benchmarkAnthropic

Claude Mythos achieves 73% success rate on expert-level hacking challenges, completes full network takeover in 3 of 10 a

TL;DR

The UK's AI Safety Institute reports Claude Mythos Preview achieved a 73% success rate on expert-level capture-the-flag cybersecurity challenges and became the first AI model to complete a full 32-step simulated corporate network takeover, succeeding in 3 out of 10 attempts. The testing occurred in environments without active security monitoring or defenders.

3 min read
0

Claude Mythos achieves 73% success rate on expert-level hacking challenges, completes full network takeover in 3 of 10 attempts

The UK's AI Safety Institute (AISI) reports that Anthropic's Claude Mythos Preview achieved a 73% success rate on expert-level cybersecurity challenges and became the first AI model to autonomously complete a full simulated corporate network attack from start to finish.

Benchmark performance

In capture-the-flag (CTF) evaluations with a 50 million token compute budget, Mythos Preview scored:

  • 85% on apprentice-level tasks
  • 95% on beginner-level tasks
  • 93% on practitioner-level tasks
  • 73% on expert-level challenges

According to AISI, no AI model could solve expert-level CTF tasks before April 2025. The institute places Mythos Preview in the top tier alongside GPT-5.4, Codex 5.3, and Claude Opus 4.6 for beginner-level performance.

Full network takeover simulation

AISI developed "The Last Ones" (TLO), a 32-step attack simulation against a simulated corporate network that would take human experts an estimated 20 hours to complete. With a 100 million token budget, Mythos Preview:

  • Completed all 32 steps in 3 out of 10 attempts
  • Averaged 22 of 32 steps across all attempts
  • Outperformed Claude Opus 4.6, which averaged 16 steps

The model is the first to complete this end-to-end attack simulation, according to AISI.

Significant limitations in testing

AISI notes critical caveats: the test environments contained no active defenders, no security monitoring tools, and no consequences for actions that would trigger alarms on real networks. "There's no way to tell whether Mythos Preview could successfully breach a well-defended system" based on these results alone, the institute states.

The model also failed to complete a separate AISI simulation targeting industrial control systems, stalling in the IT network during earlier stages.

AISI concludes the model can "autonomously attack small, weakly defended and vulnerable enterprise systems where access to a network has been gained." Future evaluations will include hardened environments with active monitoring and incident response.

Limited availability and controversy

Anthropic launched Claude Mythos in early April but currently limits access to approximately 50 companies, reportedly due to cybersecurity concerns. Critics compare this to OpenAI's 2019 decision to restrict GPT-2, arguing the performance gains don't justify such limited access. Some speculate the restrictions are primarily for marketing purposes or due to compute capacity constraints.

What this means

This represents the first documented case of an AI model completing a full multi-stage network attack simulation autonomously. The 73% expert-level CTF score and ability to chain 22+ attack steps shows measurable advancement in AI cyber capabilities over 2025 models.

However, the absence of active defenses in testing leaves the practical threat level unclear. Real enterprise networks deploy endpoint detection, security monitoring, and incident response—none of which were present in AISI's simulations. The results highlight that AI models can now exploit basic security weaknesses at scale, reinforcing the importance of fundamental security practices like regular patching and strong access controls.

AISI and the UK's National Cyber Security Centre note these capabilities are dual-use: the same techniques that enable offensive operations could strengthen defensive cybersecurity systems.

Related Articles

product update

Anthropic tests feature to prompt Claude users about overuse, adds usage tracking dashboard

Anthropic is testing a beta feature in Claude that tracks usage patterns and periodically prompts users to consider if they're using the chatbot too much. The feature shows usage summaries over periods from one to twelve months and includes quiet hours scheduling.

product update

China warns of backdoor in Anthropic's Claude Code versions 2.1.91-2.1.196

China's Ministry of Industry and Information Technology warned Wednesday that Anthropic's Claude Code AI coding tool contains a backdoor vulnerability in versions 2.1.91 to 2.1.196. Anthropic confirmed the backdoor was an anti-distillation experiment, as tensions escalate after the company last month accused Alibaba of attempting to extract its AI capabilities.

model release

Anthropic Restores Claude Fable 5 After Government Takedown, With Stricter Cybersecurity Blocks

Anthropic is redeploying Claude Fable 5 after a month-long government-mandated takedown triggered by Amazon researchers discovering a method to bypass the model's cybersecurity safeguards. The returning version includes enhanced safety classifiers that automatically block cybersecurity tasks and revert to Opus 4.8, with restricted availability through usage credits only.

product update

Anthropic offers K-12 teachers free year of Claude Pro with educational tools through June 2027

Anthropic launched Claude for Teachers, offering K-12 educators in the United States free access to premium Claude features for one year. The program includes Claude Cowork, Claude Code, and education-focused skills developed with Learning Commons, with applications open until June 30, 2027.

Comments

Loading...