The result that should shake every CISO and board member is this: on AISI’s 32 step simulated corporate network attack called The Last Ones, Mythos Preview became the first model to complete the entire attack chain end to end, succeeding in 3 out of 10 attempts and averaging 22 of 32 steps across all runs. AISI also reported 73 percent success on expert level capture the flag tasks, which it said no model had achieved before April 2025.
That does not mean AI can now break into every hardened Fortune 500 network on demand. AISI is careful about that. Its test environment did not include active defenders, defensive tools, or penalties for behavior that would trigger alerts. But that limitation should not reassure anyone. It means the real lesson is not that the risk is overstated. It means the baseline capability of attackers is rising fast.
This is where cybersecurity leaders need to stop thinking in terms of isolated exploits and start thinking in terms of machine speed offensive workflows. Reconnaissance, vulnerability discovery, exploit chaining, privilege escalation, lateral movement planning, and persistence are increasingly being compressed into a faster and cheaper loop. Anthropic says Mythos Preview reflects a leap in cyber capability and has launched Project Glasswing to help secure critical software in response.
The business implication is enormous. More attackers will be able to operate with greater speed, better planning, and lower skill. The danger is not only elite nation state teams. It is also mid tier operators using powerful models to close the gap between mediocre tradecraft and competent offensive execution. That changes the economics of cyber offense in a way many enterprises are still underestimating.
AISI’s warning is especially important for weakly defended environments. The institute says Mythos Preview appears capable of autonomously attacking small, weakly defended, vulnerable enterprise systems after gaining access to a network. That should be a wake up call for organizations carrying patching backlog, weak identity controls, excessive privilege, flat internal networks, poor segmentation, and incomplete logging.
This is why minimum controls are no longer enough. The UK National Cyber Security Centre says Cyber Essentials is the minimum standard of cybersecurity recommended by the government for organizations of all sizes. Minimum is a floor, not a strategy. In an era of rapidly improving AI assisted offense, bare minimum cyber hygiene will not be enough to protect critical environments or sensitive data.
What enterprises should do now
First, close easy attack paths immediately. Patch internet facing assets aggressively, reduce exposed services, eliminate stale privileged accounts, and tighten access controls. The easier the path, the more AI can exploit it.
Second, assume attackers will chain weaknesses together. Security teams need to test for full attack paths, not just single issues in isolation. One moderate weakness plus another moderate weakness can become a major breach when an AI system can think across the chain.
Third, harden detection and response. Future evaluations will need active defenders and real monitoring in the loop. Enterprises should act now by improving telemetry, detection engineering, identity monitoring, and automated containment.
Fourth, govern AI agents and high capability models like privileged cyber actors. Limit scope, require approvals for sensitive actions, and preserve evidence. The fight ahead is not only human attacker versus firewall. It is governed machine action versus unmanaged machine action.
Fifth, test your own AI systems before deployment. This is where AI PQ Audit belongs. Enterprises should be evaluating their AI systems and agents for unsafe autonomy, misuse risk, excessive privilege, weak controls, and data leakage before those systems ever touch production.
My view is blunt: this report marks the point where the conversation should shift from curiosity to urgency. The question is no longer whether frontier AI can materially affect cyber operations. It already can. The real question is whether defenders will redesign security, governance, and assurance quickly enough to keep pace.
The organizations that act now will be stronger, faster, and more resilient. The ones that wait for a headline breach tied to autonomous AI will be defending from behind.