UK AISI: Claude Mythos compromises corporate networks 6/10 vs GPT-5.5's 3/10, after finding 10,000+ zero-days

AISI's red-team report is the most concrete public benchmark yet on offensive cyber capability of frontier models. In a controlled corporate-network takeover scenario, Mythos succeeded 60% of the time vs. GPT-5.5 at 30% — not an academic delta when the failure mode is full domain admin. Combined with Anthropic's own disclosure that Mythos found 10,000+ zero-days in Project Glasswing, this is the strongest evidence to date that offensive capability has decisively outpaced patch cadence.
Mechanically, Mythos operates as an agentic pentester: long-horizon planning, tool use across recon/exploitation/persistence, and the ability to chain CVEs into novel attack paths. Claude Security, the defensive sibling now in public beta on Opus 4.7, has reportedly patched 2,100+ enterprise vulnerabilities — Anthropic is explicitly trying to ship offense and defense in lockstep so the net effect is positive.
Competitive context: this is the first time a national AI safety institute has published head-to-head numbers between two frontier labs on a dual-use capability, and Washington is paying attention — Politico's piece flags growing congressional scrutiny. It also reframes the Anthropic/OpenAI rivalry from 'who has the better coder' to 'who has the more dangerous agent.'
What to watch: whether AISI's methodology is reproducible (Anthropic and OpenAI will both push back on scenario realism), whether CISA picks up the 10,000 zero-days for coordinated disclosure, and whether this report becomes the template the EU AI Office uses for its own pre-deployment evaluations. Security teams should treat the 6/10 figure as a planning assumption, not a worst case.