CyberGym benchmark reveals massive AI hacking leap

// 2h agoBENCHMARK RESULT

CyberGym benchmark reveals massive AI hacking leap

New results from UC Berkeley’s CyberGym benchmark show frontier models like GPT-5.5 and Claude Mythos achieving over 80% success in autonomous vulnerability reproduction. The framework, which spans 1,507 real-world tasks, has already helped agents discover 35 new zero-day vulnerabilities.

// ANALYSIS

CyberGym is graduating from a research project to the definitive metric for agentic security capabilities, effectively becoming the "SWE-bench" of offensive research.

–Frontier models have jumped from ~12% to over 80% success in less than a year, signaling a breakthrough in long-horizon reasoning and codebase navigation.
–The discovery of 35 zero-days in major libraries like OpenSSL proves that AI agents can now outperform traditional fuzzing and human review in specific contexts.
–High performance on CyberGym was reportedly a key factor in Anthropic's decision to gate "Mythos," illustrating how benchmarks are now driving safety policy.
–The shift to execution-based eval (requiring a working PoC) prevents "data contamination" leaks that plague static security benchmarks.
–Microsoft’s MDASH now leads the leaderboard at 88.45%, demonstrating the efficacy of multi-agent architectures in complex security tasks.

// TAGS

cybergymbenchmarksecurityagentllmevaluationuc-berkeleyai-coding

DISCOVERED

2h ago

2026-05-15

PUBLISHED

2h ago

2026-05-15

RELEVANCE

9/ 10

AUTHOR

Wes Roth

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

BENCHMARK2h ago

Microsoft MDASH tops CyberGym with 100+ agents

Microsoft's Multi-model Agentic Scanning Harness (MDASH) coordinates over 100 specialized AI agents to automate the discovery and verification of software vulnerabilities. The system currently leads the UC Berkeley CyberGym benchmark with an 88.45% success rate, significantly outperforming Anthropic’s Mythos and OpenAI’s GPT-5.5 in generating functional proof-of-concept exploits.

SECURITY2h ago

Claude Mythos uncovers macOS kernel exploit

Anthropic's unreleased Claude Mythos model assisted security researchers in discovering a critical privilege escalation vulnerability in macOS 26. The exploit bypasses Apple’s Memory Integrity Enforcement on M5 hardware, leading to a major security update for the Tahoe operating system.

SECURITY4h ago

Mullvad exit IPs enable user fingerprinting

Mullvad VPN's deterministic IP assignment, based on WireGuard public keys, allows observers to correlate user identities across different server locations with over 99% accuracy.