Anthropic Claude Mythos: Serious Threat or Overhyped? AI Security Institute Weighs In

In brief The UK's AI Safety Institute found that Anthropic's Claude Mythos Preview can autonomously execute complex cyber attacks. It became the first AI model to complete a 32-step corporate network attack simulation from start to finish without human assistance. Mythos Preview discovered and exploited vulnerabilities autonomously when given network access in controlled evaluations. The UK's AI Security Institute evaluated Anthropic's Claude Mythos Preview to assess its purportedly substantial cybersecurity capabilities, finding the AI model can autonomously execute sophisticated cyber attacks with unprecedented success rates. The existence of Claude Mythos was first revealed in late March via a website leak, with Anthropic confirming that the powerful next-generation model is capable of finding and exploiting cybersecurity exploits at a level never seen before by any available AI model. It purportedly found serious exploits in current web browsers and operating systems. Rather than release the model publicly, Anthropic has offered limited access to dozens of security research firms to test the model and prepare for its advanced capabilities. Last week, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly warned bank executives about the looming security threat posed by Claude Mythos. The AI Security Institute’s test results, released Monday, show that there’s real substance behind the hype. The evaluation showed that Mythos Preview succeeded 73% of the time on expert-level capture-the-flag tasks—challenges that no AI model could complete before April 2025, it said.  The threat could prove substantial and wide-ranging, though the technology could be used to find and fix vulnerabilities, rather than just exploit them. For crypto infrastructure operators, such advancing AI capabilities represent a new category of potential security threat as AI systems gain the ability to independently probe and exploit network vulnerabilities. Mythos Preview became the first AI model to complete "The Last Ones" (TLO), the AI Security Institute said—a 32-step corporate network attack simulation that typically requires humans 20 hours to finish. The model succeeded in three out of 10 attempts, averaging 22 of 32 steps completed across all runs. The simulation spans initial reconnaissance through full network takeover, mimicking real-world corporate intrusions. Claude Opus 4.6, the next-best-performing model, averaged only 16 steps. The UK institute noted that Mythos Preview's performance continues to scale with increased computational resources, using up to 100 million tokens per evaluation run. When explicitly directed and given network access in controlled evaluations, the model demonstrated abilities to execute multi-stage attacks and discover vulnerabilities without human guidance. The advancement marks a dramatic escalation from just two years ago, when AI models struggled with basic cybersecurity exercises. The UK AI Safety Institute, which has tracked these capabilities since 2023, documented this rapid progression from beginner-level tasks to expert-level autonomous attacks. For the crypto ecosystem, where smart contract vulnerabilities and exchange hacks already cost billions annually, AI-powered attacks could amplify existing risks. DeFi or decentralized finance protocols, which often rely on complex interconnected systems, may face particular exposure to automated exploitation attempts that can analyze and attack multiple vectors simultaneously. Daily Debrief Newsletter Start every day with the top news stories right now, plus original features, a podcast, videos and more. Your Email Get it! Get it!