{
  "@context": "https://schema.org",
  "@type": "Article",
  "headline": "Mythos & GPT-5.5: Independent Evals Confirm Frontier AI Is Now Competent at Full Cyberattack Chains",
  "description": "Two independent security evaluations XBOW and the UK AI Security Institute confirm that frontier AI models can now execute full end-to-end cyberattack chains. Mythos scored 68.6% and GPT-5.5 scored 71.4% on expert cyber tasks. The window to prepare is now.",
  "author": {
    "@type": "Person",
    "name": "Signal.lab Editorial",
    "worksFor": {
      "@type": "Organization",
      "name": "Signal.lab"
    }
  },
  "publisher": {
    "@type": "Organization",
    "name": "Signal.lab",
    "url": "https://signal-lab.connxr.com"
  },
  "datePublished": "2026-05-16T18:51:59.919+00:00",
  "dateModified": "2026-05-16T19:01:02.706+00:00",
  "url": "https://signal-lab.connxr.com/insights/mythos-gpt-55-cyber-capability-curve",
  "mainEntityOfPage": "https://signal-lab.connxr.com/insights/mythos-gpt-55-cyber-capability-curve",
  "keywords": "ai-security, frontier-ai, vulnerability-discovery, mythos, gpt-5, cyberattack, security-operations, ciso, zero-trust, channel-intelligence, uk-aisi, xbow",
  "articleBody": "<h2>Opening thesis</h2><p>For the past year, the question of whether frontier AI models posed a genuine, near-term threat to enterprise security has been treated as a matter of vendor marketing. Anthropic said Mythos was dangerous. Security teams discounted it because Anthropic is incentivised to say that. This week, that discount expired. Two independent organisations with no stake in the answer evaluated Mythos and arrived at the same conclusion: frontier AI models are now genuinely competent at serious cyber work. The question is no longer whether. It is how fast, how cheap, and what you do about it before open-weights equivalents are generally available in approximately six months.</p><h2>Who this is for</h2><p>This briefing is written for <strong>security architects, CISOs, and security operations leaders</strong> in organisations whose software or infrastructure touches payments, browsers, operating systems, cloud services, healthcare, finance, industrial control systems, or developer tooling. It is also relevant for <strong>channel professionals and vendors</strong> selling into the security stack who need to understand how the threat landscape has shifted and what that means for buyer conversations happening right now.</p><h2>The core problem</h2><p>Vulnerability discovery has always been constrained by the cost and scarcity of expert human time. Finding a 27-year-old bug in OpenBSD requires years of accumulated expertise and significant focused effort. That constraint has historically limited the scale at which serious vulnerability research both offensive and defensive can be conducted. Frontier AI models are in the process of eliminating that constraint. The same capability that allows a defender to scan a codebase for previously unknown vulnerabilities allows an attacker to do the same, at a fraction of the cost and time. The cost asymmetry that has always favoured defenders is shifting.</p><h2>Key findings</h2><table><thead><tr><th>Metric</th><th>Mythos (Anthropic)</th><th>GPT-5.5 (OpenAI)</th></tr></thead><tbody><tr><td>Expert cyber task score UK AISI full attack chain benchmark</td><td><strong>68.6%</strong></td><td><strong>71.4%</strong></td></tr><tr><td>Full attack chain completion (10 attempts)</td><td>3 completions</td><td>2 completions</td></tr><tr><td>Chain progression on same token budget</td><td>Farther than any model tested</td><td>Strong exceeds prior trend</td></tr><tr><td>Notable independent finding</td><td>27-year-old OpenBSD CVE discovered</td><td>Reverse-engineering task: 10 min 22 sec / $1.73</td></tr><tr><td>Capability strength profile</td><td>Deep codebase analysis and chain depth</td><td>Speed and cost efficiency on defined tasks</td></tr><tr><td>Current availability</td><td>Restricted approximately 50 organisations</td><td>Generally available now</td></tr></tbody></table><h2>Evidence</h2><p>The two evaluating organisations were <strong>XBOW</strong>, a dedicated cybersecurity AI research organisation, and the <strong>UK AI Security Institute (AISI)</strong>. Their evaluations were independent of Anthropic and represent the first time outside researchers have publicly confirmed the capability jump at this level.