GPT-5.5 Matches Heavily Hyped Mythos Preview In New Cybersecurity Tests

The race to develop ever‑more capable foundation models has intensified scrutiny over their potential misuse in cyber‑attacks. Anthropic’s Mythos Preview sparked alarm when the company restricted its rollout, claiming the model could autonomously conduct sophisticated exploits. That narrative set a benchmark for AI‑driven threat modeling, prompting security researchers to treat Mythos as a possible "breakthrough" in offensive capabilities. Yet the rapid release of OpenAI’s GPT‑5.5, a publicly accessible model, offers a real‑world test of whether such risks are tied to a single architecture or reflect a broader trend in AI autonomy.

The UK AI Security Institute evaluated GPT‑5.5 across 95 Capture‑the‑Flag challenges, ranging from reverse engineering to cryptography. On the highest‑difficulty "Expert" tier, GPT‑5.5 achieved a 71.4% success rate, marginally outpacing Mythos Preview’s 68.6% and demonstrating comparable proficiency in complex code generation and reasoning. Notably, the model decoded a Rust binary in 10 minutes and 22 seconds, incurring just $1.73 in API usage—a cost efficiency that could lower barriers for malicious actors. In the multi‑step "Last Ones" data‑extraction scenario, GPT‑5.5 succeeded three times out of ten attempts, a first for any AI model, underscoring its emerging capability to orchestrate prolonged intrusion campaigns.

Despite these advances, GPT‑5.5, like its predecessors, failed the "Cooling Tower" simulation, which mimics a coordinated attack on industrial control systems. This persistent gap highlights that while generative AI is closing the gap on software‑level exploits, the nuanced understanding required for critical infrastructure sabotage remains elusive. For enterprises, the takeaway is twofold: defensive strategies must evolve to anticipate AI‑augmented threats, and policymakers should consider that the risk landscape is driven by incremental improvements across models rather than isolated breakthroughs. Ongoing research, transparent benchmarking, and robust governance will be essential to balance innovation with security in the age of autonomous AI agents.