Anthropic's 'Critical Threat' Mythos Preview Matches Public GPT-5.5 in UK AI Security Tests

The UK's AI Security Institute has delivered a pointed rebuttal to Anthropic's framing of its Mythos Preview model as an outsized cybersecurity risk. In head-to-head evaluations across 95 Capture the Flag challenges, OpenAI's GPT-5.5—released publicly last week—matched or slightly exceeded the performance of Anthropic's restricted-preview system, raising questions about the justification for the company's cautious rollout strategy.

The AISI testing framework assessed frontier AI models on expert-level cybersecurity tasks spanning reverse engineering, web exploitation, and cryptography. GPT-5.5 completed 71.4 percent of the highest-difficulty challenges correctly, compared to Mythos Preview's 68.6 percent—a difference the institute characterized as within the margin of error. In one particularly demanding task requiring participants to construct a disassembler capable of decoding a Rust binary, GPT-5.5 demonstrated comparable capability to Anthropic's model. Both systems showed significant capability gains over earlier generations of frontier models, though neither achieved consistent human-expert performance across all categories.

Anthropic had initially justified limiting Mythos Preview access to "critical industry partners" by citing the model's elevated risk profile. The AISI findings now place Anthropic's claims under scrutiny, suggesting that the cybersecurity capabilities driving those restrictions are not unique to its system. The results signal that open-access models may present comparable technical challenges, complicating industry arguments for restrictive deployment policies based solely on capability benchmarks. Regulators and enterprise security teams face the growing task of distinguishing between genuine risk differentials and marketing-driven differentiation in the frontier AI landscape.