AI Models Mythos and GPT-5.5 Exceed Expectations in Cybersecurity Tests
Auf einen Blick
- Advanced AI models like Anthropic's Mythos and GPT-5.5 demonstrate sophisticated cyber capabilities, finding thousands of high-severity vulnerabilities and outpacing human experts.
- This rapid advancement raises concerns about potential misuse by adversaries, prompting calls for government access to secure critical networks.
KI-generierte Zusammenfassung
Warum es wichtig ist
Advanced AI models like Anthropic's Mythos and GPT-5.5 are being tested in limited settings due to their potent cyber capabilities. These tools have demonstrated an ability to find thousands of high-severity vulnerabilities, exceeding current digital tools and human expertise.
Both AI companies have kept testing of their frontier AI models limited to small groups of trusted organizations because of the technologies’ advanced cyber capabilities, which have so far outpaced other publicly available digital tools — and even the most skilled human minds.
At the time of its announcement last month, Anthropic said Mythos had “already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” and warned that the consequences of setting this technology loose could be “severe” for global economies, public safety and national security.
This has led to government agencies, congressional committees, banks and regulators clamoring for access in recent weeks, so that they can secure critical networks before adversaries get their hands on the technology to launch devastating cyberattacks.
POLITICO spoke to nine of the nation’s top cyber researchers and tech leaders who have experimented with Mythos and GPT-5.5 in a controlled setting, and all of them came to the same startling conclusion: These tools are advancing much faster than anticipated — and will change the digital security landscape forever.
Isaac Evans, CEO of cybersecurity company Semgrep, said that when trialing Mythos, it “exceeded our expectations.”
“The model’s not superhuman across all dimensions, but at least in some narrow cases, it’s really demonstrating an uncanny ability around exploit generation,” Evans said.
He added that some described Mythos as capable of generating “a SolarWinds every quarter,” referring to the Russian government’s breach of U.S. federal agencies in 2020. The incident is widely regarded as one of the worst hacks in history and affected more than 18,000 organizations worldwide through compromised software.
Jonathan Trull, chief information security officer of IT security company Qualys, which is testing GPT-5.5, said the model “can basically do what your most advanced app security engineer can do.”
This early feedback from those who have experimented with these models makes clear that the mystique around emerging AI technology is not just marketing. Rather, it reflects how the race to create the most sophisticated AI tools that can outsmart human intelligence has begun — and no one person, industry or government has yet figured out how to prevent them from being used to create widespread destruction.
Many of the specific vulnerabilities that models such as Mythos and GPT-5.5 have been able to sniff out are not yet public — though details are starting to leak.
Mythos was able to bypass Apple security for its MacOS system in just days, The Wall Street Journal reported last week, a famously tough program to crack. Rep. Lou Correa (D-Calif.), a member of the House Homeland Security Committee, told POLITICO after emerging from a closed-door briefing from Anthropic on Mythos earlier this month that the AI tool was able to break into his bank account with ease.
And Cloudflare Chief Security Officer Grant Bourzikas stated in a blog post published this week that Mythos can both identify vulnerabilities and write code to exploit them, marking a “real step forward” for this type of advanced AI technology.
Cybersecurity firm Broadcom, which has been testing Mythos against its own software code, described its findings as “jolting” in a report published last month.
“We are learning things that appear unlikely to ever have been uncovered by human researchers alone,” the report reads.
Advanced AI tools could potentially be a game-changer for cyber officials who secure critical networks across critical sectors, including water facilities, hospitals and telecommunication networks. This is because AI models will allow coders to check for bugs in new software before release, rather than waiting until after they’ve been exploited to fix issues.
“There’s a future state where we will actually be producing more secure products, more secure code as opposed to having to remediate things that are already released,” Klarich said. He added that defenders could try to leverage strengths demonstrated by various AI models, including Mythos and GPT-5.5, to create a “multi-model architecture” to secure their networks.
But the models’ ability to find security flaws everywhere is a double-edged sword that hacker gangs and state-backed operatives could just as easily exploit to infiltrate sensitive networks and launch cyberattacks.
“These model developments mainly are advantages for attackers rather than defenders,” Evans said.
The United Kingdom’s AI Security Institute, which tested both Mythos and GPT-5.5, found that Mythos can fully take over a corporate network in six out of 10 attempts. GPT-5.5 could do the same in three out of 10 tries.
“Cyber capabilities in leading AI systems are advancing much faster than we expected,” British AI Minister Kanishka Narayan said in a statement provided to POLITICO.
Concerns are rising that China and other adversaries could soon develop their own advanced AI tools. China, in particular, has launched an industrial-scale campaign to copy American AI technology in so-called distillation attacks.
The Trump administration is acutely aware of these dangers and is scrambling to work with tech companies, government agencies and critical infrastructure groups to figure out how to deploy these tools quickly — and safely — before the clock runs out.
President Donald Trump abruptly postponed signing an executive order earlier this week that would have established a voluntary process for tech companies to submit certain AI models to the federal government for testing. Former AI czar David Sacks raised concerns about the executive order stifling innovation with Trump at the last minute, plunging the process into chaos.
Trump on Friday told POLITICO he had “many” concerns about the draft executive order, and worried it was “inhibiting the industry.”
It’s unclear when the executive order will be signed. Some fear that without swift action, advanced AI will continue to evolve, leaving cyber defenders too little time to prepare for a new cyber paradigm.
“The world has not really figured out what the implications will be, but certainly it seems like we can’t go back,” Evans said. “A lot more attention and dollars are going to have to be paid to security.”
Worauf zu achten ist
KI-Ausblick — Möglichkeiten, keine Fakten
Increased investment in AI cybersecurity research and development.
Sehr wahrscheinlich · Kurzfristig
Development of new AI-driven defense mechanisms and multi-model architectures.
Wahrscheinlich · Mittelfristig
Potential for a significant increase in sophisticated cyberattacks globally.
Sehr wahrscheinlich · Mittelfristig
Offene Fragen
- How will governments and industries effectively regulate and secure these advanced AI models?
- What specific measures are being taken to prevent adversaries from acquiring and weaponizing these technologies?
- What is the timeline for the widespread release of these AI models, and what are the immediate implications?
- How can defenders realistically counter the offensive capabilities of these AI tools?






