Skip to content
Tech News
← Back to articles

UK gov's Mythos AI tests help separate cybersecurity threat from hype

2026-04-14 | original
read original get Cybersecurity Threat Detection Kit → more articles
Why This Matters

The UK government's evaluation of Anthropic's Mythos AI highlights its potential in executing complex, multi-step cyber-attacks, emphasizing the importance of understanding AI capabilities in cybersecurity. While Mythos performs comparably to recent models in individual tasks, its ability to chain attacks could pose significant risks, prompting cautious deployment and further scrutiny by industry stakeholders.

Key Takeaways

Last week, Anthropic announced it was restricting the initial release of its Mythos Preview model to “a limited group of critical industry partners,” giving them time to prepare for a model that it said is “strikingly capable at computer security tasks.” Now, the UK government’s AI Security Institute (AISI) has published an initial evaluation of the model’s cyber-attack capabilities that adds some independent public verification to those Anthropic reports.

AISI’s findings show that Mythos isn’t significantly different from other recent frontier models when it comes to tests of individual cyber-security related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks together into the multi-step series of attacks necessary to fully infiltrate some systems.

“The Last Ones” finally falls

AISI has been putting various AI models through specially designed Capture the Flag challenges since early 2023, when GPT-3.5 Turbo struggled to complete any of the group’s relatively low-level “Apprentice” tasks. Since then, performance of subsequent models has risen steadily, to the point where Mythos Preview can complete north of 85 percent of those same Apprentice-level CTF tasks.

While that’s technically a high-water mark for AISI’s CTF tests, recent competing models like GPT-5.4 and Anthropic’s own Opus 4.6 and Codex 5.3 showed comparable results (within 5 to 10 percent accuracy) across multiple CTF difficultly levels in recent months. That doesn’t seem like a level of improvement that would necessitate the kind of protectionist limited release Anthropic has undertaken for Mythos Preview.

Where Mythos showed more relative cyber-attack potential, though, is in “The Last Ones” (TLO), a test range that AISI set up to simulate a 32-step data extraction attack on a corporate network. The test, which requires “chaining dozens of steps together across multiple hosts and network segments” was intended to simulate the kind of sustained operations that would take a trained human roughly 20 hours to complete, AISI estimates.

Explore topics: mythos anthropic ai security institute gpt-5.4 codex
Related:
Claude Token Counter, now with model comparisons
Show HN: A lightweight way to make agents talk without paying for API usage
Banned by Anthropic
OpenAI’s existential questions
The NSA is reportedly using Anthropic's new model Mythos

© 2026 GoKawiil

About | Editorial Policy | Contact