Despite high-profile claims about Mythos Preview's cybersecurity capabilities, the UK’s AI Security Institute finds OpenAI’s GPT-5.5 performs comparably across major industry benchmarks, challenging the notion of a singular breakthrough model.
- GPT-5.5 and Mythos Preview show nearly equal performance on cybersecurity tests
- GPT-5.5 solved complex challenges quickly and cost-effectively without human help
- Neither model yet passes high-stakes control system disruption simulations
What happened
Anthropic recently highlighted the Mythos Preview model as an unprecedented cybersecurity risk, restricting its use to select industry partners. However, the UK-based AI Security Institute (AISI) tested OpenAI’s publicly released GPT-5.5 model and found it performed on par with Mythos Preview in a battery of 95 Capture the Flag cybersecurity challenges. These tasks included reverse engineering binaries, web exploitation, and cryptographic problems.
In particular, GPT-5.5 surpassed Mythos on several key metrics, including solving a demanding Rust binary disassembler problem autonomously within minutes at minimal API cost. It also matched Mythos in progress on multi-stage network attack simulations, a test no previous model had passed even once. Despite this, both models failed the most complex tests, such as power plant control system disruption simulations.
Why it matters
The new findings indicate that Mythos Preview’s cybersecurity prowess is less about a unique breakthrough and more a reflection of broader advancements in AI reasoning, autonomy, and coding capabilities. This challenges messaging that positions specific models as singular threats, highlighting the evolving baseline of AI performance in security domains.
OpenAI CEO Sam Altman criticized exaggerated marketing surrounding Mythos, emphasizing challenges in balancing transparency, public risk awareness, and preventing panic-driven narratives. OpenAI continues to manage access to its advanced cybersecurity-focused variants by restricting them to verified security researchers and trusted enterprise partners.
What to watch next
Stakeholders should monitor how AI development continues to impact cybersecurity, especially as models become better at complex exploit identification and automated defensive tasks. The limited but growing availability of specialized AI models like GPT-5.5-Cyber raises questions about controlled deployment and risk mitigation strategies.
Researchers will also be keen to see if future iterations can overcome persistent challenges such as critical infrastructure attack simulations. Meanwhile, industry dialogues around responsible AI release and security-focused access controls are expected to intensify as capabilities improve across competing providers.