GPT 5.5 Emerges as a Powerful Cyber Capable AI Model as New Evaluation Shows Major Leap in Multi Step Attack Simulations

According to the evaluation, GPT 5.5 stands out as one of the most capable models tested on a wide range of cybersecurity tasks. It is only the second model to successfully complete a full multi step cyber attack simulation from start to finish, a task that researchers estimate would take a human expert roughly 20 hours.

This milestone follows earlier results from Anthropic’s Claude Mythos Preview, which had previously been the first model to achieve such an outcome. The emergence of GPT 5.5 at a similar level suggests that improvements in cyber capabilities are no longer isolated breakthroughs but part of a consistent upward trajectory in AI development.

Researchers interpret this as evidence that gains in reasoning, coding ability, and long horizon autonomy are increasingly translating into stronger performance in cyber offensive tasks.

To assess performance, researchers used a structured suite of 95 cyber challenges designed in a capture the flag format. These tasks are divided into four difficulty tiers and test a wide spectrum of skills essential to modern cybersecurity.

The tasks cover areas such as reverse engineering, web exploitation, and cryptography. Basic tasks involve relatively contained problem spaces, such as extracting hidden information from network traffic or identifying weaknesses in simple encryption schemes.

However, the most revealing results come from the advanced task suite. These challenges are designed to reflect real world conditions and include significantly more complex environments with modern security protections. They require models to demonstrate capabilities such as:

On the most difficult expert level tasks, GPT 5.5 achieved an average success rate of 71.4 percent, outperforming several previous models. By comparison, Claude Mythos Preview achieved 68.6 percent, while earlier systems such as GPT 5.4 and Opus 4.7 scored significantly lower.

These results position GPT 5.5 among the top performing models in advanced cyber evaluation benchmarks.

While individual tasks measure isolated skills, real world cyber attacks require chaining together multiple steps across complex systems. To evaluate this, researchers used simulated environments known as cyber ranges.

One of the most demanding simulations is a scenario called “The Last Ones,” a 32 step corporate network attack environment developed in collaboration with SpecterOps. The simulation replicates a realistic enterprise intrusion involving multiple networks, systems, and security layers.

In this environment, the AI agent begins with no credentials and must independently execute a full attack chain. This includes reconnaissance, credential theft, lateral movement across networks, exploiting supply chain weaknesses, and ultimately extracting sensitive data.

GPT 5.5 successfully completed this entire sequence in two out of ten attempts, making it the second AI model ever to achieve this feat. Claude Mythos Preview completed the same simulation in three out of ten attempts.

These results were obtained using a large inference budget of 100 million tokens per attempt. Notably, researchers observed that performance continues to improve as more computational resources are allocated, with no clear plateau yet reached.

This suggests that future models or configurations could achieve even higher success rates.

A second simulation known as “Cooling Tower” focuses on industrial control systems, including a simulated power plant environment. This scenario involves fewer steps but requires specialised knowledge, including reverse engineering proprietary protocols and interacting with programmable logic controllers.

GPT 5.5 was unable to complete this simulation, and no AI model has yet succeeded in doing so. Interestingly, the model struggled primarily with traditional IT related steps rather than the industrial control system components themselves.

Researchers caution that current simulations do not fully reflect real world defensive conditions. The environments lack active defenders, detection systems, and the dynamic responses typically present in operational networks.

As a result, while the findings demonstrate strong capabilities in controlled settings, they do not necessarily indicate how these models would perform against hardened, actively defended systems.

Beyond capability testing, the evaluation also examined the effectiveness of safeguards designed to prevent malicious use of AI systems.

In controlled testing, researchers identified a universal jailbreak technique that could bypass safeguards and generate restricted cyber related content. This method was developed over six hours of expert red teaming and was effective across a range of malicious prompts, including multi step interactions.

Following these findings, OpenAI implemented updates to its safety mechanisms. However, due to a configuration issue in the version provided for testing, the AI Safety Institute was unable to independently verify the effectiveness of the final safeguard setup.

This highlights an ongoing challenge in AI deployment: ensuring that rapid advances in capability are matched by equally robust safety and control measures.

The emergence of GPT 5.5 level capabilities comes at a time when cyber threats are already widespread. According to the UK government’s latest Cyber Security Breaches Survey, 43 percent of businesses experienced a cyber breach or attack in the past year.

The integration of AI into cyber operations has the potential to significantly increase both the speed and scale of attacks. Automated systems capable of reasoning through complex vulnerabilities could lower the barrier to entry for attackers while amplifying the effectiveness of existing threats.

At the same time, these capabilities also present an opportunity for defenders. Organisations can use advanced AI tools to identify vulnerabilities, strengthen systems, and respond more quickly to emerging threats.

Recognising this dual use nature, governments are taking steps to prepare for the evolving landscape. Measures include new legislation aimed at strengthening digital resilience, increased funding for cybersecurity initiatives, and guidance for organisations on improving their defensive posture.

The findings from this evaluation point to a clear trend: cyber offensive capability is increasingly emerging as a byproduct of general advances in AI reasoning, coding, and autonomy.

As models continue to improve, researchers expect further gains in performance across cyber tasks, potentially arriving in rapid succession. This underscores the importance of proactive risk management, continuous evaluation, and collaboration between industry, academia, and government.

Future testing efforts are expected to focus on more realistic environments, including scenarios with active defenders and detection systems. These will provide a clearer picture of how AI models perform under real world conditions.

For now, GPT 5.5 represents a significant milestone. It demonstrates that advanced AI systems are not only becoming more capable in abstract reasoning but are also acquiring practical skills that can impact critical domains such as cybersecurity.

The challenge ahead lies in ensuring that these capabilities are directed toward strengthening security rather than undermining it.