The Mythos Mirage Fades Under Scrutiny
Anthropic spent weeks spinning a narrative that its Mythos Preview model was so dangerously powerful in cybersecurity that it had to be locked away from the public, accessible only to a chosen few elite partners. But new evaluations from the UK’s AI Security Institute (AISI) blow that narrative apart. When put through the same rigorous battery of 95 Capture the Flag challenges, OpenAI’s GPT-5.5 matched or slightly edged out Mythos Preview on expert-level tasks, scoring 71.4 percent versus Mythos’ 68.6 percent. The difference is statistically irrelevant. Anthropic’s grand story of a unique, terrifyingly capable model is exposed as marketing fluff.
AISI’s most damning finding is that Mythos Preview’s supposed breakthrough is not a product of some unique architecture or secret sauce. Instead, the institute argues it is merely ‘a byproduct of more general improvements in long-horizon autonomy, reasoning, and coding’ that any leading frontier model now exhibits. GPT-5.5 even outperformed Mythos on the ‘The Last Ones’ simulation of a multi-step corporate network attack, succeeding in 3 of 10 attempts compared to Mythos’ 2. The emperor, it turns out, has no clothes. CVE-2025-31147 and CVE-2025-29925 are examples of the kinds of vulnerabilities these models can exploit, but the capability is clearly not exclusive to one vendor.
Fear as a Business Model
OpenAI CEO Sam Altman has been gleefully pointing out what many in the industry have suspected for months. In a recent podcast interview, he called out the tactic as ‘fear-based marketing,’ mocking the strategy of declaring you have built a bomb and then selling the bomb shelter for $100 million. His jab is uncomfortably accurate. The limited release model creates artificial scarcity and positions the company as a responsible gatekeeper. It is a brilliant business play, but it is not a safety measure. It is a moat.
This is not to say that AI cybersecurity capabilities are not a genuine concern. They are. But the transparent attempt by Anthropic to inflate Mythos’ unique danger level to justify an exclusivity racket undermines trust in the entire field. OpenAI is also playing this game with its GPT-5.4-Cyber and GPT-5.5-Cyber variants, limiting them to ‘critical cyber defenders.’ The real issue is that these companies are using the specter of catastrophic risk to control who gets access, not to genuinely solve it. The AISI results prove that the baseline capability is already here, spread across multiple models. The hype needs to stop, and the real work of equitable, verified access needs to begin.
Source: Arstechnica
