Singularity.Kiwi

AI progress, with honesty.
A server room with Australian and New Zealand flags on monitors, blue cybersecurity lighting, photojournalistic style, dramatic shadows
News 4 June 2026

Australia Gets Mythos — and NZ Should Be Paying Attention

Australia's cyber defenders now have Mythos. NZ doesn't. In a Five Eyes alliance where intelligence is shared, this access gap raises uncomfortable questions about NZ's cybersecurity readiness.

AnthropicMythosCybersecurityAustraliaNew Zealand

Australia Gets the World’s Most Powerful Cybersecurity AI — NZ Watches From the Sidelines

Anthropic has expanded access to its Mythos model to Australian organisations defending critical infrastructure, making Australia one of the first countries outside the US to receive the frontier AI cybersecurity tool. The move, announced June 3 under the expansion of Project Glasswing, grants up to 150 new organisations across 15+ countries access to Mythos — and Australia is firmly on the list.

New Zealand isn’t.

What Project Glasswing Actually Does

Project Glasswing is Anthropic’s early access programme for Mythos-class models, specifically scoped to organisations defending critical infrastructure. The model’s core capability is finding software vulnerabilities at a speed and scale that human teams simply cannot match. Mozilla credited Mythos with finding thousands of vulnerabilities in Firefox. Microsoft’s MDASH scanner, built on similar AI vulnerability-finding technology, discovered four critical remote code execution flaws in Windows.

But Mythos access is tightly controlled. Organisations must be defending power, water, healthcare, communications, financial services, or national security systems. Participants can disclose their involvement, but the programme is designed to keep the tool out of the wrong hands — and Anthropic has been explicit that it expects other AI companies to release similar models, with fewer safeguards.

Why Australia and Not NZ?

The answer is likely a combination of scale and urgency. Australia has a larger cybersecurity ecosystem, more critical infrastructure operators, and a government that has been actively courting Anthropic for months. In May, ABC News reported that Anthropic’s “dangerous” Mythos model was fuelling the Australian government’s desire to lure the company to establish a local presence.

Australia also has the Australian Cyber Security Centre (ACSC), a well-resourced national cybersecurity agency with direct links to Five Eyes intelligence sharing. The argument for giving Mythos to Australian defenders is straightforward: they have the infrastructure and the mandate to use it effectively.

The Five Eyes Problem

Here’s where it gets uncomfortable for New Zealand. Under the Five Eyes intelligence-sharing alliance (US, UK, Canada, Australia, NZ), cybersecurity intelligence is supposed to flow freely between partners. If Australia uses Mythos to discover vulnerabilities in critical infrastructure — say, a flaw in a SCADA system that controls power grids — that information should, in theory, be shared with NZ’s Government Communications Security Bureau (GCSB).

But there’s a meaningful difference between receiving a vulnerability report from Australia and having your own defenders use the tool that found it. Mythos doesn’t just find vulnerabilities — it helps defenders understand the attack patterns, prioritise remediation, and anticipate related weaknesses. That institutional knowledge doesn’t transfer in a PDF.

As the AFR reported in April, Australia was itself “exposed to hackers by lack of access” to Mythos. Now it has access. NZ, which faces similar threats to its energy, banking, and healthcare infrastructure, still doesn’t.

What This Means for NZ’s Cyber Posture

The GCSB’s 2025 Cyber Threat Report identified that NZ’s critical infrastructure faces increasing risk from state-sponsored actors and ransomware groups. Without Mythos-class tools, NZ defenders are working with a significant capability gap compared to their Australian counterparts.

This isn’t hypothetical. The same day Mythos access was announced for Australia, researchers at the University of Toronto’s CleverHans Lab demonstrated that free, open-weight AI models can power self-adapting worms that spread across networks exploiting known vulnerabilities per device. Every connected device is a target, and the cost of building such attacks is approaching zero.

NZ’s options are limited but clear:

  1. Pursue Glasswing access directly — Anthropic hasn’t ruled out expanding to more countries. NZ could make a case based on Five Eyes participation and critical infrastructure needs.
  2. Lean harder on Australia — If Five Eyes intelligence sharing actually works, Mythos-discovered vulnerabilities affecting NZ infrastructure should be flagged through ACSC → GCSB channels.
  3. Invest in alternatives — Build domestic AI cybersecurity capability, though this is expensive and slow compared to getting access to an existing frontier model.

The Bigger Picture

Anthropic’s expansion of Mythos access is happening against a backdrop of escalating AI-powered cyber threats. The Trump administration signed an executive order on June 2 specifically focused on AI-enabled cybersecurity defence. The U of Toronto AI worm research dropped the same day. The cybersecurity arms race is no longer theoretical.

For NZ, the message is stark: the countries defending their infrastructure with frontier AI are pulling ahead. The countries that aren’t are accumulating risk.

❓ Frequently Asked Questions

Q: What is Project Glasswing? Project Glasswing is Anthropic’s early access programme for its Mythos-class AI models, specifically for organisations defending critical infrastructure. Access is tightly scoped to power, water, healthcare, communications, financial services, and national security sectors.

Q: Could NZ get Mythos access through Five Eyes? Intelligence sharing happens between Five Eyes partners, but there’s a meaningful difference between receiving vulnerability reports and operating the AI tool yourself. NZ would need its own Glasswing access for domestic defenders to use Mythos directly against NZ-specific infrastructure.

Q: How serious is the AI cybersecurity threat? Serious enough that the University of Toronto just demonstrated AI-powered self-adapting network worms, and the Trump administration signed an executive order specifically about AI-enabled cyber defence. The threat isn’t theoretical — it’s operational.

🔍 The Bottom Line

Australia just got the most powerful AI cybersecurity tool on the planet. NZ didn’t. In the Five Eyes alliance, that access gap is both a strategic vulnerability and a test of whether intelligence-sharing actually works when frontier AI is involved.

Sources

Sources: iTnews, AFR, Information Age ACS, Anthropic

Related Articles