Anthropic just dropped a number that should make every security team pay attention: 73%. That's the success rate Claude Mythos Preview achieved on expert-level capture-the-flag cybersecurity challenges—problems so difficult that no AI model had ever solved even one before April 2025.

The AI Security Institute ran the evaluation, and the results are exactly what you'd expect from a model Anthropic billed as their most capable yet. This isn't synthetic benchmark padding—this is real red-teaming against problems that take human security researchers days or weeks to crack.

Here's the uncomfortable part for the AI industry: UK regulators already know. Sources tell us they'll warn banks, insurers, and exchanges about security risks exposed by Claude Mythos Preview at a meeting in the next two weeks. The message will essentially be: these models are moving faster than your defenses, and you need to catch up.

That's not fearmongering—that's reality. When a model can autonomously find and exploit vulnerabilities at a 73% clip on expert-tier challenges, the threat model changes. We're not talking about jailbreak prompts or prompt injection curiosities anymore. We're talking about capabilities that parallelize and scale in ways human researchers can't.

Anthropic positioned this as a win, and technically it is. But the follow-on effects are already materializing. Beyond the UK, expect similar warnings from regulators in the EU, Japan, and eventually the US. The conversation is no longer whether AI poses cybersecurity risks—it's whether organizations can adapt faster than the models they're supposed to defend against.

The takeaway for enterprise security teams: your red-teaming protocols need to account for AI agents that can work 24/7, never get tired, and iterate faster than your team. The benchmark just moved. So did the floor.

Sources

Related