An AI just ran a complete simulated corporate network attack from start to finish—something no model could do a week ago.
The Summary
- Anthropic's Claude Mythos Preview completed a full simulated corporate network attack, marking the first time any AI model has accomplished this feat
- The UK's AI Security Institute (AISI) published evaluations showing Mythos cracked 73% of expert-level cyber tasks that previously stumped all AI systems
- Testing occurred within days of the model's April 7 announcement, suggesting Anthropic coordinated early security evaluation with regulators
- The capability jump demands immediate attention from security teams—the gap between "can't do this" and "does it better than most humans" collapsed in a single model release
The Signal
Claude Mythos Preview didn't just improve on existing AI cyber capabilities. It crossed a threshold. The UK's AI Security Institute put it through a battery of expert-level penetration testing scenarios—tasks specifically chosen because previous AI models failed them completely. Mythos solved 73% of them.
That's not incremental progress. That's a phase change. Last month, the best AI models were useful tools for security researchers who still needed to do the creative thinking. Now you have a model that can plan, execute, and adapt through a full attack chain on a corporate network.
"Claude Mythos Preview has become the first AI model to complete a full simulated corporate network attack."
The timing tells you something important. AISI published findings within days of Anthropic's April 7 announcement. That's not journalism catching up. That's coordinated disclosure. Anthropic likely gave AISI early access specifically to run security evaluations before public release.
This is what responsible AI deployment looks like when the capabilities are genuinely dangerous. You brief the security researchers first. You let them probe for weaknesses. You publish the threat assessment alongside the product launch so defenders aren't working blind.
Key capabilities that matter:
- Full attack chain execution from reconnaissance to compromise
- 73% success rate on tasks where previous AI models hit 0%
- Adaptive problem-solving when initial attack vectors fail
The question isn't whether this is a threat. The UK's AI Safety Institute is explicitly weighing whether it's a serious threat or overhyped. The question is how fast the gap closes between AI-assisted attacks and AI-assisted defense.
Right now, attackers and defenders both get access to Claude. But attackers only need one model to work. Defenders need their detection systems to catch every variation of attack that model can generate. The asymmetry is brutal.
The Implication
Security teams need to game this out now. If your threat model assumes attackers are human-speed and human-creativity, update it. The new baseline is an adversary who can run hundreds of attack variations in parallel, learn from each failed attempt, and never get tired.
The good news: the same model that runs attacks can also hunt for vulnerabilities before attackers find them. Companies that move fast can use Mythos to harden their networks against Mythos-class threats. The ones that wait are giving attackers a six-month head start.