Claude Mythos Is the First AI to Complete a Full Corporate Cyberattack End-to-End — CoPilot Blog
    Neura MarketNeura Market/CoPilot
    ChatGPTChatGPTClaudeClaudeGeminiGeminiCursorCursorGrokGrokPerplexityPerplexityCoPilotCoPilot
    DeepSeekDeepSeekStable DiffusionStable DiffusionMidjourneyMidjourney
    View All Directories
    OverviewRulesPromptsMCPsAgentsBlogVideosGuidesCoursesCommunityPluginsTrendingGenerate
    CoPilotBlogClaude Mythos Is the First AI to Complete a Full Corporate Cyberattack End-to-End
    Back to Blog
    Claude Mythos Is the First AI to Complete a Full Corporate Cyberattack End-to-End
    security

    Claude Mythos Is the First AI to Complete a Full Corporate Cyberattack End-to-End

    Sameer Khan April 13, 2026
    0 views

    The UK's AI Security Institute confirmed this week that Claude Mythos, an Anthropic model, became the...

    The UK's AI Security Institute confirmed this week that Claude Mythos, an Anthropic model, became the first AI to complete their cyber range end-to-end.[^1] The range is a **32-step corporate network attack** scenario. Human experts estimate the same attack would take them **20 hours**. The institute's recommendation to organizations: keep your software updated. Use access controls. Enable logging. The gap between those two sentences is the part of this story I keep returning to. **TL;DR:** Claude Mythos ran a full autonomous cyberattack, 32 steps, end-to-end, in a scenario that takes human experts 20 hours. It is the first AI to complete AISI's cyber range. The official response was to recommend basic security hygiene. The mismatch between the capability and the response is where the real story lives. ## How Did AI Go From Basic Cyber Tasks to a Full Autonomous Cyberattack? Self-driving cars give me the cleanest parallel here. For a decade, every individual piece of the self-driving puzzle existed as a demo. Lane-keeping worked. Adaptive cruise worked. Automated parking worked. What didn't exist, for years, was the full ride. Door to door, no human touching the wheel. When Waymo's first commercial robotaxi picked up a passenger in 2020, what changed wasn't the individual capabilities. It was the threshold: chaining all of them into one uninterrupted ride. The same thing just happened in offensive cybersecurity. Each step of a network attack has been within reach of AI models for a while. Reconnaissance. Crafting payloads. Pivoting through a subnet. Covering tracks. What didn't exist was a model that could chain all 32 of those steps together without a human stepping in between. Claude Mythos did. In 2023, leading AI models struggled with basic cybersecurity tasks. Not sophisticated ones. Basic ones. Three years later, one of them drove the entire route. AISI published the actual curve, and it is worth looking at directly. ![AISI evaluation showing average steps completed on 'The Last Ones' cyber range per spent tokens. Claude Mythos Preview reaches around 22 steps on average and a maximum of roughly 32, clearly above Claude Opus 4.6, GPT-5.4, GPT-5.3 Codex, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-4o.](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/cgraaer1ehytkwzcembp.jpeg) The red line is Mythos. GPT-4o sits near the bottom, completing around three steps before running out. Sonnet 4.5 gets to roughly 11. Opus 4.5 and the GPT-5 family cluster in the mid teens. Opus 4.6 pushes past 16. Mythos is the only line that clears the middle milestones: C2 reverse engineering, advanced persistence, infrastructure compromise, and eventually M9 — "Full network takeover."[^1] The shape of that curve is what "first AI to complete the range end-to-end" actually looks like. AISI is careful about the current scope. The capability applies to "small, weakly defended, and vulnerable systems" given network access. Think of it as the robotaxi that only works on mapped, sunny, well-marked urban grids. Hardened enterprise infrastructure with proper controls is still a different problem, the same way a snowy mountain pass is still a different problem for Waymo.[^1] The trajectory is what matters. 2023 to 2026 is three years. ## Why Does an Autonomous Cyberattack Change the Security Equation? The asymmetry in security has always been simple: attackers need to find one gap, defenders need to close every door. AI doesn't change that asymmetry. It changes the cost of running an attack. An automated system doesn't need domain expertise to chain 32 steps. It doesn't get tired halfway through. It doesn't hesitate at unfamiliar territory. What previously required a skilled adversary with deep knowledge, time, and custom tools now requires API access and a goal. The same model AISI tested on offense has been used defensively in [Anthropic's Project Glasswing](/blogs/anthropic-glasswing-ai-cybersecurity) to find thousands of zero-days in critical open-source infrastructure. Offense and defense, same capability, same model. The dual-use nature isn't incidental. It's structural. Whoever has the model has both sides. ## What Should Organizations Do After Claude Mythos Ran a Full Cyberattack? Patch your systems. Use MFA. Enable logging. AISI's recommendations are correct. But they were correct before this evaluation too. That's the part I can't get past. These recommendations address the baseline: opportunistic attackers, misconfigured systems, low-skill adversaries. They don't address the shift in assumption that happens when a fully autonomous cyberattack chain becomes possible. Hygiene is still necessary. It is no longer sufficient as a strategy. AISI published a joint piece with the UK's National Cyber Security Centre on preparing defenders for frontier AI systems.[^1] That collaboration exists because the people closest to this problem know the defensive tooling gap is real. The open question is whether the defensive side of AI moves as fast as the offensive side. I'd bet on it eventually, but "eventually" and "right now" are different things in security. ## What Does the Claude Mythos Evaluation Pattern Reveal? This is the third notable evaluation result for Claude Mythos in April alone. [The system card](/blogs/claude-mythos-system-card) showed a model with enough situational awareness to conceal its own actions. Project Glasswing showed it finding thousands of vulnerabilities in critical infrastructure. The AISI cyber range shows it running a full autonomous cyberattack. These aren't contradictions. They are the same underlying capability applied in different contexts. A model capable enough for complex multi-step reasoning is capable enough to create real problems at scale. The value of these evaluations is that they name what's happening before it becomes a crisis, even when the recommendations that follow don't match the scale of what was just described. Naming it first is not nothing. ## Key takeaways - **Claude Mythos** became the first AI to complete a **32-step corporate cyberattack** chain end-to-end in AISI's cyber range - Human experts estimate the same operation takes **20 hours** - In 2023, leading models couldn't complete basic cybersecurity tasks. Three years later, one completed a full autonomous cyberattack - Current capability is scoped to "small, weakly defended" systems, not enterprise infrastructure with proper controls - The trajectory matters more than the current benchmark: three years of rapid progress, with no signs of slowing - AISI's defensive recommendations (patch, use MFA, enable logging) are correct but baseline — they predate this evaluation - AISI and the UK NCSC published joint guidance on preparing defenders for frontier AI systems --- I break down things like this on [LinkedIn](https://linkedin.com/in/monkfromearth), [X](https://x.com/monkfromearth), and [Instagram](https://instagram.com/monkfrom.earth) — usually shorter, sometimes as carousels. If this resonated, you'd probably like those too. ## Sources [^1]: [AI Security Institute (@AISecurityInst) — Claude Mythos cyber range evaluation, April 13, 2026](https://x.com/AISecurityInst/status/2043683577594794183)

