Frontier AI Can Now Execute Autonomous Cyberattacks

UK AI Security Institute data confirms frontier AI can now autonomously execute cyberattacks against enterprise networks. The pace is accelerating. (AI-generated image)

Frontier AI Can Now Execute Autonomous Cyberattacks. The Pace Is Accelerating.

Clayton Rifkind May 28, 2026

Key Takeaways

Frontier AI models can now autonomously execute cyberattacks against enterprise networks without human direction. Anthropic’s Mythos completed both of AISI’s simulated network attack exercises, including “Cooling Tower,” which no prior model had ever solved.
Autonomous cyber capability has doubled every 4.7 months since late 2024; Claude Mythos Preview and GPT-5.5 significantly exceeded that rate.
Defenders and attackers have access to the same tools. Cyber defenders already report significant advances in vulnerability discovery using recent models.
AISI warns that cyber attackers will soon gain access to the same frontier AI models that are currently limited to a small pool of large tech companies, government organizations, and cyber experts. The time for organizations to invest in strong security is now.

AISI published new data confirming that frontier AI models can autonomously complete cyberattacks against enterprise networks. The rate at which those capabilities are improving is accelerating.

This is not a theoretical risk. AISI’s most recent testing found that Mythos successfully completed autonomous attacks against two simulated enterprise networks in the majority of attempts. One of those networks, “Cooling Tower,” had never been solved by any prior model.

AISI measures this progress using “time horizon” benchmarks: the time it takes a frontier model to reliably complete a task on its own, compared to how long the same task would take a human cyber expert. Since late 2024, that capability has been doubling every 4.7 months, itself an acceleration from the 8-month doubling time AISI reported in November 2025. Two recent models, Claude Mythos Preview and GPT-5.5, substantially exceeded even that faster trend.

Currently, access to Mythos and GPT-5.5 is gated. Anthropic granted access to only a few dozen organizations, including big tech companies, cybersecurity firms, and U.S. and allied government organizations. OpenAI limits access to GPT-5.5 through its Trusted Access For Cyber program, vetting users to ensure security. Over time, cybercriminals will find ways to access these tools and exploit cyber vulnerabilities. AISI stresses the time to implement strong security governance is now.

AISI is developing tougher evaluation tools, including new cyber ranges with active defenses, to keep pace with model progress. The UK’s National Cyber Security Centre (NCSC) has published guidance on using AI models to find vulnerabilities.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.