New benchmark shows Claude Mythos and GPT-5.5 can develop real browser exploits autonomously - the-decoder.com

Detailed Analysis

A newly published benchmark has revealed that frontier AI models, including Anthropic's Claude Mythos and OpenAI's GPT-5.5, are capable of autonomously developing functional browser exploits — meaning working attack code targeting real vulnerabilities in web browser software, not merely theoretical or simulated demonstrations. The benchmark represents a formal, structured effort to measure the offensive cybersecurity capabilities of large language models, and its findings place two of the most capable contemporary AI systems squarely within territory previously requiring skilled human security researchers to navigate. The ability to produce exploits that function against actual browser infrastructure marks a meaningful threshold in AI capability assessment.

The significance of this development lies in the distinction between assisted and autonomous exploit development. Prior evaluations of AI security capabilities generally showed models could help human researchers understand vulnerabilities, suggest patches, or work through capture-the-flag (CTF) challenges in constrained environments. Autonomous, end-to-end exploit generation against real targets — without continuous human guidance — represents a qualitative leap. Browser exploits are particularly consequential because browsers constitute one of the most widely deployed and adversarially targeted software surfaces, making demonstrated capability at this level a serious concern for both enterprise and consumer security postures.

This finding connects directly to ongoing debates within the AI safety community about dual-use capability thresholds and the adequacy of existing model safeguards. Both Anthropic and OpenAI maintain usage policies explicitly prohibiting assistance with offensive cyber operations, and both companies employ pre-deployment capability evaluations designed to identify dangerous emergent behaviors. The benchmark results suggest that whatever mitigations are embedded in current model deployments, the underlying capability exists and is measurable — raising questions about whether behavioral guardrails alone are sufficient to prevent misuse by adversarial actors who may seek to elicit or circumvent those restrictions through jailbreaking or fine-tuning.

The broader trend underlying this benchmark is the rapid compression of the timeline between AI research milestones and capabilities that carry real-world risk. For years, autonomous cyberattack capability was discussed as a future concern; its formal benchmarking in 2026 signals that it has arrived as a present one. This places the AI industry, policymakers, and the cybersecurity community under renewed pressure to develop technical and governance frameworks commensurate with capability levels that models are now demonstrably reaching. Evaluations of this kind, conducted transparently and published openly, serve an important function in forcing that reckoning — even as they simultaneously risk providing a capability roadmap to malicious actors.