OpenAI’s GPT-5.5 Matches Claude Mythos in Cyberattack Capabilities: AI Security Institute

A U.K. federal government company has actually discovered that OpenAI’s latest expert system design can autonomously perform intricate cyberattacks– which it broke a reverse-engineering obstacle in simply over 10 minutes that took a human security professional approximately 12 hours.

The AI Security Institute (AISI), a research study body within Britain’s Department of Science, Development and Innovation, released findings Thursday revealing that GPT-5.5 is amongst the greatest designs it has actually examined for offending cyber abilities, putting it approximately on par with Anthropic’s vaunted Claude Mythos.

The report discovered GPT-5.5 is the 2nd design to finish AISI’s the majority of requiring test– a 32-step simulated business network attack called “The Last Ones”– doing so autonomously in 2 out of 10 efforts. The very first design to attain the turning point was Anthropic’s Claude Mythos Sneak peek, which finished the simulation in 3 of 10 shots.

The business network simulation, developed with the cybersecurity company SpecterOps, needs a representative to chain together reconnaissance, credential theft, lateral motion throughout several Active Directory site forests, a supply-chain pivot through a CI/CD pipeline, and eventually the exfiltration of a secured internal database– actions that AISI quotes would take a human professional around 20 hours.

Maybe the most striking outcome included a fiendishly tough reverse-engineering puzzle. GPT-5.5 fixed the obstacle– which needed rebuilding a customized virtual maker’s direction set, composing a disassembler from scratch, and recuperating a cryptographic password through restraint resolving– in 10 minutes and 22 seconds, at an expense of $1.73 in API use. A human professional, utilizing expert tools, needed around 12 hours.

On AISI’s battery of sophisticated cybersecurity jobs, GPT-5.5 attained a typical pass rate of 71.4% on the most tough “Professional” tier, edging out Mythos Sneak peek at 68.6% percent and considerably going beyond GPT-5.4 at 52.4%.

The findings bring pointed ramifications for the more comprehensive trajectory of AI advancement. AISI concluded that GPT-5.5’s efficiency recommends fast enhancement in cyber abilities might become part of a basic pattern instead of a separated development– and alerted that if offending cyber ability is becoming a by-product of larger enhancements in thinking, coding, and self-governing job conclusion, then even more advances might show up in fast succession.

The report likewise flagged considerable issues about the design’s security guardrails. Scientist determined a universal jailbreak that generated hazardous material throughout all destructive cyber questions evaluated, consisting of in multi-turn agentic settings. The attack took 6 hours of professional red-teaming to establish. OpenAI consequently upgraded its protect stack, though a setup problem avoided AISI from confirming whether the last variation worked.

AISI warned that its ability assessments were carried out in a regulated research study environment and do not always show what is available to a normal user, keeping in mind that public releases consist of extra safeguards and gain access to controls.

The report lands versus a stressing background for British cybersecurity. The U.K. federal government’s yearly Cyber Security Breaches Study, likewise released Thursday, discovered that 43% of organizations suffered a cyber breach or attack in the previous 12 months.

In reaction, the federal government revealed ₤ 90 million in brand-new financing to improve cyber durability, and stated it is progressing with the Cyber Security and Durability Expense to secure vital services. Authorities likewise released assistance advising companies to get ready for a possible rise in freshly found software application vulnerabilities as AI speeds up the rate at which security defects can be discovered and weaponized.