The UK AI Security Institute (AISI) has delivered a watershed announcement: frontier AI models have crossed a critical threshold in cyber offensive capabilities. In evaluations conducted throughout April 2026, both Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 achieved what the Institute calls “The Last Ones” (TLO) range—a 32-step corporate network simulation that previously required 20 hours of human red-teaming to complete.
What the Benchmarks Reveal
The TLO range simulates a complete cyber offensive operation: from initial reconnaissance through to full domain takeover. Notably, the benchmark operates without active defenders or defensive tooling—meaning these results represent capability ceiling in ideal conditions rather than efficacy against hardened targets.
Claude Mythos Preview demonstrated the most striking results, completing the full end-to-end operation in 3 out of 10 runs, with a 73% success rate on expert-level individual tasks. GPT-5.5 followed closely with 2 successful end-to-end solves and 71.4% expert-task performance.
Perhaps more significant than the absolute results is the velocity of progress. AISI estimates that frontier cyber-offense capability is now doubling every four months—accelerating from a seven-month doubling rate observed at the end of 2025. The implication is stark: AI-driven offensive cyber operations are no longer a distant prospect.
Market Disruption Ahead
The cybersecurity market is pricing this reality with notable delay. Static signature-based and rules-based vendors face an existential challenge—their defensive moats are being outpaced by AI-powered offensive loops that render traditional detection methods increasingly obsolete. Integrated extended detection and response (XDR) platforms like CrowdStrike, Palo Alto Networks, and Microsoft Defender retain a potential advantage through their orchestration layers, but only if they ship AI-native architectures rather than retrofitting legacy stacks.
The public market continues to treat the broader cyber sector as an AI laggard until proven otherwise—a posture that may prove costly as the capability gap widens.
What This Means
These results do not yet prove that frontier models can successfully penetrate real-world hardened networks with active defenders. However, the trajectory is unmistakable. Organizations dependent on traditional security perimeters should treat the AISI findings as a forward warning: the window for transitioning to AI-augmented defense is narrowing.
As the Institute itself noted, current benchmarks are failing to adequately discriminate between frontier models—suggesting that the next generation of evaluations will need adversarial defensive layers to provide meaningful capability assessments.
Sources: UK AI Security Institute, Air Street Press State of AI May 2026