Singularity.Kiwi

AI progress, with honesty.
New Zealand cybersecurity operations center with global network connections and Mythos AI interface, dramatic blue and green lighting, documentary style
News 8 June 2026

NZ Finally Gets Mythos: Cyber Watchdog Joins Anthropic's Elite Hacking AI Club

NZ's cyber watchdog confirmed access to Mythos through Project Glasswing, weeks after being told it wasn't in the club. The deputy DG won't rule out using it offensively.

NCSCAnthropicMythosProject GlasswingCybersecurity

New Zealand’s National Cyber Security Centre confirmed on June 5 that it has received access to Anthropic’s Mythos — the frontier AI model so powerful at hacking that Anthropic won’t release it publicly. The access comes through Project Glasswing, Anthropic’s cybersecurity initiative now distributed to 150 organisations worldwide, up from the smaller US-only group that received it in April.

What changed — and why it matters

Just ten days ago, our report on NZ’s position noted that NZ was not part of Project Glasswing and was “scrambling to catch up.” Now it’s in — invited by Anthropic “earlier this week,” according to NCSC deputy director-general Catriona Robinson.

Why it matters: NZ went from outside the Glasswing circle to inside it in under two weeks. That’s either a remarkable diplomatic turnaround or a sign that Anthropic needed to expand fast — Mythos found over 10,000 vulnerabilities in its initial rollout, and the patching crisis is global. Every day a country doesn’t have Mythos access is a day its infrastructure is more exposed.

The offensive question

Robinson told RNZ’s Midday Report that Glasswing was “set up as an industry collaboration” for defensive purposes — testing vulnerable software before general release.

But when pressed on whether Mythos could be used offensively, she didn’t rule it out:

“The capabilities that AI tools such as Anthropic create, certainly they inform offensive as well as defensive capabilities. As I said, our intent in joining Glasswing is for a cyber security, cyber defence mandate.”

That’s a diplomatic non-denial. Mythos finds vulnerabilities — the same vulnerabilities that could be exploited by attackers. Understanding where the cracks are is defensive. Exploiting them is offensive. The NCSC says its mandate is defence, but the technology doesn’t distinguish.

Trump’s AI security order — same week

The news coincided with US President Donald Trump signing an executive order on Tuesday requiring AI companies to voluntarily provide the federal government access to “covered frontier models” for cybersecurity review up to 30 days before planned release to “other trusted partners.”

That’s a significant shift from May, when Trump pulled back from signing a similar order, saying it might hold the US back. The new order focuses on “hardening” information systems and requesting — not mandating — pre-release access.

NZ’s Glasswing membership gives it a seat at a table that’s increasingly shaping global AI security norms. Whether that seat comes with real influence, or just observer status, depends on how Anthropic structures the expanded Glasswing programme.

Australia got there first

Australia received Mythos access last week as part of the same Glasswing expansion. Both Five Eyes nations are now inside the tent, though the NCSC was careful to frame its participation as purely about understanding the threat landscape.

The investment angle: Anthropic and OpenAI are both pursuing IPOs at trillion-dollar-plus valuations. Mythos — which Anthropic literally cannot release — is being positioned as a strategic asset for national security. That’s not a coincidence. When your most dangerous product doubles as a geopolitical bargaining chip, your valuation thesis writes itself.

The patching reality

The NCSC’s advice to NZ organisations was straightforward: patch frequently, limit attack surfaces, review vulnerability management processes, and monitor extensively. It’s sound advice. It’s also what they were saying before Mythos existed.

The difference now is that NZ has the same tool that found 10,000+ vulnerabilities globally — including a 27-year-old bug in OpenBSD that humans had missed for nearly three decades. Whether NZ’s infrastructure benefits from those discoveries depends entirely on how quickly the NCSC can operationalise Mythos findings.

🔍 THE BOTTOM LINE

NZ went from outside the Glasswing club to inside it in under two weeks — either fast diplomacy or Anthropic expanding because the threat landscape demands it. The deputy DG won’t rule out offensive use, which is honest but uncomfortable. Meanwhile, Trump’s new executive order and the Glasswing expansion signal that frontier AI security is becoming a geopolitical issue, not just a technical one. NZ has a seat at the table now. What it does with it matters.

Q: What does this mean for NZ?

NZ now has the same hacking AI that found 10,000+ vulnerabilities worldwide. The NCSC can use it to find and patch weaknesses in NZ’s critical infrastructure before hostile actors do — but only if they can act on findings fast enough.

Q: What changed from the last story?

In our May 28 report, NZ was not part of Project Glasswing. Anthropic invited NZ to join during the week of June 2, expanding Glasswing from a small US group to 150 organisations globally.

Q: Can Mythos be used offensively?

Robinson wouldn’t rule it out. The NCSC’s stated intent is defensive, but the same vulnerability-finding capability that helps defenders also informs offensive operations. This is the fundamental dual-use problem with frontier cybersecurity AI.

Sources: RNZ, ABC Australia, Council for Foreign Relations, Financial Times

Related Articles