Private corporations Anthropic and OpenAI are developing artificial intelligence models, Mythos and GPT-5.5, that demonstrate advanced hacking capabilities, with the UK’s AI Security Institute finding Mythos can fully take over a corporate network in six out of 10 attempts and GPT-5.5 in three out of 10 tries. British AI Minister Kanishka Narayan stated that cyber capabilities in leading AI systems are advancing much faster than expected. These developments pose a direct threat to critical infrastructure and public services, while the companies behind the technology actively promote its power.
Anthropic and OpenAI have spent the last month actively touting the hacking capabilities of their new artificial intelligence models. Researchers with access to these tools confirm that the companies are not exaggerating their power. Nine top cyber researchers and tech leaders who have experimented with Mythos and GPT-5.5 in controlled settings concluded that the tools are advancing much faster than anticipated and will fundamentally alter the digital security landscape.
Lee Klarich, chief product and technology officer at cybersecurity company Palo Alto Networks, described testing Mythos as a “game-changer,” adding it was “more [powerful] than I thought it was going to be.” Isaac Evans, CEO of cybersecurity company Semgrep, stated Mythos “exceeded our expectations,” noting its “uncanny ability around exploit generation” in specific cases. Evans further remarked that some observers described Mythos as capable of generating “a SolarWinds every quarter,” referencing the 2020 breach of U.S. federal agencies that affected over 18,000 organizations.
Jonathan Trull, chief information security officer of IT security company Qualys, which is testing GPT-5.5, observed that the model “can basically do what your most advanced app security engineer can do,” indicating a potential for deskilling or displacement of highly skilled labor. Cloudflare Chief Security Officer Grant Bourzikas noted in a blog post that Mythos can both identify vulnerabilities and write code to exploit them, marking a “real step forward” for advanced AI technology. Broadcom, after testing Mythos against its own software code, described its findings as “jolting” in a report published last month, stating, “We are learning things that appear unlikely to ever have been uncovered by human researchers alone.”
Anthropic, at the time of Mythos’ announcement last month, acknowledged that the model had “already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” The company warned that the consequences of releasing this technology could be “severe” for global economies, public safety, and national security.
Capital's New Frontier
Despite these warnings, the development and promotion of these advanced AI tools continue, driven by the imperative of capital accumulation. The companies have kept testing of their frontier AI models limited to small groups of trusted organizations, maintaining control over access to these powerful cyber capabilities that have outpaced publicly available digital tools and even the most skilled human minds. This controlled environment ensures that the benefits of this technological leap remain concentrated among a select few.
The State's Role in Securing Capital
Government agencies, congressional committees, banks, and regulators have been clamoring for access to these tools in recent weeks. Their stated aim is to secure critical networks—including those of financial institutions and essential public services like water facilities, hospitals, and telecommunication networks—before rival capital blocs or “adversaries” acquire the technology for cyberattacks. Concerns are rising that China and other nations could soon develop their own advanced AI tools, with China reportedly launching an industrial-scale campaign to copy American AI technology through “distillation attacks.” This reflects an escalating technological arms race between competing imperial powers.
The Trump administration is acutely aware of these dangers and is working with tech companies, government agencies, and critical infrastructure groups to deploy these tools. However, President Donald Trump abruptly postponed signing an executive order earlier this week that would have established a voluntary process for tech companies to submit certain AI models to the federal government for testing. Former AI czar David Sacks raised concerns about the executive order stifling innovation with Trump at the last minute, plunging the process into chaos. Trump told POLITICO on Friday that he had “many” concerns about the draft executive order, specifically worrying it was “inhibiting the industry,” clearly prioritizing the unfettered growth of tech capital over regulatory oversight.
The Illusion of Reform
The proposed “solutions” to this escalating threat remain firmly within the framework of managing contradictions rather than addressing their root causes. The executive order, even if signed, would establish only a voluntary process, allowing tech companies to largely self-regulate. While some suggest advanced AI tools could be a “game-changer” for cyber officials in securing critical networks, allowing coders to check for bugs before release, this perspective is contested. Klarich suggested a “future state” of “more secure products,” but Evans countered, stating, “These model developments mainly are advantages for attackers rather than defenders.” This highlights the inherent contradiction of relying on the same profit-driven technological development to both create and solve the problems it generates, ensuring a perpetual cycle of threat and response that benefits those who control the technology and its countermeasures.