The AI Security Institute tested Anthropic's Claude Mythos Preview and found it surpasses previous frontier models in cybersecurity. For the first time, an AI autonomously completed a 32-step corporate network attack simulation, executing an average of 22 steps where human professionals would need 20 hours. The model succeeded in 73% of expert-level capture-the-flag challenges, demonstrating substantial advancement in autonomous cyber capabilities.

This represents rapid progress in AI cyber capabilities tracked since 2023, when models could barely complete beginner-level tasks. Mythos Preview's performance continues to scale with increased token usage, though it showed limitations in operational technology environments. The evaluation highlights a critical shift: AI can now autonomously exploit systems with weak security postures, potentially accelerating attack timelines from days to minutes.

Organizations face dual challenges and opportunities as AI cyber capabilities advance. While these tools pose security threats, they can also transform defensive measures. The evaluation underscores the urgent need for robust cybersecurity basics: regular updates, strict access controls, comprehensive logging, and investment in defensive AI. As capabilities evolve, security evaluations must adapt to include hardened environments with active monitoring and real-time incident response.