LIVE THREATS
HIGH Anthropic Launches Claude Security to Close AI-Accelerated Exploit Window // CRITICAL CVSS 10 Gemini CLI Flaw Turns CI/CD Pipelines Into RCE Attack Vectors // MEDIUM OpenAI Launches Phishing-Resistant Security Mode for High-Risk ChatGPT Accounts // HIGH UK AI Security Institute Finds GPT-5.5 Matches Claude Mythos in Cyber Capabilities // MEDIUM AI-Powered Honeypots Expose Blind Spots in Automated Malicious AI Agents // HIGH DPRK Actors Use Claude LLM to Inject Malware Into npm Supply Chain // CRITICAL SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours // MEDIUM Agentic AI Defense Costs Spiral as Adversarial Attack Volume Surges // HIGH FIDO Alliance Launches Standards Push to Secure AI Agent Transactions // CRITICAL Pre-Auth SQLi Flaw in LiteLLM Gateway Actively Exploited to Steal AI Credentials //
ATLAS OWASP HIGH Significant risk · Prioritise patching LLM Security Research Industry News Regulatory RELEVANCE ▲ 7.2

UK AI Security Institute Finds GPT-5.5 Matches Claude Mythos in Cyber Capabilities

SOURCE Simon Willison ↗
TL;DR HIGH
  • What happened: UK AISI confirms GPT-5.5 matches Claude Mythos in finding security vulnerabilities, and is publicly available.
  • Who's at risk: Organisations with internet-exposed software assets are most at risk, as capable AI vulnerability-discovery tools are now broadly accessible.
  • Act now: Accelerate vulnerability scanning and patch cadence for externally exposed systems · Monitor for AI-assisted reconnaissance and exploitation patterns in threat detection pipelines · Review access controls and API exposure for services that could be targeted by automated AI-driven discovery
UK AI Security Institute Finds GPT-5.5 Matches Claude Mythos in Cyber Capabilities

Overview

The UK’s AI Security Institute (AISI) has published an evaluation of OpenAI’s GPT-5.5, assessing its capabilities in identifying and reasoning about security vulnerabilities. The findings place GPT-5.5 on par with Anthropic’s Claude Mythos — a model previously evaluated by the same body. The critical distinction: GPT-5.5 is generally available today, while Claude Mythos remains access-restricted. This gap between capability parity and access parity has direct implications for the threat landscape.

The evaluation continues a trend of government-affiliated AI safety bodies benchmarking frontier models not just for harmful content generation, but for operationally relevant offensive cyber capabilities — an acknowledgement that vulnerability discovery is a material dual-use risk.

Technical Analysis

While the full technical methodology of the AISI evaluation is not detailed in this summary, prior AISI evaluations of models like Claude Mythos have assessed capabilities across dimensions including:

  • Vulnerability identification: Can the model identify exploitable weaknesses in code or system descriptions?
  • Exploitation reasoning: Can it reason through multi-step attack chains?
  • Uplift assessment: Does the model provide meaningful capability uplift to a novice or intermediate attacker?

GPT-5.5 being rated comparable to Mythos on these axes implies it can provide substantive assistance in security vulnerability discovery — a capability that, when paired with agentic tooling and code execution, moves from advisory to operational.

Framework Mapping

MITRE ATLAS:

  • AML.T0047 (ML-Enabled Product or Service): GPT-5.5 functions as a commercially deployed ML service being evaluated for misuse potential in cyber operations.
  • AML.T0040 (ML Model Inference API Access): General availability means adversaries can query the model at scale via API for vulnerability research.
  • AML.T0043 (Craft Adversarial Data): The model’s ability to reason about vulnerabilities could assist in crafting adversarial inputs or exploits.

OWASP LLM:

  • LLM08 (Excessive Agency): When integrated into agentic pipelines, these capabilities extend to autonomous exploitation attempts.
  • LLM09 (Overreliance): Defenders may underestimate attacker capability uplift from models rated equivalent to restricted frontier systems.

Impact Assessment

The general availability of GPT-5.5 is the operative concern here. Capability-restricted models like Claude Mythos provide a de facto access barrier; the same capability profile in a publicly accessible model removes that friction entirely. Threat actors — from nation-state operators to low-sophistication cybercriminals — gain access to a tool the AISI considers frontier-class for vulnerability discovery.

Organisations with legacy codebases, unpatched CVEs, or complex exposed attack surfaces face elevated risk as AI-assisted scanning and exploitation become commoditised.

Mitigation & Recommendations

  • Increase patch velocity: Prioritise known vulnerability remediation for internet-facing systems, as AI-assisted discovery lowers the bar for finding and exploiting known weaknesses.
  • Deploy AI-aware threat detection: Update SOC playbooks to account for AI-assisted reconnaissance patterns, including unusual API enumeration and automated vulnerability probing.
  • Engage with AISI outputs: Organisations in critical infrastructure should monitor AISI and equivalent body evaluations to understand the evolving capability frontier.
  • Restrict internal LLM use for sensitive codebases: Audit whether internal AI coding assistants could expose proprietary vulnerability information through inference.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.