Anthropic's Claude Mythos Preview became the first AI model to complete a full simulated corporate network attack, solving 73% of expert-level cybersecurity tasks that no previous AI system could crack, according to the UK AI Security Institute (AISI).
AISI Cyber Evaluation
AISI, a research body within the UK government's Department for Science, Innovation and Technology, ran two sets of tests on the model after Anthropic announced it on Apr. 7.
The company chose not to release Claude Mythos broadly, instead granting limited access to security research firms.
In capture-the-flag evaluations, Claude Mythos hit a 73% success rate on expert-level tasks.
No model had solved any of these before Apr. 2025. AISI also built a 32-step corporate network attack simulation called "The Last Ones," designed to take human professionals roughly 20 hours. Claude Mythos completed the full simulation in 3 out of 10 attempts and averaged 22 of 32 steps, compared to 16 for Claude Opus 4.6, the next-best performer.
"Mythos Preview's success on one cyber range indicates that is at least capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained," AISI said.
Also Read: Crypto Funds Pull $1.1B In Best Week Since January As Risk Appetite Returns
Zero-Day Exploits
Anthropic's own red team found that Claude Mythos can detect and exploit zero-day vulnerabilities across all major operating systems and leading web browsers when a user explicitly instructs it. The company said over 99% of the vulnerabilities it discovered remain unpatched.
"We're limited in what we can report here. It would be irresponsible for us to disclose details about them," Anthropic said.
The model's capabilities have already reached policy circles.
According to Reuters, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held an urgent meeting with major bank CEOs to discuss potential cyber risks tied to the model.
Anthropic Security Response
Anthropic launched Project Glasswing alongside the model's announcement, describing it as an effort to use Claude Mythos to help secure critical software. The company framed the initiative as preparation for an era when security teams must stay ahead of AI-powered attackers. AISI recommended that organizations prioritize foundational cybersecurity measures, including regular patching, strict access controls, configuration hardening, and comprehensive logging.
The Apr. 7 announcement followed months of escalating concern over AI's role in cybersecurity. Previous frontier models had shown limited offensive capability, but none had cleared expert-level CTF benchmarks or completed multi-step attack simulations before Claude Mythos.