UK Institute: Claude Mythos completed 32-step network attack

The UK AI Safety Institute reported that Anthropic’s Claude Mythos Preview autonomously completed a 32-step corporate network attack simulation called “The Last Ones,” finishing three full runs and averaging 22 of 32 steps across ten attempts. The model also scored 73% on expert-level capture-the-flag tasks included in the evaluation.

The institute released the evaluation on Monday after testing Mythos Preview to assess claims about its cybersecurity abilities. The simulation mirrors a full corporate intrusion from reconnaissance through network takeover and typically takes human teams about 20 hours to finish.

In controlled tests the model executed multi-stage attacks and discovered vulnerabilities without human guidance when given explicit directions and network access. The institute reported that Mythos Preview’s performance increased with more computing resources, with evaluations using up to 100 million tokens per run.

For comparison, Anthropic’s Claude Opus 4.6 averaged 16 steps on the same simulation. Across the institute’s ten attempts, Mythos Preview completed the full 32-step sequence in three runs and averaged 22 completed steps overall.

Anthropic first disclosed Mythos after a late-March website leak and has confirmed the model’s advanced ability to find and exploit security flaws. The company has not released the model publicly and has provided limited access to dozens of security research firms so experts can test and prepare for its capabilities. Anthropic has said the technology can be used to identify and fix vulnerabilities as well as to exploit them.

U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned bank executives last week about the potential security threat posed by Claude Mythos. The institute’s evaluation provides technical detail showing the model can autonomously run complex attack sequences that previously required human operators.

The UK AI Safety Institute has tracked changes in AI security skills since 2023 and reported a shift from basic exercises to expert-level autonomous attacks. The institute noted the test marked the first time an AI model completed the full 32-step simulation and that the expert capture-the-flag tasks had not been completed by any model before April 2025.

The evaluation identified possible impacts for sectors that face frequent exploits, including cryptocurrency platforms and decentralized finance protocols where software bugs and exchange breaches have caused large losses. The institute highlighted potential implications for risk assessment and network defense when AI systems can probe and exploit multiple attack vectors autonomously.