Mythos AI: UK Labs Test Multistep Cyber Attack System
UK tests Mythos AI, noting its ability to chain multistep attacks
Last year, OpenAI's GPT-3.5 Turbo failed every one of the UK AI Safety Institute's basic hacking puzzles. That was the baseline. Now, Anthropic’s Mythos Preview cracks over 85 percent of them.
The UK's relentless testing reveals a crucial shift: this model can stitch low-level exploits into complete, multistep attack chains. It conquered "The Last Ones," a complex challenge that had stumped all prior models.
AISI’s findings show that Mythos isn’t significantly different from other recent frontier models in tests of individual cybersecurity-related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks into the multistep series of attacks necessary to fully infiltrate some systems.
That 85 percent success rate on the UK's benchmark is a threshold, not a footnote. Mythos Preview automating a full sequence—from initial breach to persistent foothold—demonstrates a functional risk. For defenders, the AISI results are a stark gauge.
The capability is here. Now.
Common Questions Answered
How did the UK's Agency for Integrated Security Innovation (AISI) test Mythos AI's capabilities?
AISI conducted 'Capture the Flag' style exercises to evaluate Mythos AI's offensive capabilities against defensive tools. The researchers specifically examined the AI's ability to generate sophisticated social-engineering scripts and chain multiple attack steps together to potentially infiltrate computer systems.
What makes Mythos AI different from previous AI models in cybersecurity testing?
Mythos AI demonstrated a unique ability to chain discrete actions into multistep attack sequences, which previous models like GPT-3.5 Turbo struggled to accomplish. This capability allows Mythos to potentially create more complex and interconnected attack strategies beyond simple phishing or password-spraying techniques.
What were the key findings of AISI's initial evaluation of Mythos AI?
The UK AI Security Institute confirmed Anthropic's claims that Mythos is 'strikingly capable' at computer security tasks, particularly in its ability to link multiple actions into sophisticated attack sequences. However, the evaluation did not conclusively prove that these capabilities could translate into a real-world threat without human direction.
Further Reading
- Testing reveals Claude Mythos's offensive capabilities and limits - Help Net Security
- Claude Mythos Preview: First AI to Complete 32-Step Enterprise Attack Chain, UK Tests Show - How2Shout
- Here's how cyber heavyweights in the US and UK are ... - CyberScoop
- AISI: Claude Mythos First AI to Solve 32-Step Cyber Attack Range - ResultSense