GPT-5.5 matches Mythos Preview on cybersecurity tests
OpenAI's newly released GPT-5.5 performs at parity with Anthropic's restricted Mythos Preview model on cybersecurity evaluations conducted by the UK's AI Security Institute. The AISI tested both models on 95 Capture the Flag challenges, finding GPT-5.5 achieved 71.4 percent on expert-level tasks versus Mythos Preview's 68.6 percent, a difference within the margin of error. Both models also matched each other on a simulated 32-step corporate network attack test, with each succeeding in roughly 3 of 10 attempts, though neither has cracked the institute's most difficult power plant disruption simulation.
TL;DR
- →GPT-5.5 matched Mythos Preview's performance on AISI cybersecurity evaluations, scoring 71.4 percent versus 68.6 percent on expert-level Capture the Flag tasks
- →Both models succeeded 3 of 10 times on a simulated corporate network attack, a test no previous AI model had passed even once
- →GPT-5.5 solved a complex Rust binary disassembly task in 10 minutes 22 seconds for $1.73 in API costs, demonstrating practical cybersecurity capability
- →Neither model has succeeded on AISI's most difficult test, a power plant control system disruption simulation that has defeated all previously tested AI models
Why it matters
Anthropic's decision to restrict Mythos Preview to critical industry partners was premised on exceptional cybersecurity risk, but this research suggests the risk profile is not unique to that model. Public availability of GPT-5.5 at similar capability levels raises questions about the practical security differentiation Anthropic claimed and whether capability-based access restrictions remain viable as a safety mechanism when multiple vendors reach similar performance tiers.
Business relevance
Organizations evaluating AI models for security-sensitive work cannot rely on restricted access as a proxy for safety or capability differentiation. The cost efficiency of GPT-5.5 on complex cybersecurity tasks ($1.73 for a difficult reverse engineering challenge) also signals that frontier models are becoming practical tools for both defensive and offensive security work, requiring clearer governance frameworks around deployment.
Key implications
- →Capability-based access restrictions may not meaningfully slow proliferation of cybersecurity-relevant AI capabilities across vendors, undermining one rationale for model gating
- →The convergence in performance between restricted and public models suggests either Anthropic's risk assessment was overstated or OpenAI's safety practices are comparable, both of which have significant implications for industry trust and regulation
- →The low cost and speed of GPT-5.5 on expert-level cybersecurity tasks creates practical incentives for both legitimate security research and malicious use, requiring organizations to develop new detection and response strategies
What to watch
Monitor whether AISI or other independent evaluators continue to find performance parity between restricted and public frontier models, as sustained convergence would suggest capability-based access restrictions are ineffective. Watch for any changes in how Anthropic or OpenAI communicate about cybersecurity risks and model access, as well as whether regulatory bodies begin to question the efficacy of vendor-imposed access controls as a safety mechanism.
vff Briefing
Weekly signal. No noise. Built for founders, operators, and AI-curious professionals.
No spam. Unsubscribe any time.
