A U.K. government agency has found that OpenAI’s newest artificial intelligence model can autonomously carry out complex cyberattacks. It also cracked a reverse-engineering challenge in just over 10 minutes—a task that took a human security expert roughly 12 hours.
The AI Security Institute (AISI), a research body within Britain’s Department of Science, Innovation and Technology, published findings Thursday. The report shows that GPT-5.5 ranks among the strongest models evaluated for offensive cyber capabilities, putting it roughly on par with Anthropic’s Claude Mythos.
Complex attack simulations
The report found GPT-5.5 is the second model to complete AISI’s most demanding test. That test is a 32-step simulated corporate network attack called “The Last Ones.” The model completed it autonomously in two out of 10 attempts. The first model to achieve the milestone was Anthropic’s Claude Mythos Preview, which completed the simulation in three of 10 tries.
The corporate network simulation was built with cybersecurity firm SpecterOps. It requires an agent to chain together reconnaissance, credential theft, and lateral movement across multiple Active Directory forests. The agent must also execute a supply-chain pivot through a CI/CD pipeline and exfiltrate a protected internal database. AISI estimates these steps would take a human expert around 20 hours.
Reverse-engineering feat
Perhaps the most striking result involved a difficult reverse-engineering puzzle. GPT-5.5 solved the challenge in 10 minutes and 22 seconds, at a cost of $1.73 in API usage. The task required reconstructing a custom virtual machine’s instruction set, writing a disassembler from scratch, and recovering a cryptographic password through constraint solving. A human expert, using professional tools, needed approximately 12 hours.
On AISI’s battery of advanced cybersecurity tasks, GPT-5.5 achieved a 71.4% pass rate on the most difficult “Expert” tier. That edges out Mythos Preview at 68.6% and significantly surpasses GPT-5.4 at 52.4%.
Implications and safety concerns
The findings carry big implications for AI development. AISI concluded that GPT-5.5’s performance suggests rapid improvement in cyber capabilities may be part of a general trend, not an isolated breakthrough. It warned that if offensive cyber skill emerges as a byproduct of wider improvements in reasoning, coding, and autonomous task completion, further advances could arrive quickly.
The report also flagged significant concerns about the model’s safety guardrails. Researchers identified a universal jailbreak that elicited harmful content across all malicious cyber queries tested, including in multi-turn agentic settings. The attack took six hours of expert red-teaming to develop. OpenAI updated its safeguard stack afterward, but a configuration issue prevented AISI from verifying whether the final version was effective.
AISI cautioned that its evaluations were conducted in a controlled research environment. They do not necessarily reflect what is accessible to ordinary users. Public deployments include additional safeguards and access controls.
Broader cybersecurity landscape
The report lands against a worrying backdrop for British cybersecurity. The U.K. government’s annual Cyber Security Breaches Survey, also published Thursday, found that 43% of businesses suffered a cyber breach or attack in the past 12 months.
In response, the government announced £90 million in new funding to boost cyber resilience. It said it is moving forward with the Cyber Security and Resilience Bill to protect essential services. Officials also published guidance urging organizations to prepare for a potential surge in newly discovered software vulnerabilities as AI accelerates how quickly security flaws can be found and weaponized.
