Jack Paul 
The U.K. government’s AI Security Institute (AISI) published findings on Thursday showing that OpenAI’s newest model, GPT-5.5, can autonomously carry out complex cyberattacks. The model cracked a reverse-engineering challenge in just over 10 minutes that took a human expert roughly 12 hours.
Autonomous attacks on simulated networks
AISI found GPT-5.5 is the second model to complete its most demanding test: a 32-step simulated corporate network attack called “The Last Ones.” The model did so autonomously in two out of 10 attempts. The first model to achieve the milestone was Anthropic’s Claude Mythos Preview, which completed the simulation in three of 10 tries.
The corporate network simulation was built with cybersecurity firm SpecterOps. It requires an agent to chain together reconnaissance, credential theft, lateral movement across multiple Active Directory forests, a supply-chain pivot through a CI/CD pipeline, and finally the exfiltration of a protected internal database. AISI estimates a human expert would need around 20 hours for those steps.
A striking reverse-engineering feat
Perhaps the most striking result involved a fiendishly difficult puzzle. GPT-5.5 solved the challenge, which required reconstructing a custom virtual machine’s instruction set, writing a disassembler from scratch, and recovering a cryptographic password through constraint solving, in 10 minutes and 22 seconds. The cost was $1.73 in API usage. A human expert, using professional tools, needed approximately 12 hours.
On AISI’s battery of advanced cybersecurity tasks, GPT-5.5 achieved an average pass rate of 71.4% on the most difficult “Expert” tier. That edged out Mythos Preview at 68.6% and significantly surpassed GPT-5.4 at 52.4%.
Implications and safety worries
The findings carry pointed implications. AISI concluded that GPT-5.5’s performance suggests rapid improvement in cyber capabilities may be part of a general trend rather than an isolated breakthrough. The agency warned that if offensive cyber skill is emerging as a byproduct of wider improvements in reasoning, coding, and autonomous task completion, then further advances could arrive in quick succession.
The report also flagged significant concerns about the model’s safety guardrails. Researchers identified a universal jailbreak that elicited harmful content across all malicious cyber queries tested, including in multi-turn agentic settings. The attack took six hours of expert red-teaming to develop. OpenAI subsequently updated its safeguard stack, though a configuration issue prevented AISI from verifying whether the final version was effective.
AISI cautioned that its evaluations were conducted in a controlled research environment and do not necessarily reflect what is accessible to an ordinary user. Public deployments likely include additional safeguards and access controls.
Broader cybersecurity concerns
The report lands against a worrying backdrop for British cybersecurity. The U.K. government’s annual Cyber Security Breaches Survey, also published Thursday, found that 43% of businesses suffered a cyber breach or attack in the past 12 months.
In response, the government announced £90 million in new funding to boost cyber resilience and said it is moving forward with the Cyber Security and Resilience Bill to protect essential services. Officials also published guidance urging organizations to prepare for a potential surge in newly discovered software vulnerabilities as AI accelerates the pace at which security flaws can be found and weaponized.