Claude Mythos Aces 73% of Expert CTF Hacking Challenges — AI Safety Lab Restricts Release

Claude Mythos Aces 73% of Expert CTF Hacking Challenges — AI Safety Lab Restricts Release

The UK's AI Security Institute has published its cybersecurity evaluation of Anthropic's Claude Mythos Preview — and the numbers explain why Anthropic restricted the model's release to a coalition of defensive security organizations rather than making it publicly available.

73% on Expert CTF Challenges

The evaluation found Claude Mythos Preview scoring 73% on expert-level capture-the-flag cybersecurity challenges — tasks that no AI model could complete at all before April 2025. These are not toy problems: expert CTF challenges require chaining together multiple vulnerabilities, reasoning about system architecture, and executing complex multi-step exploits that typically take skilled human security researchers hours to complete.

For context, earlier frontier models had been clearing beginner and intermediate CTF tasks, but expert-level challenges represented a hard ceiling. Mythos blew through it.

Full 32-Step Corporate Network Attack

More alarming than the CTF benchmark is a separate finding: Mythos autonomously completed a full end-to-end corporate network intrusion simulation in 3 out of 10 runs. The simulation mirrors a real corporate attack from initial reconnaissance through lateral movement to full network takeover — a sequence that typically takes a skilled human red team approximately 20 hours to execute. The AI completed it in a fraction of that time when it succeeded.

The AISI noted that the 3-in-10 success rate means the attack is not yet reliable, but the implication is clear: the capability exists, and it will improve with future model iterations.

Why This Justified Restricted Release

These results are the technical foundation for Anthropic's decision to form the 12-company defensive coalition — Project Glasswing — rather than releasing Mythos publicly or even through standard API access. A model that can autonomously complete corporate intrusions represents a qualitatively different threat level than anything previously available.

The AISI's assessment positions Mythos as the first AI model to cross a meaningful threshold in real-world offensive cyber capability. The report stops short of calling it a weapon, but its framing makes clear that defensive deployment with strict access controls is the only responsible path at this capability level.

The Bottom Line

The 73% CTF score and the 32-step network attack completion are not theoretical risk assessments — they are measured results from controlled testing. They validate Anthropic's restricted-release decision and raise the stakes for every AI lab racing toward the next capability level. The question is no longer whether AI can be used for sophisticated cyberattacks. It already can.