</p><p>The AISI ran a full simulated corporate network attack every stage stacked in order of difficulty against multiple models simultaneously on the same token budget. The attack chain tested covered reconnaissance, credential theft, lateral movement, web application exploitation, privilege escalation, command and control persistence, infrastructure compromise, and full network takeover. Models tested alongside Mythos included GPT-5.5, GPT-5.5 Cyber, Opus variants, Codex models, and older baselines.</p><blockquote><p>Mythos winning here is not Mythos beating a weak baseline. It is outrunning an extremely strong model on a task where token spend is a metric that matters.</p><p>Nate B. Jones, AI News &amp; Strategy Daily</p></blockquote><p>XBOW found Mythos genuinely excels at source code audits, native code vulnerability discovery, and reverse engineering. They also identified important limitations: the model can be too literal in its interpretation of vulnerability context, may overstate the relevance of findings without proper triage, and requires validation infrastructure to be deployed responsibly.</p><p>The cost finding from the GPT-5.5 evaluation is equally significant: a reverse-engineering task that takes a human expert twelve hours was completed by GPT-5.5 in ten minutes and twenty-two seconds at a cost of $1.73. As the cost of finding subtle bugs falls, the number of actors capable of attempting serious exploitation increases exponentially.</p><h2>Lessons learned</h2><ul><li><strong>Independent confirmation changes the calculus.</strong> When only Anthropic said Mythos was capable, it could be discounted. XBOW and AISI have removed that discount. Security teams that were waiting for outside confirmation now have it.</li><li><strong>The dual-use problem is not hypothetical.</strong> Both labs frame these models as tools for defenders. That framing is accurate but incomplete. The same capability that finds a 27-year-old OpenBSD bug for a defender finds it for an attacker. Restricting Mythos access today does not prevent the capability from existing it only determines who has it first.</li><li><strong>Open-weights parity is approximately six months away.</strong> Restricting frontier model access is a temporary measure, not a structural defence. The window to build model-assisted security workflows while access is still restricted is now.</li><li><strong>The bottleneck has shifted finding bugs is getting cheap, validating them is not.</strong> The work that still requires expert humans is validating exploitability, prioritising fixes, coordinating disclosure, reviewing patches, and deciding which systems are critical. Security teams should be building workflows that use AI for discovery and humans for validation.</li><li><strong>GPT-5.5 is available today and is very capable.</strong> Security teams do not need to wait for Mythos access. GPT-5.5 and GPT-5.5 Cyber are generally available and demonstrated 71.4% on the same benchmark. Starting now builds the workflow maturity that will be needed when Mythos-level capability is widely accessible.</li></ul><h2>Buyer checklist: evaluating AI-assisted security tooling</h2><table><thead><tr><th>Evaluation criterion</th><th>What to look for</th><th>Red flags</th></tr></thead><tbody><tr><td>Benchmark independence</td><td>Evaluations conducted by organisations with no vendor relationship</td><td>Only vendor-produced benchmarks available</td></tr><tr><td>Attack chain completeness</td><td>Full end-to-end chain tested, not isolated capability</td><td>Benchmark tests only isolated steps, not chain completion</td></tr><tr><td>Validation requirements</td><td>Tool requires human validation before findings are escalated</td><td>Tool presents findings as confirmed vulnerabilities without triage</td></tr><tr><td>Cost and speed transparency</td><td>Cost per task and time-to-completion published</td><td>No cost or speed benchmarks available</td></tr><tr><td>Dual-use disclosure</td><td>Vendor has published responsible use and access control policy</td><td>No discussion of offensive capability or access restrictions</td></tr><tr><td>Integration with existing workflow</td><td>Findings can be tracked separately from existing static analysis tooling</td><td>Output format incompatible with existing vulnerability management pipeline</td></tr><tr><td>Open-weights roadmap awareness</td><td>Vendor has a stated position on open-weights parity timeline</td><td>No acknowledgement of open-weights equivalents arriving</td></tr></tbody></table><h2>FAQ</h2><details><summary>Does this mean AI will replace security researchers?