OpenAI's GPT-5.5 Completes Corporate Network Intrusion Simulation, Second AI After Claude Mythos

OpenAI's GPT-5.5 has become only the second AI system to complete an end-to-end simulated corporate network intrusion, according to findings published by the AI Security Institute. The milestone places GPT-5.5 alongside Anthropic's Claude Mythos in a narrow and potentially significant category of AI systems demonstrated to autonomously navigate a full attack chain against enterprise infrastructure—from initial access through lateral movement to objective completion.

The AI Security Institute, which has been conducting structured evaluations of frontier AI systems for dual-use capability risks, confirmed the assessment. Unlike previous red-teaming exercises that focused on discrete capability benchmarks, this evaluation required the model to chain multiple operations across a controlled corporate network environment. The specific evaluation parameters, success metrics, and whether any safeguards were bypassed during the test remain undisclosed. Anthropic's Claude Mythos previously achieved a similar result, raising questions within the security research community about how rapidly frontier models are advancing toward autonomous cyber operational capability.

The development intensifies scrutiny over the pace of AI capability scaling without commensurate safety evaluation. Security researchers have warned that autonomous intrusion capability in production-grade models could lower barriers for sophisticated threat actors. The AI Security Institute's findings are likely to feed into ongoing policy debates about mandatory pre-deployment testing regimes and export controls on advanced AI models with clear offensive cyber applications. Neither OpenAI nor Anthropic has commented publicly on the specific evaluation outcomes.