    Tags

    securityaiarchitecturenews

    Comments

    More Blog

    View all
    Minimalist EKS: The Easy Waykubernetes

    Minimalist EKS: The Easy Way

    Amazon EKS manages the Kubernetes control plane, but you remain responsible for provisioning the...

    J
    Joaquin Menchaca
    Never forget to enter the Stern Grove lottery again!ai

    Never forget to enter the Stern Grove lottery again!

    Browser automation with Playwright, Python, GitHub Actions, and Entire to auto-enter San Francisco Stern Grove concert lotteries each week!

    L
    Lizzie Siegle
    A Free Screenshot Editor That Never Uploads Your Imagetypescript

    A Free Screenshot Editor That Never Uploads Your Image

    A free screenshot and image editor that runs entirely in your browser. Keeping every edit reversible and handling big phone photos, in plain TypeScript and Canvas2D.

    M
    Martin Stark
    I built a CLI to break my highlights out of Apple Booksshowdev

    I built a CLI to break my highlights out of Apple Books

    A macOS CLI + MCP server that exports Apple Books highlights to Markdown and gives AI assistants direct access to your reading notes.

    A
    Andrey Korchak
    A Developer's Guide to Agent Hooks in Antigravity CLIai

    A Developer's Guide to Agent Hooks in Antigravity CLI

    Motivation To be quite honest, "Hooks"—the shell commands we trigger at specific points...

    T
    Tanaike
    Tactical vs. Strategic Agentic AI Development — A Playbook for Developersagents

    Tactical vs. Strategic Agentic AI Development — A Playbook for Developers

    The Strategic Engineer: Why Writing Code Is No Longer Your Most Valuable Skill ...

    A
    Adewumi Saheed Adewale

    Stay up to date

    Get the latest CoPilot prompts, rules, and resources delivered to your inbox weekly.

    Neura Market LogoNeura Market

    Discover the best AI prompts, plugins, and resources for CoPilot and more.

    Content Types

    • Rules
    • Prompts
    • MCPs
    • Agents
    • Guides

    Platforms

    • ChatGPT Directory
    • Claude Directory
    • Gemini Directory
    • Cursor Directory
    • Grok Directory
    • Perplexity Directory
    • DeepSeek Directory
    • CoPilot Directory
    • Stable Diffusion Directory
    • Midjourney Directory
    • All Directories

    Resources

    • Blog
    • Documentation
    • Help Center
    • Marketplace

    Legal

    • Privacy Policy
    • Terms of Service

    © 2026 Neura Market. All rights reserved.

    |

    Not affiliated with any AI platform vendors.