GPT-5.5’s performance scales directly with inference compute, and researchers found a universal jailbreak in just six hours that bypassed every safety safeguard.
The UK AI Security Institute found GPT-5.5 matches Claude Mythos in autonomous cyberattack tests, completing multi-stage enterprise network simulations and scoring 71.4% on expert-level security tasks.
The UK AI Security Institute (AISI) has evaluated OpenAI’s GPT-5.5 against a comprehensive battery of cyberattack simulations, finding that it performs on par with Anthropic’s Claude Mythos Preview. The results suggest that advanced autonomous offensive cyber capabilities are a broader trend in AI development rather than a one-off achievement from a single model.
AISI tested GPT-5.5 across 95 capture-the-flag tasks spanning four difficulty levels, covering reverse engineering, exploit development for various memory flaws, cryptographic attacks, and unpacking obfuscated malware. At the highest Expert difficulty, GPT-5.5 achieved a 71.4 percent average success rate, slightly edging out Claude Mythos Preview at 68.6 percent. For comparison, GPT-5.4 scored 52.4 percent and Claude Opus 4.7 came in at 48.6 percent.
The advanced tasks were developed in collaboration with cybersecurity firms Crystal Peak Security and Irregular, representing some of the most challenging autonomous cyber evaluation scenarios publicly available.
AISI also tested GPT-5.5 on a multi-stage enterprise network simulation called “The Last Ones” (TLO), a 32-step scenario across four subnets and approximately 20 hosts. The AI agent starts with zero credentials and must discover vulnerabilities, steal credentials, move laterally through the network, and ultimately reach a protected database. AISI estimates a human expert would need about 20 hours to complete this scenario.
GPT-5.5 fully solved TLO in 2 out of 10 attempts, while Claude Mythos Preview achieved completion in 3 out of 10. AISI noted that performance scales with inference compute: the more tokens the model uses for reasoning, the higher the likelihood of a successful autonomous compromise. Neither model has plateaued in this regard.
Notably, the tests were conducted without active defenders, security monitoring, or real-world consequences for actions that would trigger alarms. Whether either model could hold up against well-defended enterprise systems remains an open question.
A second simulation called “Cooling Tower” modeled an attack on an industrial control system across seven steps. No model has successfully solved this scenario yet. GPT-5.5, like Mythos, tripped up on the upstream IT network steps rather than the control system itself.
Beyond offensive capability, AISI also evaluated GPT-5.5’s safety guardrails. Researchers discovered a universal jailbreak that bypassed every malicious cyber request safeguard OpenAI had implemented, including multi-step agent scenarios. The jailbreak took just six hours to develop.
OpenAI subsequently pushed several safety system updates, but AISI could not verify the final configuration due to a deployment issue. The finding reinforces that jailbreaks remain a serious weakness in frontier AI models.
Unlike Anthropic’s tightly controlled rollout of Claude Mythos, GPT-5.5 is already available through ChatGPT and the API. The AISI results suggest that Anthropic’s extra layer of caution may have been warranted, or alternatively that the delayed release was driven by compute constraints rather than safety concerns.
The broader implication is clear: autonomous cyberattack capabilities are not unique to any single model but emerge from general advances in reasoning, coding, and agentic autonomy across the AI frontier.
Source: The Decoder — GPT-5.5 Matches Claude Mythos in Autonomous Cyberattack Tests, UK AI S
