Indonesian Political, Business & Finance News

New Threat Looms, Many Countries Already Anxious

| Source: CNBC Translated from Indonesian | Technology
New Threat Looms, Many Countries Already Anxious
Image: CNBC

Officials in the UK and US governments have cautioned bosses of major banks to be alert to a new threat, following the emergence of Anthropic’s latest AI model named ‘Mythos’. The model is feared to facilitate the exploitation of system vulnerabilities, thereby accelerating fraudulent activities. Anthropic itself has decided to delay the widespread release of Mythos for the time being due to concerns over the impact of this advanced technology.

To assess the sophistication of Mythos, the AI Security Institute (AISI) conducted a comprehensive evaluation of the system launched on 7 April 2026. The results indicate that Mythos represents a significant improvement over previous leading models.

AISI has been tracking AI cyber capabilities since 2023 and has developed increasingly complex evaluation systems to keep pace with AI advancements, ranging from chat-based probing and ‘capture-the-flag’ challenges to multi-stage cyber attack simulations, as detailed in its latest report.

“Two years ago, the best available models could barely complete beginner-level cyber tasks. Now, in controlled evaluations where Mythos is explicitly directed and given network access to do so, we observe that it can execute multi-stage attacks on vulnerable networks,” states the AISI report, quoted from its official website on Tuesday (14/4/2026).

Mythos is assessed as capable of autonomously discovering and exploiting vulnerabilities. In comparison, similar tasks can take human professionals days to complete.

Capture-the-Flag (CTF) Results

In CTF challenges, the AI model must identify and exploit weaknesses in target systems to capture hidden ‘flags’.

A graph produced by AISI shows Mythos’s performance across its CTF series compared to other models. On professional-level tasks, Mythos Preview succeeded 73% of the time.

Those professional-level tasks could not be completed by any model before April 2025.

Cyber Scope Results

Expert-level CTFs only test specific skills in isolation. Real-world cyber attacks require a sequence of dozens of steps across multiple hosts and network segments.

These operations are persistent and can take human experts hours, days, or weeks to complete.

As a first step in measuring this, AISI built ‘The Last Ones’ (TLO), a 32-step corporate network attack simulation encompassing initial reconnaissance to full network takeover.

“We estimate it would take a human 20 hours to complete,” writes AISI.

Mythos is described as the first model to complete TLO from start to finish in 3 out of 10 attempts. In all its trials, the model completed an average of 22 out of 32 steps. Claude Opus 4.6 is the second-best performing model, completing an average of 16 steps.

Mythos Weaknesses

Mythos also exhibited some limitations in cyber capabilities within AISI’s evaluation constraints. Mythos could not complete AISI’s cyber trial focused on operational technology (OT), namely ‘Cooling Tower’, although this result does not necessarily indicate that the model is poor at executing attacks in OT environments.

“We estimate that performance on our evaluations will continue to improve with more inference compute: we ran cyber trials with a budget of 100 million tokens; Mythos Preview’s performance continued to improve up to this limit, and we expect performance improvements to continue beyond it,” states the AISI report.

Impact of Mythos’s Emergence

Mythos’s success in one cyber security simulation environment demonstrates that the system is capable of autonomously attacking small companies’ systems. The small companies in question are those with weak defences and vulnerabilities prone to exploitation.

However, AISI emphasises that its simulation environment has significant differences from real-world environments. The simulation lacks security features typically present in real settings, such as active defence systems and defence devices.

There are also no penalties for the model taking actions that would trigger security alerts. Thus, it cannot yet be confirmed whether Mythos can attack well-protected systems.

AISI states that cyber security evaluations must evolve. As AI capabilities continue to advance, evaluation environments lacking defences will no longer be sufficiently challenging to distinguish the most capable models in cyber security or assess trends.

“Our future work will involve evaluating capabilities using simulation environments that mimic fortified and protected settings, including simulations with active monitoring, endpoint detection, and real-time incident response. We will also track how AI-supported vulnerability discovery and penetration testing campaigns perform on real-world systems,” explains AISI.

AISI’s testing shows that Mythos can exploit systems with weak security postures, and it is likely that more models with such capabilities will be developed.

“This highlights the importance of cyber security basics, such as regular security updates, strong access controls, secure configurations, and comprehensive logging,” writes AISI.

AISI’s counterparts at the National Cyber Security Centre (NCSC) run the Cyber Essentials scheme to help organisations protect themselves from common online threats, whether AI-assisted or not.

AISI asserts that advanced models in the future will be even more capable, thus emphasising the need now for investment in perimeter

View JSON | Print