In a significant advancement in artificial intelligence capabilities, Anthropic’s Claude Mythos has outperformed OpenAI’s GPT-5.5 in a novel assessment of exploiting real-world vulnerabilities within Google Chrome. This benchmark, known as ExploitBench, was unveiled recently during Infosecurity Europe 2026 by Bugcrowd, a cybersecurity firm that collaborated with experts from Carnegie Mellon University and leading researchers focused on Chrome vulnerabilities.
The ExploitBench framework, introduced in May 2026, aims to provide a comprehensive evaluation of AI models’ ability not just to identify vulnerabilities but also to exploit them effectively. David Brumley, the chief AI and science officer at Bugcrowd, stressed that this benchmark represents the first independent effort to gauge actual exploitative capabilities of AI models. Brumley noted that Anthropic was among the first organizations to engage with this innovative framework, highlighting its commitment to pushing the boundaries of AI’s applicability in cybersecurity.
According to the findings presented at the event, Anthropic’s Mythos demonstrated a superior performance compared to GPT-5.5 during head-to-head testing. Brumley emphasized how the competing AI models are increasingly bridging the gap with elite human researchers, a compelling indicator of how rapidly AI capabilities are evolving. Unlike previous binary tests that merely assessed whether exploitation led to a crash, the ExploitBench employs a multi-tiered evaluation process. This enables it to score the degree of successful exploitation, ranging from initial exploitation attempts to the successful execution of arbitrary code against a vulnerable build of V8, the JavaScript/WebAssembly engine that powers several platforms, including Google Chrome and Microsoft Edge.
In the performance evaluations shared, Mythos achieved an impressive average score of 9.90 out of a possible 16 and reached the highest tier for 21 out of 41 vulnerabilities tested. In stark contrast, GPT-5.5 managed an average score of only 5.51, securing the top tier on just two occasions. Brumley provided a specific example, stating that Mythos could exploit a newly discovered vulnerability in Chrome about 50% of the time, showcasing its proficiency in handling zero-day vulnerabilities. He highlighted the potential monetary rewards from Google for identifying such vulnerabilities, noting that the tech giant could pay up to $10,000 for successfully addressing a flaw without prior exploitation methods known.
Brumley praised Anthropic’s model for discovering exploits that even seasoned hackers had overlooked, calling it an impressive feat. However, he also pointed out that while GPT-5.5’s performance is currently lagging behind, its broader accessibility allows more stakeholders to utilize it in the development of exploits. This democratization of technology raises important questions about the potential for misuse.
The introduction of frontier large language models has already demonstrated their capability to accelerate the discovery of software vulnerabilities at scale. Yet, the critical question remains whether these discoveries can be converted into consistent and actionable exploits, a concern that the ExploitBench seeks to address. Brumley elaborated that measuring the varying stages of an exploit is vital for accurately assessing models’ true exploitation capabilities, rather than relying on superficial failure or success metrics.
Despite the promising advancements observed, both Brumley and Bugcrowd’s CEO, Dave Gerry, cautioned against complacency. They highlighted the need for vigilance as automation and AI technologies are being woven into adversarial practices, thereby increasing the efficiency with which vulnerabilities can be weaponized. While ExploitBench showcases the potential of AI in this realm, Brumley emphasized that it only reflects specific vulnerability types, meaning the results cannot be generalized across all applications.
Michael Price, vice president of product engineering at VulnCheck, echoed these sentiments, emphasizing that AI models have not yet reached the level of reliability required for mass exploitation. He stated that while AI’s planning and execution capabilities are improving, they are still not at a point where they can be relied upon for effective large-scale exploitation. Price offered a tempered view: while models are expected to improve incrementally, substantial advancements might still be a few years away.
As discussions surrounding AI’s role in exploitation continue, both Brumley and Gerry voiced the urgent need for defenders to enhance their remediation processes to keep pace with the speed of potential threats. Gerry highlighted that the rapidly diminishing “zero-day clock” necessitates innovative, AI-driven remediation strategies at scale. He called for organizations to rethink their remediation frameworks so that vulnerabilities can be addressed in near-real-time rather than languishing in ticket queues.
The dual objectives of measuring exploitation capabilities and enhancing remedial actions were a shared focus for both leaders. They stressed that as the landscape of exploits evolves, companies must adopt context-aware intelligence to prioritize critical vulnerabilities for remediation before they can be weaponized by adversaries.
In closing, Brumley suggested that organizations could expect forthcoming announcements that would focus on leveraging AI models to identify and possibly rectify vulnerabilities at scale, thus allowing human developers to concentrate on higher-risk areas of their work. As the fields of AI and cybersecurity continue to converge, the stakes become higher, calling for both innovation in offensive capabilities and proactive defense mechanisms.