Skip to content
You can now search across every topic, entity and event.What's new
AI: Jobs, Power & Money
17JUL

AISI confirms Mythos 20-hour attack chain

3 min read
14:01UTC

The UK AI Security Institute's independent evaluation of Claude Mythos Preview found no single-task superiority over rival models, but confirmed a genuine autonomous capability: a 32-step attack chain equivalent to 20 hours of trained-human work.

EconomicDeveloping
Key takeaway

AISI confirmed Mythos can run 20 hours of trained-human work autonomously, the capability that most directly substitutes for salaried labour.

The UK AI Security Institute (AISI) published an independent evaluation of Anthropic's Claude Mythos Preview on 15 April 2026. On isolated capture-the-flag (CTF) tasks, Mythos scored above 85%, but rival frontier models, GPT-5.4, Claude Opus 4.6 and Codex 5.3, fell within 5 to 10 percentage points. No single-task superiority. In AISI's 32-step "The Last Ones" benchmark, however, Mythos autonomously completed a sequence the Institute estimates would take a trained human roughly 20 hours, without human prompting between steps.

AISI is the UK government body established to evaluate the safety of frontier AI models; its evaluation is the first external assessment of Mythos since Anthropic distributed restricted access to twelve founding partners under Project Glasswing on 8 April . Anthropic's marketing had emphasised thousands of zero-day vulnerabilities discovered by the model; Tom's Hardware on 9 April reported those claims rested on only 198 manual reviews . AISI's CTF findings partly vindicate that critique: Mythos is not dramatically more capable than competitors at short, bounded tasks.

The attack-chaining result is the capability that matters. Sustained autonomous execution over 32 steps and roughly 20 hours is the operational profile a trained human analyst, paralegal or junior engineer currently provides inside a bank, law firm or software team. It is also the profile the Scott Bessent and Jerome Powell emergency convening of Wall Street CEOs at Treasury on 8 April was called to assess . Treasury and The Fed convened promptly on a capability that federal agencies could not themselves verify; AISI's 20-hour-human-equivalent figure is the first external confirmation the convening was warranted on substance.

For the workforce implication, the relevant dimension is not Mythos's cybersecurity reach but its ability to replace trained-human throughput at chain-of-task scale. That capability is what JPMorgan CEO Jamie Dimon described in February when he told the bank's investor meeting that AI has led to internal redeployment, covered elsewhere in this update. Every original Glasswing partner, and the additional five named in Anthropic's 7 April system card, will have to integrate the attack-chain profile into internal risk frameworks during live deployment.

The evaluation was accessed via a third-party summary from Results Sense rather than AISI's primary publication, so specific scores should be verified against the Institute's direct release when it becomes available. The methodology point, however, is solidly established: Mythos's material advantage is durability, not speed, and durability is the AI capability that most directly substitutes for salaried human labour.

Deep Analysis

In plain English

A UK government body called the AI Security Institute tested Anthropic's most advanced AI model, Mythos, and found that it can independently complete a complex cybersecurity attack across 32 separate steps; work that would take a trained human about 20 hours. This confirms a capability distinct from the headline claims: chaining together a full 32-step attack sequence autonomously, rather than finding a single flaw. This matters for jobs because the same autonomous multi-step capability that can conduct a security attack can also conduct many complex knowledge-work tasks without human oversight.

Deep Analysis
Root Causes

The attack-chaining capability that AISI confirmed is structurally distinct from any prior evaluation framework because it is an emergent property of model scale rather than a designed feature.

Existing regulatory frameworks (including the EU AI Act's high-risk classification system and the US Executive Order 14110 reporting requirements) were designed around discrete capabilities such as facial recognition accuracy and loan decision bias. They have no measurement category for 'sustained multi-step autonomous execution' as a risk dimension.

The ASL abandonment in Anthropic's own system card (event index 6) formalises this: capability thresholds cannot capture emergent attack-chaining because the capability arises from combining individually non-dangerous steps. This is the same structural challenge that makes nuclear non-proliferation frameworks inadequate for dual-use biotechnology: the dangerous capability is not in any single component.

First Reported In

Update #6 · Three federal surveys, one 34-to-1 gap

UK AI Security Institute (via Results Sense)· 16 Apr 2026
Read original
Different Perspectives
Stanford's 'We Must Act Now' signatories
Stanford's 'We Must Act Now' signatories
More than 200 academics, including 16 Nobel laureates, published a 13 July letter warning of AI-driven labour disruption, citing Daron Acemoglu's NBER estimate that AI's total factor productivity gain stays under 0.66% over ten years. The letter's own cited economics sit well below Goldman Sachs Research's 1.5-percentage-point estimate published the same week.
Germany / the Bundesrat
Germany / the Bundesrat
Germany's Bundesrat acted on the EU AI Act's employment provisions on 10 July, more than a year ahead of the Act's 2 December 2027 enforcement deadline. Germany is moving on statutory AI-employment disclosure while the US Congress and Federal Reserve have no equivalent instrument.
Indian IT services sector (TCS, HCLTech, Wipro)
Indian IT services sector (TCS, HCLTech, Wipro)
TCS cut 19,271 roles and HCLTech cut 3,292 in the same reporting week that Wipro's headcount rose by 888 under its own zero-fresher-hiring pledge for FY27. The divergence shows attrition, not layoffs, is how India's outsourcers absorb AI-driven project compression while their net headcount numbers stay ambiguous.
Federal Reserve
Federal Reserve
Barr said on 14 July there is little evidence of AI displacement, citing a 43-versus-10 adoption gap by education; Cook said the next day the dire predictions have not come to fruition, her text carrying none of the bond-spread language she used in May. The Fed reads AI's labour effect through national aggregates, where four banks' cuts remain statistically invisible.
Barclays
Barclays
Barclays economist Pooja Sriram flagged a 28,000-a-month bleed in finance and information roles the same week Microsoft disputed that AI drove its own 4,800 cuts. The bank treats Challenger's AI-attribution share as a lagging indicator against faster erosion visible in raw labour-market data.
European Commission
European Commission
Brussels deferred the Digital Omnibus's Annex III employment-compliance deadline from 2 August 2026 to December 2027, even as California advanced three binding AI-hiring bills the same week. The 17-month delay leaves EU workers without the algorithmic-hiring safeguards the regulation already promises.