Anthropic's Claude Mythos Preview has just become the first AI model to fully complete a simulated attack on a corporate network, according to the latest assessment from the AI Security Institute (AISI) in the UK.
These results, published just days after the model's launch on April 7, 2024, demonstrate that AI's capabilities in cybersecurity have reached a level that security teams worldwide need to pay immediate attention to.
What is Claude Mythos?
Anthropic introduced the Claude Mythos Preview model on April 7, 2024, but has not yet released it to the general public. Instead, the development team has only provided limited access to cybersecurity research firms to assess and prepare for the advanced capabilities of this AI.
“This model has proven superior in many areas, particularly in computer security tasks. To address this, we launched Project Glasswing, using Mythos Preview to support the security of the world’s most critical software, while preparing the technology industry with the necessary strategies to anticipate future cyberattacks,” Anthropic announced.
Follow us on X to get the latest news as soon as it's available.
These advancements have begun to attract attention not only in the tech industry but also among policymakers. According to Reuters, citing related sources, US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell held an emergency meeting with CEOs of major banks, warning about the potential cyberattack risks associated with this AI model.
How does the Claude Mythos Preview look?
The AI Security Institute (AISI), part of the UK's Department for Science, Innovation and Technology, conducted cybersecurity assessments of Anthropic's Claude Mythos Preview to XEM the model's security capabilities .
First are the "capture-the-flag" (CTF) tests, where systems need to detect and exploit vulnerabilities to find hidden "flags." Mythos achieved a 73% success rate in expert-level tests — something no other model had achieved before April 2025.
Claude Mythos's cyberattack capabilities. Source: AISIIn addition, AISI has developed a 32-step enterprise cyberattack simulation called "The Last Ones" (TLO). A security expert would need approximately 20 hours to complete it.
Mythos Preview completed the entire simulation in 3 out of 10 trials. On Medium, this AI performed 22 out of 32 attack steps. Meanwhile, Claude Opus 4.6 — the second-place model — only achieved an Medium of 16 steps.
“The success of Mythos Preview in a network testing environment shows that this AI is fully capable of automatically attacking small, poorly protected, and vulnerable enterprise systems once it gains network access. However, these testing environments still have many differences from reality, making the attack easier,” the research team added.
Through internal testing, Anthropic's incident response team also discovered that Claude Mythos Preview can proactively identify and exploit zero-day vulnerabilities on all major operating systems and popular web browsers when users make a clear request.
"We are limited in our ability to disclose information here. Over 99% of the vulnerabilities we've discovered are unpatched, so revealing details would be very risky," the development team explained.
AISI emphasizes that organizations should prioritize implementing basic cybersecurity measures such as regular patch updates, tight access controls, enhanced security configurations, and comprehensive log storage.
Subscribe to our YouTube channel to follow in-depth reviews from experts and reporters.
