UK AISI: autonomous AI cyber capabilities double every 4.7 months — Claude Mythos Preview and GPT-5.5 are the first to solve cyber ranges

The UK AI Safety Institute (AISI) published a report on May 13, 2026, providing the first empirical measurement of the pace at which autonomous cyber capabilities of frontier AI models are advancing. The main finding: the length of cyber tasks models can autonomously solve doubles every 4.7 months as of February 2026 — and recent models significantly exceed this trend.

What are cyber time horizons benchmarks?

AISI developed a formal methodology measuring the length of cyber tasks AI models can autonomously complete, compared with expert completion times. The approach uses:

• A narrow cyber suite with tasks requiring vulnerability identification and exploitation
• A 2.5M token budget per task to ensure comparability across different models
• An 80 % success rate threshold for reliability measurements
• Two cyber ranges that simulate enterprise network attacks

The approach is similar to ARC-AGI-style benchmarking, but applied to the security domain rather than general reasoning. The “4.7-month doubling” figure was calculated from longitudinal tracking of frontier models from late 2024 onward.

Which frontier models were tested?

Claude Mythos Preview is the first model to solve both cyber ranges:

• The Last Ones: 60 % success rate
• Cooling Tower: 30 % success rate

GPT-5.5 solved The Last Ones at a 30 % success rate. Other models from late 2024 through early 2026 were tracked with a clear progression — each successive frontier release moves the cyber capability frontier significantly forward.

The gap between Claude Mythos and GPT-5.5 on the same benchmark (60 % vs 30 % on The Last Ones) is a significant signal — Anthropic’s Mythos Preview, currently a gated research preview for defensive cybersecurity work, is clearly specifically tuned for cyber tasks.

What does “doubling every 4.7 months” mean in practice?

Assume a frontier model can currently autonomously solve a 30-minute cyber task (e.g., exploiting one identified vulnerability). The trajectory:

• Now (May 2026): 30 min
• October 2026 (+4.7 mo): 60 min
• February 2027 (+9.4 mo): 120 min
• June 2027 (+14.1 mo): 240 min (4 hours)
• November 2027 (+18.8 mo): 480 min (8 hours = a full working day)

In practice: within 18 months, frontier AI will autonomously perform cyber tasks that take a skilled human a full working day. This crosses the threshold where AI stops being a “tool for experts” and becomes an “autonomous actor” in both offensive and defensive cyber operations.

What policy implications does AISI highlight?

The institute explicitly emphasizes that organizations must invest in strong security baselines now because rapid advancement creates opportunities and risks for defenders and attackers alike. Concrete recommendations:

• Consult UK National Cyber Security Centre (NCSC) guidance on AI-assisted vulnerability discovery
• Implement a defense-in-depth approach that does not rely on “AI cannot do that” assumptions
• Continuously monitor frontier AI capability progression for timely updates

Position in the broader AI safety discourse

The announcement fits into the dramatic agentic safety/reliability wave of 2026: arXiv FATE (May 12, 33.5 % attack reduction), arXiv History Anchors (May 13, 91–98 % unsafe shift), arXiv Sycophantic Consensus (May 15), Microsoft Research AI Delegation (May 15, 19–34 % degradation), arXiv GraphFlow (May 15, formal verification approach). The UK AISI cyber report adds a regulator/state-level perspective to the same underlying problem: frontier AI systems have emerging capabilities that current alignment and safety approaches cannot guarantee to block.

Anthropic Mythos Preview status (gated research preview since April 2026) is a strategic signal — Anthropic has clearly identified that the defensive cybersecurity application deserves a special trade-off between restricted access and full open release. UK AISI results provide the empirical foundation for that decision.