Politico: US officials increasingly treat Mythos and GPT-5.5 as national-security hacking risks

Anthropic’s Mythos and OpenAI’s GPT-5.5 are now being discussed in Washington less as general-purpose chatbots than as restricted cyber tools. Politico reported on May 24 that researchers who tested both systems in controlled settings described their hacking capabilities as a “game-changer,” with some warning the models are improving faster than expected. The article said agencies, congressional committees, banks and regulators have been seeking access in recent weeks as they assess how to defend critical networks. Anthropic and OpenAI have both limited access to the most cyber-capable versions of the systems. ### Why are Mythos and GPT-5.5 being treated differently from earlier AI models? The U.K. AI Security Institute said on April 30 that GPT-5.5 was “one of the strongest models” it had tested on cyber tasks and the second model to complete its corporate network attack simulation end-to-end. AISI said an earlier snapshot of Anthropic’s Claude Mythos Preview had already marked a step up over previous frontier models and was the first to finish that same multi-step exercise. (politico.com) Politico reported that nine cyber researchers and tech leaders who had experimented with Mythos and GPT-5.5 in controlled settings reached the same conclusion: the tools were advancing much faster than anticipated. Lee Klarich, chief product and technology officer at Palo Alto Networks, told Politico of Mythos, “It was very clear to me that this was going to be a game-changer.” (aisi.gov.uk) ### What do the tests actually show? AISI said GPT-5.5 achieved an average 71.4% pass rate on expert-level tasks in its advanced cyber suite, compared with 68.6% for Mythos Preview, 52.4% for GPT-5.4 and 48.6% for Opus 4.7. The institute said those tasks covered vulnerability research and exploitation, including reverse engineering, web exploitation and cryptography. (politico.com) Politico reported that Anthropic said at Mythos’ launch last month that the model had already found “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” Isaac Evans, chief executive of Semgrep, told Politico that Mythos “exceeded our expectations” and showed “an uncanny ability around exploit generation.” (aisi.gov.uk) ### Why has this become a government issue? Politico reported that the models’ performance has led government agencies, congressional committees, banks and regulators to seek access so they can secure networks before adversaries obtain similar capabilities. The article framed the concern as national-security related because the same capabilities that help defenders identify weaknesses could also be used to automate parts of offensive hacking. (politico.com) CNBC reported on May 7 that Anthropic’s Mythos debut had already drawn attention from government officials and investors. CNBC said Anthropic CEO Dario Amodei met senior Trump administration officials about the model, and that Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent met major U.S. bank CEOs to discuss Mythos last month. (politico.com) ### Are these tools publicly available? OpenAI said on May 7 that GPT-5.5-Cyber was rolling out in limited preview to vetted cybersecurity teams. The company said the cyber-specific version was trained to be more permissive on security-related tasks and was intended for workflows such as vulnerability identification, patch validation and malware analysis. (cnbc.com) Politico reported that Anthropic and OpenAI have kept testing of their frontier models limited to small groups of trusted organizations because of the systems’ advanced cyber capabilities. Axios separately reported on May 5 that GPT-5.5 was already nearing Mythos’ performance in hacking-related tests, narrowing any early lead Anthropic appeared to hold. (cnbc.com) ### What does this change for companies using frontier AI? OpenAI and Anthropic are now being judged not only on model performance but on who gets access, under what controls and with what audit trail. That follows directly from the restricted rollouts described by both companies and from the government interest Politico and CNBC reported. (politico.com) The next concrete step is continued limited deployment. OpenAI said vetted teams can use GPT-5.5-Cyber in preview, while Anthropic has continued to keep Mythos with selected organizations as outside researchers and officials press for broader defensive access. (cnbc.com)