Claude Mythos completes simulated attack, solves 73% of CTFs

Anthropic’s Claude Mythos Preview completed a full 32-step simulated corporate network attack and solved 73% of expert-level capture-the-flag tasks in evaluations by the UK AI Security Institute (AISI). The tests followed the model’s April 7 unveiling, when Anthropic provided limited access to security researchers.

AISI ran CTF exercises to test vulnerability discovery and exploitation. Mythos reached a 73% success rate on expert-level CTF challenges that AISI says had remained unsolved by prior models before April 2025. AISI also built a 32-step corporate network simulation called “The Last Ones.” Human security professionals typically need about 20 hours to complete the scenario. Mythos finished the full simulation in 3 of 10 attempts and averaged 22 completed steps. The next-best model, Claude Opus 4.6, averaged 16 steps.

AISI wrote that “Mythos Preview’s success on one cyber range indicates that it is at least capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained,” and noted their simulated ranges differ from real-world environments and may be easier targets.

Anthropic’s internal red team testing found that when explicitly instructed, Mythos Preview can detect and exploit zero-day vulnerabilities across major operating systems and leading web browsers. Anthropic reported thousands of such findings but declined to disclose technical details because more than 99% remain unpatched. The company wrote: “We have launched Project Glasswing, an effort to use Mythos Preview to help secure the world’s most critical software, and to prepare the industry for the practices we all will need to adopt to keep ahead of cyberattackers.”

U.S. officials, including the Treasury Secretary and the Federal Reserve chair, held an urgent meeting with major bank chief executives to discuss potential cyber risks tied to advanced AI tools.

AISI recommended organizations prioritize regular patching, strict access controls, security configuration hardening and comprehensive logging to reduce exposure to automated attacks.

The AISI report is the first independent public evaluation to show a generative AI model complete a full simulated corporate attack.