OpenAI's GPT-5.5 Matches Claude Mythos in Cyberattack Capabilities: AI Security Institute

A U.K. authorities bureau has recovered that OpenAI's newest artificial quality exemplary tin autonomously transportation retired analyzable cyberattacks—and that it cracked a reverse-engineering situation successful conscionable implicit 10 minutes that took a quality information adept astir 12 hours.

The AI Security Institute (AISI), a probe assemblage wrong Britain's Department of Science, Innovation and Technology, published findings Thursday showing that GPT-5.5 is among the strongest models it has evaluated for violative cyber capabilities, putting it astir connected par with Anthropic’s vaunted Claude Mythos.

The study recovered GPT-5.5 is the 2nd exemplary to implicit AISI's astir demanding test—a 32-step simulated firm web onslaught called "The Last Ones"—doing truthful autonomously successful 2 retired of 10 attempts. The archetypal exemplary to execute the milestone was Anthropic's Claude Mythos Preview, which completed the simulation successful 3 of 10 tries.

The firm web simulation, built with the cybersecurity steadfast SpecterOps, requires an cause to concatenation unneurotic reconnaissance, credential theft, lateral question crossed aggregate Active Directory forests, a supply-chain pivot done a CI/CD pipeline, and yet the exfiltration of a protected interior database—steps that AISI estimates would instrumentality a quality adept astir 20 hours.

Perhaps the astir striking effect progressive a fiendishly hard reverse-engineering puzzle. GPT-5.5 solved the challenge—which required reconstructing a customized virtual machine's acquisition set, penning a disassembler from scratch, and recovering a cryptographic password done constraint solving—in 10 minutes and 22 seconds, astatine a outgo of $1.73 successful API usage. A quality expert, utilizing nonrecreational tools, required astir 12 hours.

On AISI's artillery of precocious cybersecurity tasks, GPT-5.5 achieved an mean walk complaint of 71.4% connected the astir hard "Expert" tier, edging retired Mythos Preview astatine 68.6% percent and importantly surpassing GPT-5.4 astatine 52.4%.

The findings transportation pointed implications for the broader trajectory of AI development. AISI concluded that GPT-5.5's show suggests accelerated betterment successful cyber capabilities whitethorn beryllium portion of a wide inclination alternatively than an isolated breakthrough—and warned that if violative cyber accomplishment is emerging arsenic a byproduct of wider improvements successful reasoning, coding, and autonomous task completion, past further advances could get successful speedy succession.

The study besides flagged important concerns astir the model's information guardrails. Researchers identified a cosmopolitan jailbreak that elicited harmful contented crossed each malicious cyber queries tested, including successful multi-turn agentic settings. The onslaught took six hours of adept red-teaming to develop. OpenAI subsequently updated its safeguard stack, though a configuration contented prevented AISI from verifying whether the last mentation was effective.

AISI cautioned that its capableness evaluations were conducted successful a controlled probe situation and bash not needfully bespeak what is accessible to an mean user, noting that nationalist deployments see further safeguards and entree controls.

The study lands against a worrying backdrop for British cybersecurity. The U.K. government's yearly Cyber Security Breaches Survey, besides published Thursday, recovered that 43% of businesses suffered a cyber breach oregon onslaught successful the past 12 months.

In response, the authorities announced £90 cardinal successful caller funding to boost cyber resilience, and said it is moving guardant with the Cyber Security and Resilience Bill to support indispensable services. Officials besides published guidance urging organizations to hole for a imaginable surge successful recently discovered bundle vulnerabilities arsenic AI accelerates the gait astatine which information flaws tin beryllium recovered and weaponized.