Anthropic and OpenAI advanced AI models demonstrate unprecedented hacking capabilities, raising cyberattack concerns

Anthropic's Claude Mythos and OpenAI's GPT-5.5 have demonstrated the ability to identify and exploit software vulnerabilities at a pace exceeding human experts, according to nine cybersecurity researchers and tech leaders who tested the models in controlled settings. The findings, reported by POLITICO, have prompted warnings from industry officials and government agencies about the potential for these tools to be used in devastating cyberattacks.

Lee Klarich, chief product and technology officer at Palo Alto Networks, said of testing Mythos: "It was very clear to me that this was going to be a game-changer." He added, "I would actually say if you asked me today, it's more [powerful] than I thought it was going to be then." Isaac Evans, CEO of cybersecurity company Semgrep, said Mythos "exceeded our expectations." Evans noted that some described Mythos as capable of generating "a SolarWinds every quarter," referring to the 2020 Russian government breach of U.S. federal agencies that affected more than 18,000 organizations worldwide. Jonathan Trull, chief information security officer of Qualys, which is testing GPT-5.5, said the model "can basically do what your most advanced app security engineer can do."

The UK's AI Security Institute tested both models and found that Mythos can fully take over a corporate network in six out of 10 attempts, while GPT-5.5 could do the same in three out of 10 tries. British AI Minister Kanishka Narayan said in a statement: "Cyber capabilities in leading AI systems are advancing much faster than we expected." Cloudflare Chief Security Officer Grant Bourzikas stated in a blog post published this week that Mythos can identify vulnerabilities and write code to exploit them, marking a "real step forward" for advanced AI technology. Cybersecurity firm Broadcom, which has been testing Mythos against its own software code, described its findings as "jolting" in a report published last month, adding: "We are learning things that appear unlikely to ever have been uncovered by human researchers alone."

Mythos bypassed Apple security for its MacOS system in days, as reported by The Wall Street Journal last week. Rep. Lou Correa (D-Calif.), a member of the House Homeland Security Committee, told POLITICO after emerging from a closed-door briefing from Anthropic earlier this month that Mythos broke into his bank account with ease. Anthropic said at the time of its announcement last month that Mythos had "already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," and warned that the consequences of setting this technology loose could be "severe" for global economies, public safety and national security.

President Donald Trump abruptly postponed signing an executive order earlier this week that would have established a voluntary process for tech companies to submit certain AI models to the federal government for testing. Former AI czar David Sacks raised concerns about the executive order stifling innovation with Trump at the last minute, plunging the process into chaos. Trump on Friday told POLITICO he had "many" concerns about the draft executive order, worrying it was "inhibiting the industry." It is unclear when the executive order will be signed.

Concerns are rising that China and other adversaries could soon develop their own advanced AI tools. China, in particular, has launched an industrial-scale campaign to copy American AI technology in so-called distillation attacks. The Trump administration is scrambling to work with tech companies, government agencies and critical infrastructure groups to figure out how to deploy these tools quickly and safely before the clock runs out. "The world has not really figured out what the implications will be, but certainly it seems like we can't go back," Evans said. "A lot more attention and dollars are going to have to be paid to security."