The UK AI Security Institute just published their evaluation of Anthropic's Claude Mythos Preview, and the numbers are sobering. The model nailed 73% of expert-level capture-the-flag challenges, a category where zero models could score before April 2025. The bigger headline: Mythos Preview is the first AI to complete "The Last Ones," a 32-step simulated corporate network attack designed to take human red teamers about 20 hours. It finished the full chain in 3 of 10 attempts, averaging 22 steps across all runs. The next-best model, Claude Opus 4.6, managed just 16 steps on average. Independent testing by Noah Lebovic, a former Anthropic employee, lines up with what AISI found. Using his Autopen tool, Lebovic showed that current models can autonomously discover critical vulnerabilities in real-world systems, including banks, AI labs, and electronic health records. He estimates AI has expanded the pool of people capable of finding and exploiting serious security issues from tens of thousands to tens of millions. A 1000x increase. But the evaluations have real limitations worth understanding. The test environments have no active defenders. There's no penalty for tripping security alerts. Vulnerability density is intentionally higher than you'd find in a real enterprise network. Hacker News commenters flagged all of this. Mythos Preview also failed the "Cooling Tower" operational technology range entirely, getting stuck on the IT portions. And here's the part that should worry people: performance kept scaling up to the 100 million token budget AISI tested, meaning we probably haven't hit the ceiling. For the AI agent space, the signal is clear. Autonomous multi-stage cyber offense is no longer a research question. The models can do it right now, today, on vulnerable targets. AISI says their next evaluations will add active monitoring, endpoint detection, and incident response. That's the test that actually matters for understanding real-world risk.