Anthropic’s Claude Mythos Preview has undergone scrutiny by the UK’s AI Security Institute to evaluate its significant cybersecurity capabilities, revealing that it can autonomously execute advanced cyber attacks with high success rates. The powerful next-generation model was first disclosed in March through a website leak, and Anthropic confirmed that it could discover and exploit cybersecurity vulnerabilities at an unprecedented level compared to other AI models available.
Instead of releasing Claude Mythos publicly, Anthropic has allowed limited access to numerous security research firms to test its advanced capabilities. Recently, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell reportedly cautioned bank executives about the potential security risks posed by Claude Mythos.
The AI Security Institute’s findings, published on Monday, support claims of the model’s capabilities. The evaluation showed that Mythos Preview achieved a 73% success rate in expert-level capture-the-flag tasks—tasks previously unattainable by any AI model before April 2025. While this technology could also be used to identify and rectify vulnerabilities, it represents a significant threat, particularly for crypto infrastructure operators.
Mythos Preview became the first AI model to complete ‘The Last Ones’ (TLO), a complex corporate network attack simulation usually requiring humans around 20 hours of effort. The model completed an average of 22 out of 32 steps in three out of ten attempts. In contrast, Claude Opus 4.6, another AI model, averaged only 16 steps. According to the UK institute, Mythos Preview’s performance improved with increased computational resources, utilizing up to 100 million tokens per evaluation.
In controlled settings, when given explicit instructions and network access, the model demonstrated its ability to execute multi-stage attacks independently. This marks a significant leap from just two years ago, when AI models struggled with basic cybersecurity tasks. The UK AI Safety Institute has been monitoring these developments since 2023, noting their rapid evolution from beginner-level tasks to sophisticated autonomous attacks.
In the crypto ecosystem, where vulnerabilities in smart contracts and exchange hacks already result in substantial financial losses annually, AI-powered cyber threats could escalate existing risks. DeFi protocols, which depend on intricate interconnected systems, might be especially vulnerable to automated attacks capable of analyzing and exploiting multiple vectors simultaneously.