The UK’s AI Security Institute reported last week that Anthropic’s Mythos model completed a previously unsolved cybersecurity benchmark called “cooling tower” in three out of ten attempts, according to The Guardian. No AI model had ever passed that test. The AISI called the result a “notable capability jump” and said autonomous cyber capability in frontier models “has doubled on the order of months, not years.”

That assessment arrived the same week that Politico reported researchers with controlled access to both Mythos and OpenAI’s GPT-5.5 described their autonomous hacking capabilities as a “game changer.” The models can identify and exploit vulnerabilities in operating systems, web browsers, and banking infrastructure without human guidance.

What the Defenders Found

Mozilla’s Firefox team used Mythos access to find and fix more security bugs than they had in the entire previous year, according to Business Insider. Researchers at security firm Calif used it to identify bugs in macOS, chain them together, and construct a working exploit. Apple told The Wall Street Journal it is reviewing the findings.

The pattern is consistent across organizations: autonomous agents running vulnerability discovery complete in hours or days what human security teams require months to accomplish. The asymmetry is the problem. Defenders get Mythos access through Anthropic’s restricted partner program. Attackers with access to any frontier model can run similar autonomous scans against unpatched systems.

“If you’re a CISO today, you’re living in what I call the ‘AI fog,’” Manoj Nair, who leads the emerging technologies office at security startup Snyk, told Business Insider.

The Compounding Problem

The vulnerability surface is expanding independently of Mythos. Isaac Evans, CEO of cybersecurity startup Semgrep, told Business Insider that a recent threat prompted his team to scour their codebase, and the two vulnerabilities they found had both been contributed by Anthropic’s Claude coding tools. Feross Aboukhadijeh, CEO of Socket, described the combination of AI-generated code and heavy open-source dependency as a “perfect storm”: more code, more external libraries, less careful review.

AI coding tools from OpenAI and Anthropic helped developers produce millions of new lines of code over the past year. Those tools generate errors and vulnerabilities at rates that outpace review capacity. The same models creating the vulnerabilities are now capable of autonomously discovering and exploiting them.

Regulators Are Moving

The Financial Stability Board, chaired by Bank of England Governor Andrew Bailey, has scheduled a briefing with Anthropic on Mythos implications for the global financial system, per The Guardian. The IMF warned on May 7 that financial stability risks are rising due to “fast-moving” AI developments and called for coordinated international response.

Financial Conduct Authority CEO Nikhil Rathi said AI developments had been a “significant topic of conversation” at recent IMF meetings in Washington. UK regulators and the Treasury directed firms to “double down” on core cyber hygiene, including legacy system review, detection mechanisms, and incident recovery planning.

Goldman Sachs CEO David Solomon said he was “hyper-aware” of Mythos capabilities. JPMorgan CEO Jamie Dimon acknowledged AI had made cyber defense “harder,” though he noted it could ultimately help defenders.

The Agent Architecture Implication

For the autonomous agent ecosystem, this is the capability frontier made visible. Mythos and GPT-5.5 are general-purpose models running autonomous tool-use loops against complex systems. The “cooling tower” benchmark is not a toy: it requires an agent to autonomously navigate, identify, and exploit a multi-step vulnerability chain. That these models can do so without human guidance demonstrates agent architectures have crossed from “useful assistant” to “autonomous operator” in the security domain.

Logan Graham, head of Anthropic’s frontier red team, wrote on X that his cybersecurity team is bringing Mythos “to defenders as fast as we responsibly can.” The question for agent builders is whether the restricted-access model scales. Every week that defenders have exclusive access shrinks the gap before similar capabilities become available through other frontier models or fine-tuned open-source alternatives.

Anthropic declined to comment to Business Insider. OpenAI pointed to its recent cybersecurity announcements and Daybreak security scanning page for developers.