</summary><p>No it means the nature of security research work is changing. AI is becoming highly capable at the discovery phase: finding bugs, identifying patterns in large codebases, and reverse-engineering binaries. The work that remains firmly in the human domain is contextual: understanding the business impact of a finding, assessing real-world exploitability, coordinating responsible disclosure, and making prioritisation decisions under uncertainty. Security teams that integrate AI into discovery workflows free up expert human time for the higher-judgment work that AI cannot yet reliably perform.</p></details><details><summary>What is the difference between Mythos and GPT-5.5 Cyber for security work?</summary><p>Both models performed at comparable levels on the AISI benchmark, with GPT-5.5 scoring slightly higher in aggregate (71.4% vs 68.6%). The character of their capability differs: Mythos demonstrated deeper chain progression and more sophisticated codebase analysis on complex tasks; GPT-5.5 demonstrated faster and cheaper task completion on well-defined reverse-engineering challenges. GPT-5.5 is generally available now. Mythos access is currently restricted to approximately 50 organisations. For teams starting today, GPT-5.5 and GPT-5.5 Cyber are the practical options.</p></details><details><summary>What is Project Glass Wing and Project Daybreak?</summary><p>These are the access and deployment programmes through which Anthropic and OpenAI are making their most capable security-relevant models available to defenders. Anthropic's Project Glass Wing restricts Mythos to approximately 50 trusted organisations and critical software partners, with a focus on finding and fixing vulnerabilities before less careful actors access equivalent capability. A proposed expansion to 120 organisations was blocked by the White House. OpenAI's Project Daybreak makes GPT-5.5 and GPT-5.5 Cyber available through trusted partners for defensive workflows including patch validation, threat modelling, and vulnerability triage. It is generally available and actively being rolled out.</p></details><details><summary>How should security teams prepare for open-weights parity in six months?</summary><p>The six-month estimate for open-weights models reaching Mythos-level capability is an approximation, not a guarantee but the directional trend is clear. Security teams should use the current restricted window to build and validate model-assisted vulnerability discovery workflows, establish baseline metrics for what AI surfaces versus existing static analysis tooling, and develop the human validation processes that will be needed when the capability is widely accessible. Teams that start from zero when open-weights equivalents arrive will be significantly disadvantaged relative to those who have six months of workflow maturity.</p></details><details><summary>Is it safe to use GPT-5.5 on production codebases?</summary><p>The appropriate risk posture depends on the sensitivity of the codebase and the data governance requirements of the organisation. XBOW's evaluation noted that Mythos and equivalent models require validation infrastructure to be deployed responsibly the model's findings should be treated as candidate vulnerabilities requiring human triage, not confirmed exploitable issues. Organisations in regulated sectors should review their data handling and third-party processing agreements before submitting production code to any external model API.</p></details><h2>Conclusion</h2><p>Anthropic was not exaggerating when it said Mythos would be risky to release without restriction. Independent researchers have now confirmed this. The capability is real. The cost curve is real. The dual-use risk is real.</p><p>Security teams have a rare and time-limited opportunity: the most capable models are still restricted. GPT-5.5 is available today at demonstrated capability. The right response is not to wait for Mythos access or for the open-weights moment to arrive. It is to begin building model-assisted security workflows now, measure what AI surfaces against what existing tools miss, and build the human validation capacity that will determine whether the capability is a defence advantage or a liability.</p><p>Mythos was not a myth. The window to prepare is now.</p><p>Signal.lab tracks AI capability developments and their implications for the IT and cyber security channel. Contributors with expertise in security architecture, threat intelligence, and AI-assisted security tooling are invited to publish structured insights on the network.</p>"
}