Singularity.Kiwi

AI progress, with honesty.
Two chess pieces facing each other across a digital cybersecurity maze, dramatic overhead lighting
News 2 May 2026

GPT-5.5 Matches Mythos on Cybersecurity — And Altman Calls the Fear Marketing What It Is

GPT-5.5 solved a Rust binary challenge in 10 minutes for $1.73. Altman called Anthropic's bomb-shelter pitch 'incredible marketing.' The moat isn't the model — it never was.

OpenAIGPT-5.5AnthropicMythosAI Cybersecurity

When Anthropic locked Claude Mythos behind “Project Glasswing” — accessible to just 11 handpicked organisations — the message was unmistakable: this model is too dangerous for the public. A cybersecurity weapon. A bomb, if you will.

The UK’s AI Security Institute just tested GPT-5.5 on the same benchmarks. It scored 71.4% on expert-level cybersecurity tasks, edging out Mythos Preview’s 68.6%. The difference is within the margin of error.

The bomb, it turns out, is not unique to one company’s lab.

The Numbers Don’t Lie

AISI ran both models through 95 cybersecurity tasks across four difficulty tiers, built with firms Crystal Peak Security and Irregular. The advanced suite tests real vulnerability research and exploitation — reverse engineering stripped binaries, developing reliable exploits for stack and heap overflows, recovering keys through padding-oracle attacks, winning TOCTOU races in privileged code paths.

On the expert-level tasks:

  • GPT-5.5: 71.4% (±8.0%)
  • Mythos Preview: 68.6% (±8.7%)
  • GPT-5.4: 52.4% (±9.8%)
  • Opus 4.7: 48.6% (±10.0%)

The overlap in confidence intervals means you can’t declare a winner. But the conclusion is clear: this level of cybersecurity capability is now a frontier model property, not an Anthropic feature. As AISI put it, GPT-5.5’s performance “suggests [Mythos’s capability] was likely not ‘a breakthrough specific to one model’ but rather ‘a byproduct of more general improvements in long-horizon autonomy, reasoning, and coding.’”

Translation: any sufficiently capable model will get here. The dam is breaking.

The Rust Challenge: 10 Minutes, $1.73

The most striking detail from AISI’s evaluation: GPT-5.5 solved a brutal Rust binary reverse-engineering challenge in 10 minutes and 22 seconds for $1.73 in API costs. A human expert took 12 hours on the same challenge.

The task — contributed by Crystal Peak — required reverse-engineering a custom virtual machine implemented in a stripped Rust binary, building a disassembler from scratch (no off-the-shelf tooling exists for custom VMs), reversing the authenticator’s password-check logic, and solving the resulting constraint problem. GPT-5.5 did all five phases autonomously: reconnaissance, ISA recovery, bytecode disassembly, authenticator reversing, and constraint solving.

A human expert — using Binary Ninja, gdb, Python, and Z3 — needed 3–6 hours just for the disassembler. GPT-5.5 did it in under a minute.

This is not theoretical capability. This is a model that, given a shell, can own systems faster than your coffee cools.

Altman’s Bomb Shelter

Sam Altman didn’t mince words. On the Core Memory podcast, he described Anthropic’s restricted release strategy in terms that cut right through the safety rhetoric:

“It is clearly incredible marketing to say, ‘We have built a bomb. We are about to drop it on your head. We will sell you a bomb shelter for $100 million to run across all your stuff, but only if we pick you as a customer.’”

He’s not wrong about the structure of the pitch. Anthropic positions Mythos as uniquely dangerous, then sells restricted access as the solution. The AISI data now undermines the “unique” part. If GPT-5.5 is just as capable, the moat isn’t the model — it’s the marketing.

But let’s be clear about something Altman isn’t saying: OpenAI is doing the exact same thing with GPT-5.5-Cyber, a variant “purposely fine-tuned for additional cyber capabilities and with fewer capability restrictions,” available only through their own Trusted Access program. Altman announced on Thursday that the initial release would be limited “to critical cyber defenders in the next few days.”

Both companies are building exclusive clubs. Anthropic just marketed theirs louder.

Why It Matters for NZ

Three takeaways that don’t get enough airtime locally:

  1. The capability is commoditising. When two models from different labs hit 70% on expert cybersecurity tasks within weeks of each other, that’s not a breakthrough — that’s a trend. NZ cybersecurity firms should assume frontier-level offensive capability will be accessible through APIs within months, not years.

  2. “Restricted access” is a sales funnel, not a safeguard. Both Anthropic and OpenAI are using cybersecurity risk to justify gatekeeping — and charging for the privilege. NZ organisations shouldn’t confuse restricted access with responsible governance.

  3. We still have no local framework. The NZ government hasn’t updated its AI guidance since 2023. While the UK AISI is doing real evaluation work, NZ has no equivalent testing body. If GPT-5.5 can solve a Rust binary in 10 minutes, what can it do to NZ’s aging infrastructure?

We called this out last month when AISLE showed that small open-weight models could replicate much of Mythos’s cybersecurity capability. The trend is accelerating. The moats are drying up. The question isn’t whether AI cybersecurity capability will be widely available — it’s whether anyone’s preparing for when it is.

🔍 The Bottom Line

GPT-5.5 matching Mythos on cybersecurity isn’t a surprise — it’s a confirmation. Frontier AI capability is converging across labs, and the “too dangerous to release” framing is increasingly a competitive strategy dressed in safety clothing. Altman’s bomb-shelter critique hits the target, even as he builds his own fortress next door.

The real story isn’t which model is marginally better at hacking. It’s that the bar for “dangerous AI capability” is now a floor, not a ceiling — and every frontier model from here on will clear it.

Sources

Sources: UK AISI, Ars Technica, Business Insider, Core Memory Podcast

Related Articles