UK AI Security Institute
UK government body evaluating frontier AI safety; confirmed Anthropic Mythos can sustain 20 hours of autonomous attack work in April 2026.
Last refreshed: 16 April 2026 · Appears in 1 active topic
What did the UK safety body find when it tested Anthropic's restricted Mythos model?
Timeline for UK AI Security Institute
Published independent evaluation on 15 April confirming Mythos attack-chaining but refuting single-task superiority
AI: Jobs, Power & Money: AISI confirms Mythos 20-hour attack chainMentioned in: Anthropic drops ASL, expands Glasswing partners
AI: Jobs, Power & MoneyMentioned in: BoE flags agentic AI systemic risk
AI: Jobs, Power & MoneyMentioned in: Dimon: JPMorgan displaced workers from AI
AI: Jobs, Power & Money- What did AISI find in its Claude Mythos evaluation?
- AISI found Mythos has no single-task superiority over competitors but can autonomously complete a 32-step attack chain estimated to take a trained human 20 hours. CTF scores were above 85%.Source: UK AI Security Institute (via Results Sense)
- What is the UK AI Security Institute and what does it do?
- AISI was established after the 2023 Bletchley Park AI Safety Summit to independently evaluate frontier AI models. It has privileged access to unreleased models and publishes results for policymakers.Source: UK Department for Science, Innovation and Technology
- Why did the US Treasury hold an emergency meeting about AI in April 2026?
- The Bessent-Powell meeting on 8 April was convened over AI cybersecurity risks federal agencies could not verify. AISI's 15 April evaluation confirmed the concern: Mythos can sustain 20 hours of autonomous attack work.Source: UK AI Security Institute
- Is Claude Mythos better than GPT-5.4 at hacking?
- Not on single tasks — AISI found GPT-5.4 within 5 to 10 percentage points of Mythos on isolated CTF benchmarks. The Mythos advantage is in chained autonomous operations across 32+ steps.Source: UK AI Security Institute
Background
The UK AI Security Institute (AISI) published an independent evaluation of Anthropic's Claude Mythos Preview on 15 April 2026, providing the first external confirmation that the model's attack-chaining capability is genuine. On isolated capture-the-flag tasks Mythos scored above 85%, with GPT-5.4, Claude Opus 4.6 and Codex 5.3 all within 5 to 10 percentage points — no single-task superiority claimed. The significant finding was in AISI's 32-step "Last Ones" benchmark: Mythos autonomously completed an operation the Institute estimates would require a trained human roughly 20 hours, confirming durable autonomous execution.
AISI was established in November 2023 after the first international AI Safety Summit at Bletchley Park, under the UK Department for Science, Innovation and Technology. Its mandate is to evaluate frontier models for safety risks before or after deployment, with privileged access to unreleased systems. The April 2026 Mythos evaluation tested a model Anthropic had withheld from public release, demonstrating that access. The Institute works alongside the National Cyber Security Centre and international counterparts including the US AI Safety Institute.
For this beat, the AISI finding closes a loop opened by the Bessent-Powell emergency meeting of 8 April, which Treasury and the Federal Reserve convened over AI cybersecurity risks they could not themselves verify. The 20-hour autonomous-operation benchmark is the first independent confirmation that the convening was warranted on substance. The UK has a standing independent evaluator publishing results; the US has ad hoc emergency convening with no public follow-up document.