CyberGym

CyberGym is the AI cybersecurity benchmark at the centre of Anthropic's claims for Claude Mythos Preview. The model scored 83.1% on CyberGym's vulnerability reproduction test, compared to 66.6% for Anthropic's previous top model , a gain of 16.5 percentage points that Anthropic cited as evidence of Mythos' autonomous cyberattack capability when restricting its release to twelve Glasswing partners on 8 April 2026. Tom's Hardware subsequently noted that the "thousands of zero-days" claim rested on only 198 manual reviews, and that many flagged vulnerabilities were in outdated software no longer in active use.

CyberGym is a standardised evaluation framework designed to test whether AI models can autonomously reproduce known software vulnerabilities , essentially measuring how capable a model is at replicating offensive cyberattack techniques from descriptions of existing exploits. It is used by AI safety researchers and security firms to benchmark progress in AI's offensive capabilities.

The benchmark's prominence in the Mythos announcement highlights a growing tension in AI safety research: the same metrics used to demonstrate a model's offensive potential are also the evidence base regulators and policymakers rely on to justify emergency governance responses. CyberGym's score drove the Treasury-Fed emergency meeting and the Glasswing access restrictions; its methodology is now under public scrutiny.