GPT-5.5 Can Now Hack Like Claude Mythos and That Should Worry Everyone

GPT-5.5 Can Now Hack Like Claude Mythos and That Should Worry Everyone

OpenAI’s GPT-5.5 has proven it can carry out sophisticated, multi-stage cyberattacks at a level previously seen only in Anthropic’s Claude Mythos Preview and the UK’s AI Security Institute (AISI) has the test results to back it up.

AISI put GPT-5.5 through a rigorous battery of 95 capture-the-flag cybersecurity tasks spanning four difficulty levels. GPT-5.5 cyber attack capability stood out sharply from its predecessors hitting a 71.4% success rate on expert-level tasks, compared to Claude Mythos Preview’s 68.6%. The gap sits within the statistical margin of error, but GPT-5.5 may now be the most capable model tested to date for offensive cyber tasks. For reference, GPT-5.4 scored 52.4% and Claude Opus 4.7 came in at 48.6%.

The more alarming finding came from AISI’s network simulation tests. A complex 32-step enterprise attack simulation called “The Last Ones” (TLO) developed to model real-world intrusion scenarios across multiple subnets and roughly 20 hosts was previously only fully solved by Claude Mythos Preview. GPT-5.5 became only the second model to crack it, completing the simulation in 2 out of 10 attempts. Claude Mythos managed 3 out of 10. AISI estimates this level of attack would take a human expert around 20 hours. The AI did it with enough compute budget and no active defenders in the simulation environment.

AISI’s broader takeaway is that GPT-5.5 cyber attack capability didn’t emerge from any targeted offensive training. Instead, the agency views it as an unintended byproduct of general improvements in autonomy, reasoning, and coding, a pattern it first flagged when Claude Mythos debuted in April. In other words, the more capable AI becomes, the more dangerous it gets, even without anyone trying to make it that way.

The safety picture adds another layer of concern. Researchers found a universal jailbreak that bypassed every GPT-5.5 safeguard on malicious cyber requests, including multi-step agentic scenarios. It took just six hours to develop. OpenAI pushed updates in response, but AISI was unable to fully verify the final configuration due to a deployment issue.

One critical distinction: GPT-5.5 is already publicly available via ChatGPT and the API, while Anthropic has kept Claude Mythos restricted to a limited group. Given that GPT-5.5 is now out in the world with comparable offensive capability, the question of how much that limited rollout actually bought in terms of safety is becoming harder to ignore. As AISI’s findings make clear, the frontier is moving fast and the attack capabilities are coming along for the ride.