Claude Mythos achieves 73% success rate on expert-level hacking challenges, completes full network takeover in 3 of 10 attempts

The UK's AI Safety Institute (AISI) reports that Anthropic's Claude Mythos Preview achieved a 73% success rate on expert-level cybersecurity challenges and became the first AI model to autonomously complete a full simulated corporate network attack from start to finish.

Benchmark performance

In capture-the-flag (CTF) evaluations with a 50 million token compute budget, Mythos Preview scored:

• 85% on apprentice-level tasks
• 95% on beginner-level tasks
• 93% on practitioner-level tasks
• 73% on expert-level challenges

According to AISI, no AI model could solve expert-level CTF tasks before April 2025. The institute places Mythos Preview in the top tier alongside GPT-5.4, Codex 5.3, and Claude Opus 4.6 for beginner-level performance.

Full network takeover simulation

AISI developed "The Last Ones" (TLO), a 32-step attack simulation against a simulated corporate network that would take human experts an estimated 20 hours to complete. With a 100 million token budget, Mythos Preview:

• Completed all 32 steps in 3 out of 10 attempts
• Averaged 22 of 32 steps across all attempts
• Outperformed Claude Opus 4.6, which averaged 16 steps

The model is the first to complete this end-to-end attack simulation, according to AISI.

Significant limitations in testing

AISI notes critical caveats: the test environments contained no active defenders, no security monitoring tools, and no consequences for actions that would trigger alarms on real networks. "There's no way to tell whether Mythos Preview could successfully breach a well-defended system" based on these results alone, the institute states.

The model also failed to complete a separate AISI simulation targeting industrial control systems, stalling in the IT network during earlier stages.

AISI concludes the model can "autonomously attack small, weakly defended and vulnerable enterprise systems where access to a network has been gained." Future evaluations will include hardened environments with active monitoring and incident response.

Limited availability and controversy

Anthropic launched Claude Mythos in early April but currently limits access to approximately 50 companies, reportedly due to cybersecurity concerns. Critics compare this to OpenAI's 2019 decision to restrict GPT-2, arguing the performance gains don't justify such limited access. Some speculate the restrictions are primarily for marketing purposes or due to compute capacity constraints.

What this means

This represents the first documented case of an AI model completing a full multi-stage network attack simulation autonomously. The 73% expert-level CTF score and ability to chain 22+ attack steps shows measurable advancement in AI cyber capabilities over 2025 models.

However, the absence of active defenses in testing leaves the practical threat level unclear. Real enterprise networks deploy endpoint detection, security monitoring, and incident response—none of which were present in AISI's simulations. The results highlight that AI models can now exploit basic security weaknesses at scale, reinforcing the importance of fundamental security practices like regular patching and strong access controls.

AISI and the UK's National Cyber Security Centre note these capabilities are dual-use: the same techniques that enable offensive operations could strengthen defensive cybersecurity systems.