On the hardest category of a 95-task evaluation suite, "GPT-5.5 scored 71.4% against Mythos Preview's 68.6%," a gap AISI described as falling within the margin of error — a specific tally that underlines what the United Kingdom's AI Security Institute (AISI) called a tipping point: two different frontier models now reach broadly equivalent offensive cyber capability.
AISI benchmarks: GPT-5.5 and Anthropic's Mythos Preview show matched capability
The United Kingdom's AI Security Institute ran both OpenAI's GPT-5.5 and Anthropic's Mythos Preview through a 95-task cybersecurity evaluation. On that hardest category GPT-5.5 scored 71.4% and Mythos Preview scored 68.6%, with AISI noting the difference is within the margin of error. Both models substantially outperformed GPT-5.4, which scored 52.4% on the same suite.
AISI summarized the result bluntly: "A second model, from a different developer, now reaches a similar level of performance on our cyber evaluations." The institute added a projection: if those capability gains stem from broad improvements in reasoning and autonomous task execution rather than targeted cyber development, "we should expect further increases in cyber capability from models in the near future, potentially in quick succession."
The Last Ones simulated intrusion: speed, repeatability, and the human baseline
AISI also deployed The Last Ones, a 32-step simulated corporate network intrusion created with SpecterOps. The scenario spans four network segments and roughly twenty machines. AISI estimates a skilled human expert would take about 20 hours to complete every task.
By contrast, the models sometimes finished much faster but inconsistently: GPT-5.5 completed the end-to-end intrusion in two of ten attempts; Mythos Preview did so in three of ten. Those results portray capability at scale but also variability in reliability — a performance profile that the raw cyber scores do not fully capture.
Safeguards red team: a universal bypass and an incomplete verification
AISI's red team testing of GPT-5.5's defensive controls found "a universal bypass that worked across every malicious cyber query OpenAI had provided, including in multi-step automated settings." OpenAI subsequently updated its safeguard stack in response.
However, AISI could not confirm whether the changes closed the gap because "a configuration issue in the version AISI received prevented the institute from verifying whether the changes held." Separately, OpenAI's internal classification labels GPT-5.5 a "high" cybersecurity risk — meaning it can amplify existing attack pathways — but stops short of "critical," the firm's threshold for models that would enable entirely new routes to severe harm.
ARC Prize Foundation: novel reasoning exposes brittle learning patterns
Benchmarking beyond conventional cyber tasks, the ARC Prize Foundation evaluated model reasoning in unfamiliar environments using ARC-AGI-3. That framework places models into 135 handcrafted environments where no prior training data applies and the model must discover rules through trial and error, then transfer what it learns to the next level.
On ARC-AGI-3, GPT-5.5 scored 0.43 out of 1.0; Anthropic's Opus 4.7 scored 0.18. The two models failed in different ways: GPT-5.5 "produced multiple competing interpretations of each environment but could not settle on one," while Opus 4.7 "formed working theories quickly but locked onto wrong ones and did not revise them." The ARC Prize summed the contrasts: "Opus had the wrong compression," and "GPT-5.5 failed to compress." In both cases, what a model learned in one level did not reliably transfer to the next, exposing a brittle generalization problem that the cybersecurity metrics alone do not reveal.
What this means for technologists, policymakers, and affected enterprises
- Technologists and security teams: AISI's results indicate similar offensive capability across two different developer stacks and a demonstrated universal bypass in red-teaming. Teams will examine model outputs, update detection and response playbooks, and treat these models' outputs as higher-fidelity inputs to intrusion attempts — while noting the models' inconsistent end-to-end reliability in repeated runs.
- Policymakers and regulators: The combination of AISI's parity finding and OpenAI's internal "high" cybersecurity-risk classification will be salient when assessing whether regulation or mandatory safety standards should address rapidly improving, broadly capable models rather than single-source products. AISI's warning that capability gains may come as a byproduct of general improvements frames a regulatory timing challenge.
- Affected enterprises and procurement leaders: The Last Ones results — completion by models in minutes in some runs versus roughly 20 hours for a skilled human — underscore a changing threat calculus for defenders and for buyers of AI tools. Procurement and risk assessments will need to account for both a model's potential to accelerate attack chains and its demonstrated brittleness in novel reasoning tasks.
The empirical picture is stark and two-sided: two different labs now produce models that hit similar cyber-performance levels, yet both show brittle reasoning when faced with novelty. AISI's inability to verify OpenAI's post-red-team fixes because of a configuration issue leaves a practical question open: have safeguards kept pace with offensive parity, or will the next round of model updates further raise the ceiling of accessible cyber capability? The facts from AISI and the ARC Prize Foundation leave that question squarely in view.
Source: GPT-5.5, Mythos Reach Hacking Parity, But Reasoning Falters — GovInfoSecurity




