new security model (GPT-5.5-Cyber) is for 'critical ... - Reddit — reactive:frontier-ai-cyber-capabilities
  13. [13] Claude Mythos and the AI Autonomous Offensive Threshold — reactive:frontier-ai-cyber-capabilities
  14. [14] AISI Evaluates GPT-5.5 Cybersecurity Performance Against Advanced Tasks | Let's Data Science — reactive:frontier-ai-cyber-capabilities
  15. [15] Claude Mythos Preview in 6 Minutes — reactive:frontier-ai-cyber-capabilities
  16. [16] GPT-5.5 is OpenAI's best model. It's also the worst at using ... - Tessl — reactive:frontier-ai-cyber-capabilities
  17. [17] Anthropic Claude Mythos Preview - CrowdStrike — reactive:frontier-ai-cyber-capabilities
  18. [18] We're expanding Trusted Access for Cyber with additional tiers for ... — reactive:frontier-ai-cyber-capabilities
  19. [19] Why cyber defenders need to be ready for frontier AI | National Cyber Security Centre — reactive:frontier-ai-cyber-capabilities
  20. [20] Frontier AI models and their impact on cyber security | Cyber.gov.au — reactive:frontier-ai-cyber-capabilities
  21. [21] Advisory on Risks associated with Frontier AI Models | Cyber Security Agency of Singapore — reactive:frontier-ai-cyber-capabilities
  22. [22] XBOW - GPT-5.5: Mythos-Like Hacking, Open To All — reactive:frontier-ai-cyber-capabilities
  23. [23] “Mythos-like hacking, open to all”: Industry reacts to OpenAI's GPT 5.5 — reactive:frontier-ai-cyber-capabilities
  24. [24] David Sacks demystifying Anthropic's Mythos 👀 https://t.co/zQ0AbkuBGb https://t.co/jKM7Q4BfU4 — Rohan Paul Twitter (2026-04-30)
  25. [25] Our evaluation of OpenAI's GPT-5.5 cyber capabilities — reactive:frontier-ai-cyber-capabilities
  26. [26] Assessing Claude Mythos Preview's cybersecurity capabilities — reactive:frontier-ai-cyber-capabilities
  27. [27] Project Glasswing: Securing critical software for the AI era - Anthropic — reactive:frontier-ai-cyber-capabilities
  28. [28] [PDF] Alignment Risk Update: Claude Mythos Preview - Anthropic — reactive:frontier-ai-cyber-capabilities
  29. [29] Frontier artificial intelligence - Canadian Centre for Cyber Security — reactive:frontier-ai-cyber-capabilities
  30. [30] GPT-5.5 is on par with Claude Mythos — reactive:frontier-ai-cyber-capabilities
  31. [31] @scaling01 So on this benchmark, it would suggest GPT 5.5 Cyber and GPT 5.5 Pro might be outperforming Mythos, correct? — reactive:frontier-ai-cyber-capabilities (2026-04-30)
  32. [32] GPT-5.5 just matched Claude Mythos on the same cyber benchmark .... two models, two companies, weeks apart. — reactive:frontier-ai-cyber-capabilities (2026-05-01)
  33. [33] GPT-5.5 had a slightly higher average performance than Mythos on ... — reactive:frontier-ai-cyber-capabilities
  34. [34] 从这张Benchmark看,不是 GPT-5.5 赢了。 — reactive:frontier-ai-cyber-capabilities (2026-04-24)
  35. [35] Anthropic's Mythos Claims Questioned by Cybersecurity Insider — reactive:frontier-ai-cyber-capabilities
  36. [36] What is Mythos and why are experts worried about Anthropic's AI ... — reactive:frontier-ai-cyber-capabilities
  37. [37] This is just one eval, but it's an important one — reactive:frontier-ai-cyber-capabilities
  38. [38] OpenAI's new security model is for 'critical cyber defenders' only — reactive:frontier-ai-cyber-capabilities
  39. [39] IBM Announces New Cybersecurity Measures to Help Enterprises ... — reactive:frontier-ai-cyber-capabilities
  40. [40] IBM Introduces Autonomous Security to Counter Frontier AI-Driven Cyber Threats — reactive:frontier-ai-cyber-capabilities
  41. [41] GPT-5.5: Mythos-Like Hacking, Open to All | Hacker News — reactive:frontier-ai-cyber-capabilities
  42. [42] GPT-5.5 becomes the second model after Claude Mythos Preview to ... — reactive:frontier-ai-cyber-capabilities
  43. [43] GPT-5.5 becomes the second model after Claude Mythos Preview to ... — reactive:frontier-ai-cyber-capabilities